IMPLEMENTING RISK MANAGEMENT Why Implementing Risk Management Research

IMPLEMENTING RISK MANAGEMENT

Why Implementing Risk Management Research Findings On Success Factors on Implementing Risk Management 1. 2. 3. 4. 5. Performance of Formal Process RM process: RM Plan, Identification, Analysis, Treatment, Monitoring, and Control (Lemos et al -2001, Roth and Espersen – 2004) Risk Appetite, Involvement of Board, Centrilized ERM, Proper Communication, and Culture (Mc. Donald-2004) Communication and promotion of behavioral change (Coccia -2005) The Transparaency linkage between Risk mitigation Plan and Corporate Objectives (Woods-2005) Knowledge, Relationships and Sharing Best Pratices (Hampton-2006)

Why Implementing Risk Management Research Findings On Success Factors on Implementing Risk Management Research Critical Success Factors (CSFs) are defined from three (3) different perspectives: (1) The factors that have influence on the inclination and readiness of a corporation for implementing RM; (2) The factors that are important during the design and implementation of RM in a corporation and can significantly affect the success of RM design and implementation; and (3) The factors that are crucially important to successfully run, maintain, and administrate RM after the closure of the project of RM design and implementation.

Where The RISKs Begin? ? ? Overview of Corporate Finance

What is RISK ? a definition • Risk equals to uncertainty. The higher the uncertainty is, the risk of doing business is greater. • An interactive processconsisting of well defined steps which, taken in sequence, support better decision makingby contributing a greater insightinto risk and their impacts. • A logical and systematic method of identifying, analyzing, assessing, treating, monitoring and communicatingrisks associated with any activity, function or process in a way that will enable organization to minimize lossesand maximize opportunities.

What is RISK ? Consequences & Likelihood Risk Consequences 1. 2. 3. 4. 5. Catastrophic Major Moderate Minor Insignificant Risk Likelihood 1. Certain 2. Likely 3. Moderate 4. Unlikely 5. Rare

What is ENTERPRISE RISK MANAGEMENT? ERM definition • An interactive processconsisting of well defined steps which, taken in sequence, support better decision makingby contributing a greater insightinto risk and their impacts. • A logical and systematic method of identifying, analyzing, assessing, treating, monitoring and communicatingrisks associated with any activity, function or process in a way that will enable organization to minimize lossesand maximize opportunities.

Evolution of industry practices*) Enterprise Risk Management Organizational Financial Risk Management Business Operation Credit Risk Management Credit 1970 s Market Credit 1980 s 1990 s *) James Lam, PRMIA Inaugural Conference in Montreal

Traditionally risk was managed within “silos” Credit Risk Who How Market Risk A/LM Risk Operational Risk • Chief Credit Officer • CFO • Business Managers • Treasurer • Asset/Liability Manager • Internal Audit • Corporate Actuarial • Exposure Limits • Portfolio Measurement • Securitization/ Derivatives • Investment Limits • Portfolio Return • Growth Limits • Trading and A/LM Limits • Value at Risk Management • Financial Derivatives • Controls • Audit Review • Insurance

Enterprise Risk Management Approach Enterprise Risk Management Chief Risk Officer/Chief Financial Officer Credit Risk Market Risk Business Risk Internal Audit Treasurer Chief Credit Officer Operational Risk Business Managers Asset/ Liability Manager Corporate Actuarial Benefit Broadens risk awareness Aligns risk profile and strategy Minimizes surprises and losses Rationalizes capital requirements Assures regulatory compliance Improves ROE and shareholder value

What is ENTERPRISE RISK MANAGEMENT? ERM Process I A A T MC 1. 2. 3. 4. 5. 6. Identifying Analyzing Assessing Treating Monitoring Communicating Source: Australian and New Zealand Standards of Risk Management, 1995

S M A E L P What are the Risk Management Process? STEP 3 : Risks Assessment Risk Exposures

Implementing Risk Management A Framework of Risk Management

How to Prepare for ERM Implementation Process? Establish the strategic, organizational and risk management context, the criteria against which risk will be assessed, and the structure of the analysis.

HOW to do The Implementation ? ERM Framework 1. Corporate Governance Establish top-down risk management 2. Line Management Business Strategy Aligment 5. Risk Analytics Develop advanced analytical tools 3. Portofolio Management Think and act like a “fund manager” 4. Risk Transfer out concentrated or inefficient risks 6. Data and Technology Resources Integrate data and system capabilities 7. Stakeholders Management Improve Risk transparancy for key stakeholders

M A S E L P What are the Risk Management Process? STEP 3 : Risks Assessment

What are the Risk Management Process? STEP 4 : Risks Treated & Managed Risk Traet Monitoring & Communicating 1. Avoid: By not doing the business initiative 2. Retain: by accepting the risk 3. Transferred: through insurance & cooperative 4. Shared: through insurance & cooperative 5. Reduced: through risk mitigation & internal control mechanism 6. Accept

What are the Risk Management Process? STEP 4 : Risks Treated & Managed Risk Traet Monitoring & Communicating Examples of Action to reduce Risk Likelihood 1. Compliance Program 2. Review on Contracts 3. Review on Organization 4. Review on Business Process and Model 5. Training 6. Supervision 7. Quality Management 8. Process Control 9. Maintenance 10. R&D

What are the Risk Management Process? STEP 4 : Risks Treated & Managed Risk Traet Monitoring & Communicating Examples of Action to reduce Risk Consequences 1. Contingency planning 2. Disaster recover plans 3. Public relations 4. Pricing policy 5. Activity relocation 6. Insurance 7. Outsourcing 8. Strategic alliances

What are the Risk Management Process? STEP 4 : Risks Treated & Managed Risk Traet Monitoring & Communicating How to Prioritize …. ? ? ?

What are the Risk Management Process? STEP 4 : Risks Treated & Managed Risk Traet Monitoring & Communicating How to Manage and Treat Risk …. ? ? ? • Risk-based internal control mechanism: • It focuses on auditable areas of greatest risks • It is future oriented • It tests the way management mitigate risks • COSO’s internal control framework: The Committee of Sponsoring Organizations of the Treadway Commission

What are the Risk Management Process? Why do we NEED Risk Monitoring & Communicating ? STEP 5 : Risks Monitored 1. To ensure the effectiveness of risk management 2. Risks do change overtime 3. Risk priority may change overtime STEP 6 : Risks Communicated There is a possibility to have difference perception on risk because difference in 1. Assumptions 2. Concepts 3. Experience 4. Interests. What

Three Pillars of ERM 1. Best-Practice Policies 2. The Framework 3. Approaches to ERM

What are the Risk Management Tools ? 1. Ex-ante risk management. Tools such as: Preventive controls; Preventive actions; Information seeking, statistical analysis andforecasting; Design for reliability; Insurance and Financial Risk Management etc. 2. Ex-post risk management. It involves: control audits and thedesign of flexible-reactive schemes that can deal with problems once they have occurredto limit their consequences.

Types of Tools Used to Implement ERM Procedures 1. Risk mapping of individual risks 2. Risk assessment workshop 3. Proforma financial modelling 4. Scenario planning 5. Monte carlo simulation 6. Stochastic simulation 7. Economic scenario generation 8. Behavior modification performance incentives 9. Catastrophe modelling 10. Optimization software