Define risk profile
overall risk exposure currently faced by the organisation
Define ERM
- no 1 definition
- RM conducted throughout the organisation
- In a structured & consistent way
- considers all risks faced & their interactions
- integrates risk measures into business reporting
- allowing to influence strategic decisions
- CRF lead by CRO
Define risk appetite
Desired level of risk the organisation wishes to take on, on an on-going basis.
What is the risk profiling process
- Identify risks
- assess likelihood and impact
- Decide how to deal with risks
Describe the 5 ERM concepts
- Holistic approach
Consider enterprise as a whole - Upside and downside risks
Not just consider downside, seize opportunities - Quantify risks
Use to determine whether a risk is acceptable or not - Unquantifiable risks
Class into subjective categories
Nature of risk makes it difficult to assess - Respond to risks
When ID & measured, need to determine a response
What are the Benefits of ERM?
- better Risk reporting increase business efficiency - Improve business performance -- loss reduction -- uncertainty management -- performance optimisation
Board’s responsibility in ERM?
- define risk profile
- skill themselves to be able to successfully implement ERM strategies
- guiding decision as to the most appropriate approach to ERM for the organisation
- set direction, structure and culture
- approve suitable internal controls
- actively monitor risk reporting
What’s the line managers responsibility in ERM?
- implement board decisions
- set up processes for ERM
- integrate risk reporting into business reporting
- understand risks they are taking
- and extent of risk taking power
- supported with thorough documentation
Describe stakeholder management
Communicate effectively with stakeholders
Internal Comms to board and relevant committees
– they are fully aware of risks
– consistent “risk language” to ensure no risk is left out or doubled up
External Comms with regulator/ supervisory body
what are the 5 steps in RM Process?
ID risks faced
Risk analysis to quantify risks
Evaluating info-risks compared to limits
How to manage risks and implement actions
Monitoring processes - risks and management actions continually reviewed
What organisational structures help to set a good risk culture?
Set from the top
Codes of honesty and fair dealing
Clear organisational responsibility for the ID And management of risks
Every employee sees it as their job to ID new risks/ increases in risks
What are the main ideas to setting a good risk culture?
Consultative leadership Participation in decision-making Openness Accountability rather than blame Organisational learning Knowledge sharing Good internal communications
List the 5 aims of internal controls
Accurate and adequate record keeping
Prevent fraud and safeguard the company assets
Guarantee accuracy of financial statements
Respond to risks
Ensure compliance with law and legislation
Key to excellence in corporate governance
Communication with stakeholders Independence of board Board performance Board compensation arrangements *fairness *social responsibility
6 points that should be covered when a risk committee is set up
1 purpose 2 responsibility 3 membership 4 performance assessment 5 frequency of meetings 6 resources available
Outline an audit committees role?
Monitor integrity of financial statements
Monitor and review internal functions
- financial control
- risk management
- internal audit
Recommend, monitor and review external auditors
Responsibility of an internal audit function.
Check financial transaction information
Review risk management function
Monitor compliance with law and regulations
Check for system errors
Non-observance of internal governance
Examine key spreadsheets for errors
Examine procedures for paying insurance premiums on time and observance of insurance conditions
Responsibilities of an external Audit function
validation of the risk management function by a separate entity
- Maybe required by regulator
- Potentially provides an additional source of learning
List the types of bias
Intentional - deliberately underestimates a risk to achieve a specific personal goal
Unintentional - error due to lack of experience or time
how can bias be introduced into a project?
- insufficient care/time
- Key risk left out, intentionally or accidentally
- incorrect assumption about risk’s independence
- likelihood of disaster underestimated
- cash flows deliberately biased towards optimistic
- calculations / spreadsheets containing errors potentially leading to incorrect evaluations
What types of bodies can exercise supervision and control?
- Industry bodies
- Industry regulator
- Professional bodies
- Professional Regulator
- Government authority
What are the two different types of regulators?
Functional - different authorities oversee different actions
Unified - single regulator covers a range of actions
What considerations should be given to managing a relationship with a regulator?
- Their aims and objectives
- Insurers reputation
- Proactive and Engaging as early as possible
- transparency of communications
- accountability for relationship mangement
Define Market Risk
Risk arising from changes in investment market values or other features correlated with investment markets, such as inflation or interest rates
