Module 8: ERM processes and structures

Question 1

What is the role of:

The second line of defence - the Chief Risk Officer, risk management team and the compliance team?

Answer 1

Accountable for establishing risk and compliance programmes programmes and policies, supporting and monitoring the line management and reporting to the Board.

Question 2

What is the role of:

The third line of defence - the Board and audit function?

Answer 2

Accountable for effective governance of the risk management process, setting risk management strategy, approving policies and ensuring that ERM is effective.

Question 3

What is the role of:

The first line of defence - line management staff in the business units?

Answer 3

Accountable for measuring and managing risk in individual business units on a daily basis (in line with the company’s stated risk appetite and risk policies).

Question 4

What areas might business seek structural change to be more robust and flexible?

Answer 4

FINANCIAL AREAS

OPERATIONAL AREAS

• e.g. to achieve greater flexibility, a strategic decision might be made to increase the use of outsourcing, e.g. of customer services, IT, distribution, production, etc.
• to increase both robustness and flexibility, a strategic decision might be made to:
• — spread operations over various sites/countries
• — shift distribution channels
• — move away from grouping individuals into specialist teams and operating more using multi-discipline project teams

Question 5

Companies should recognise the need to manage risk more effectively, for example: (2)

Answer 5

• using horizon scanning and early warning indicators - to identify new and emerging risks
• making structural changes - to make the company more robust and flexible

Question 6

5 Parts of a risk control cycle

Answer 6

IDENTIFICATION
Defining and recording all risks in a consistent way

ASSESSMENT
Considering / quantifying risks in the context of the risk appetite.

MANAGEMENT
Ongoing treatment of the risks

MONITORING
Continuous recording, review and reporting of risks, losses and effectiveness of treatments + external audit

MODIFICATION
Alter approach as business and risk environment changes.

Question 7

A company can use its knowledge of risk-adjusted returns to (5)

Answer 7

A good understanding of the risk / return profile of its business activities can help a company decide where its strengths lie and where it should compete.

In particular

• decide WHICH RISKS TO EMBRACE and which to mitigate
• decide which risky products and projects are undertaken
• determine the degree and type of RISK TRANSFER and hedging to use
• ALLOCATE CAPITAL efficiently
• manage its borrowing and GEARING RATIO

Question 8

Three lines of defence

Answer 8

Risk management decisions are made by 3 key groups:

• line management staff in the business units and support functions
• the CRO and the risk management and compliance functions
• the Board of Directors and audit function