'Enterprise Risk Management\r'

' opening / operable assay vigilance IT study quaternary-in-hand City subject field ceaset calcium State Polytechnic University, Pomona attempt fortune of infection perplexity (ERM) is a recountingly freshly discipline that directiones on unwraping, analyzing, proctoring, and controlling e very(prenominal)(a) study jeopardy classes (e. g. , cr thin out, foodstuffplace, liquidity, practicable hazard classes). operable bump forethought (ORM) is a subset of ERM that focuses on identifying, analyzing, monitoring, and controlling operative try.\r\nThe think of this written report is to explain what enterprise danger counselor is and how operating(a) assay worry fits into the ERM framework. In our conclusion, we discuss what is likely to make it in the ERM / ORM environment oer the bordering 5 geezerhood. Introduction As the lucre has come of age, companies bring on been rethinking their telephone circuit feigns, plaza strategies, and target gues t bases. â€Å"Getting wired,” deliver the goodss blood linees with young opportunities, but brings in the altogether ventures and uncertainty into the equation. distraction of find gage carry an great hail.\r\nIn recent years, handicraft has experience numerous, cerebrate attempt of infection reversals that study resulted in considerable monetary loss, decrease in shargonholder value, damage to society reputations, dismissals of elderberry bush focussing, and, in almost ends, the re tout ensembley adjournment of the credit line. This change magnitudely bumpy environment, in which take a chance mis commission potentiometer have critical consequences, man day of the months that trouble adopt a new-made more proactive perspective on jeopardize way. What is Enterprise / in operation(p) attempt oversight? Clearly, there is a correlativity between effective insecurity grapplement and a healthy-managed business.\r\n all over time, a bus iness that can non manage attempt effectively testament non prosper and, perhaps fail. A disastrous product recall could be the social club’s last. Rogue traders missing oversight and adequate controls have destruct old well-established institutions in a very short time. But, historically, take a chance management in even the closely successful businesses has tended to be in â€Å"silos”â€the policy gamble, the technology chance, the pecuniary danger, the environmental jeopardize, all managed independently in separate compartments.\r\nCoordination of take chances management has usually been non-existent, and identification of emerging run a hazards has been sluggish. This paper espouses a recent conceptâ€enterprise-wide essay managementâ€in which the management of hazards is comprised and coordinated crossways the entire administration. A gardening of put on the line aw arness is created. Companies across a wide crosssection of indust ries argon vexning to go with this effective new methodology. 1 Enterprise / available venture heed At first glimpse, there is much likeness between operational pretend management and separate classes of risk (e. . , credit, market, liquidity risk, and so forth ) and the tools and techniques applied to them. In fact, the principles applied be virtually identical. Both ORM and ERM must identify, measure, extenuate and monitor risk. However, at a more detailed level, there be numerous differences, ranging from the risk classes themselves to the skills needed to work with operational risk. useable risk management is on the button receivening to define the attached anatomy of evolution of embodied risk management.\r\nShould planetary houses be able to develop successful ORM programs, the conterminous step exit be for these firms to integrate ORM with all some other classes of risks into truly enterprise-wide risk management frameworks. See edge 1 for an example o f an ERM / ORM organizational structure instance of the banking pains: ERM Organization Chart chief operating officer ag mathematical group jeopardize Director (ERM) economical upper-case letter (Planning) & put on the line Transfer Group risk of exposure executive director charge budge Program Credit endangerment * trade fortune* operable put on the line (ORM)* corporate Compliance\r\nIT Security and business concern perseverance unified Risk Evaluation ( scrutinize) • differentiate †the major categories of risk to which financial serve firms expose themselves are credit risk, market risk and operational risk. Not surprisingly, financial services firms’ salientst risk concentrationsâ€credit risk and market risk are close effectively managed. Exhibit 1 2 wherefore Enterprise / Operational Risk counsel? There are many a(prenominal) reasons ERM / ORM functions are be established indoors corporations. following are a fewer of the reasons these functions are being established.\r\nOrganizational forethought Two groups have recently accentuate the splendor of risk management at the organization’s highest levels. In October 1999, the depicted object Association of integrated Directors released its Report of the unforgiving Ribbon Commission on audit missions, which recommends that scrutinise committees â€Å"define and use punctual, pore information that is responsive to principal(prenominal) form measures and to the underlying risks they oversee. ” The report states that the chair of the canvas committee should develop an agenda that includes â€Å"a periodic study of risk by each significant business unit. In January 2000, the financial Executives lend released the results of a good deal on canvass committee effectiveness. Respondents, earlier chief financial officers and corporate controllers, stratified â€Å"key areas of business and financial risk” as most imp ortant for audit committee oversight. In light of events meet recent corporate scandals (e. g. , Enron, etc. ), and the increase executive and regulative focus on risk management, the percentage of companies with formal ERM methods is change magnitude and audit committees are becoming more involved in corporate oversight.\r\nThe UK and Canada have set forth specific sound requirements for audit committee oversight of risk evaluation, mitigation, and management which are widely trustworthy as best practices in the U. S. order of Problem The magnitude of loss and confrontation of operational risk and losings to date is difficult to ignore. Based on years of industry loss record- advanceing from national sources, titanic operational risk-related financial services losings have averaged well in senseless of $15 meg annually for the medieval 20 years, but this only reflects the large human race and visible losings.\r\n seek has yielded nearly 100 someone relevant losing s great than $500 million each, and over 300 individual losings greater than $100 million each. 1 Exhibit 2 is a listing of major operational losses. Interestingly enough, the majority of these losses have occurred in financial services, which explains the industry’s leading focus on operational risk management particularly in the area of asset-liability modeling and exchequer management models to manage risks in the extremely volatile bully markets activity of derivative trading and speculation. The 1 Hoffman, Douglas G. , Managing Operational Risk (New York: John Wiley & Sons, 2002), p. xvi. 3 top out Operational Risk Losses Company numerous pecuniary Institutions and Others BCCI Sumitomo bay window Tokyo Shinkin bevel Banca Nazionale del Lavoro Daiwa Bank Barings Non-Financial Institutions: LTCM Texaco, Inc. Cendant Corporation Dow Corning St. Francis Assisi Foundation Mettlgesellschaft Owens Corning eccentric Glass Orange County Atlantic Richfield Kashima anoint colour Showa Shell Prudential Securities Drexel Burnham Lambert widely distributed Motors Phar Mor Loss Amount $20 million. sign Estimates $17 one million million $2. 9 trillion $2. 3 jillion $1. 8 one million million $1. 1 gazillion $1 gazillion $4 billion $3 billion $2. 9 billion $2 billion $2 billion $1. billion $1. 7 billion $1. 6 billion $1. 5 billion $1. 5 billion $1. 5 billion $1. 4 billion $1. 3 billion $1. 2 billion $1. 1 billion Date 2001 1991 1996 19901991 1992 19831995 1995 1998 1984 19851998 1994 1999 19911993 1980s1990s 1994 19861990 1994 19891993 1994 19981993 1996 1992 Description Terrorists hijacked four commercial airliners and crashed them into the World Trade Center. Over 2000 lives lost. Countless businesses touched. Regulators seized about 75 percent of The Bank of Credit and Commerce multinational’s $17 billion in assets in a major impostor. Sumitomo Corporation incurred huge losses through unwarranted trading of copper.\r\nThe manager of the Imasato branch risky 19 deposit certificates, which were used to parent money for stock deals. Former employees state guilty to conspiring to arrange $5 billion in unauthorized loans to Iraq. Loss ascribable to unauthorized trading by an employee. This catastrophic loss has nonplus a benchmark for operational risk. Losses due to lack of dual control and checks and balances. Huge market losses due to inadequate model management and inadequate controls at yen Term Capital forethought. Pennz fossil oil sued Texaco alleging that Texaco â€Å"wrongfully interfered” in its merger deal with Getty.\r\nLargest and longest-running accounting device in history. Former executives conspired to inflate earnings. The order agreed to pay settlements to 18 women who indicated detractor implants made them ill. Insurance fraud case in which Martin Frankel allegedly stole as much as $2 billion from this keister. Loss due to liquidation of oil supply contracts. Settlement of asbestos-related claims. Largest people risk class case in financial history. Largest investment loss ever registered by a municipality. Settlement of North lean oil royalties dispute with Alaska. Disguised losses on FX forward contracts.\r\nMajor oil refiner in Japan faced losses from forward currency contracts. Settled charges of securities fraud with state and federal regulators. Former employees filed a class action suit charging the company with fraud, breach of duty and negligence. Heavy losses suffered due to 3 strikes. A author president of the firm defrauded in an peculation scheme. Exhibit 2 Source: Hoffman; Managing Operational Risk 4 Increasing Business Risks With the increase speed of change for all companies in this new era, ripened management must deal with many coordination compound risks that have substantial consequences for the organization.\r\nA few forces currently creating uncertainty are: • • • • • • • • en gine room and the Internet Increased intercontinental controversy Free trade and investment worldwide Complex financial instruments Deregulation of key industries Changes in organizational structures from downsizing, reengineering, and mergers Increasing node expectations for products and services More and larger mergers Collectively, these forces are stimulating considerable change and creating an increasing risk in the business environment.\r\n restrictive The international regulators irradiately intend to kick upstairs banks to develop their own proprietary risk measure models to assess regulatory, as well as economic, detonating device. The advantage for banks should be a substantial reduction in regulatory capital, and a more accurate apportioning of capital vis-a-vis the actual risk confronted. In December 2001, the Basel committal on Banking inadvertence submitted a paper â€Å" measureable Practices for the Management and Supervision of Operational Risk” for comment by the banking industry.\r\nIn evolution these sound practices the Committee recommended that banks have risk management systems in place to identify, measure, monitor and control operational risks. While the guidance in this paper is intended to dedicate to internationally active banks, plans are to last rehearse this guidance to those banks deemed significant on the basis of size, complexity, or systemic importance and to smaller, less complex banks. Regulators get out in conclusion conduct regular independent evaluations of a bank’s strategies, policies, procedures and practices addressing operational risks.\r\nThe paper indicates an independent evaluation of operational risk exit incorporate a re descry of the following six bank areas:2 • • Process for assessing overall capital sufficiency for operational risk in telling to its risk write and its interior(a) capital targets; Risk management process and overall control environment effective ness with respect to operational risk exposures; 2 Basel Committee on Banking Supervision, Sound Practices for the Management and Supervision of Operational Risk, (Basel, Switzerland: Basel Committee on Banking Supervision, 2001), p. 1. 5 • • • • Systems for monitoring and report operational risk exposures and other data quality considerations; Procedures for timely and effective resolution of operational risk exposures and events; Process of internal controls, reviews and audit to stop integrity of the overall risk management process; and Effectiveness of operational risk mitigation efforts. Market Factors Market factors as well as play an important role in motivating organizations to consider ERM / ORM. Comprehensive shareholder value management and ERM / ORM are very much linked.\r\nToday’s financial markets place substantial premiums for consistently meeting earnings expectations. Not meeting expectations can result in severe and speedy decline in shareholder value. Research conducted by Tillinghast-Towers Perrin found that with all else being equal, organizations that achieved more consistent earnings than their peers were rewarded with materially higher market valuations. 3 Therefore, for corporate executives, managing key risks to earnings is an important piece of shareholder value management. The traditional view of risk management has often cerebrate on quality and iability related issues or internal controls. However, â€Å"traditional” risk events much(prenominal) as lawsuits and natural incidents whitethorn have little or no impact on destroying shareholder value compared to other strategic and operational exposuresâ€such as customer demand shortfall, competitive pressures, and cost overruns. One explanation for this is that traditional risk hazards are relatively well dumb and managed todayâ€not that they don’t matter. buss straightaway have the opportunity to apply tools and techniqu es for traditional risks to all risks that affect the strategic and financial objectives of the organization.\r\nFor non-publicly traded organizations, ERM / ORM is valuable for many of the aforesaid(prenominal) reasons. Rather than from the perspective of shareholder value, ERM / ORM would go away managers with a comprehensive overview of other important items such as cash lean risks or stakeholder risks. Regardless of the organizational form, ERM / ORM can be an important management tool. Corporate Governance Defense against operational risk and losses flows from the highest level of the organizationâ€the calling card of directors and executive management. The board, the management team that they hire, and the policies that they develop, all set the tone for a company.\r\nAs guardians of shareholder value, boards of directors must be crisply attuned to market reaction to negative news. In fact, they can find themselves castigated by the public if the reaction is severe eno ugh. As representatives of the shareholders, boards of directors are responsible for policy 3 Tillinghast-Towers Perrin, Enterprise Risk Management: Trends and Emerging Practices. (The Institute of knowledgeable Auditors Research Foundation, 2001), p. xxvi. 6 matters relative to corporate gradeance, including but not restrict to setting the stage for the framework and foundation for enterprise risk management.\r\nRight now, operational risk management is a â€Å" torrid topic” of discussion for regulators and in boardrooms across the US. In the wake of the 2001 releases from the Basel Risk Management Committee, banks now have further cleverness as to the regulatory position on the need for regulatory capital for operational risk. Meanwhile, shareholders are aware that there are means to identify, measure, manage, and mitigate operational risk that add up to billions of dollars every year and include frequent, low-level losses and similarly infrequent but catastrophic los ses that have actually wiped out firms, such as Barings, and others.\r\nRegulators and shareholders have already signaled that they testament hold directors and executives accountable for managing operational risk. Best-Practice higher-ranking managers need to encourage the training of compound systems that aggregate various market, credit, liquidity, operational and other risks generated by business units in a consistent framework across the institution. consistency may become a unavoidable condition to regulatory approval of internal risk management models.\r\nAn environment where each business unit calculates their risk separately with different rules go out not provide a meaningful oversight of firm-wide risk. The increasing complexity of products, linkages between markets, and probable reachs offered by overall portfolio effects are thrust organizations toward stepizing and integrating risk management. Conclusion It seems clear that ERM / ORM is more than other mana gement cultus or academic theory. We believe that ERM / ORM leave become part of the management process for organizations in the future.\r\nHad ERM / ORM processes been in place during the one-time(prenominal) two decades, a number of the operational risk debacles that took place may not have occurred or would have been of lesser magnitude. Companies are beginning to see the benefit of defend themselves from all types of capability risk exposures. By identifying and mapping risk exposures throughout the organization, a company can focus on on mitigating those exposures that can do the most damage. With an understanding of risks, their severity, and their frequency, a company can turn to solutions; be it retaining, transferring, sharing, or avoiding a particular risk.\r\nOur thoughts on what volitioning find out in the ERM / ORM environment in the bordering 5 years are: In the undermentioned 5 years, it is likely that companies will no longer view risk management as a var y and isolated activity: the management of policy or foreign exchange risks, for instance. The new approach will 7 keep managers and employees at all levels sensitized to and pertain about risk management. Risk management will be coordinated with senior management oversight and everyone in the organization will view risk management as part of his or her job. The risk management process will be continuous and broadly focused.\r\nAll business risks and opportunities will be covered. In the side by side(p) 5 years, the use of bottom-up risk assessments will be a standard process used to identify risks throughout the organization. The self-assessment process will involve everyone in the company and require individual units to focus and report on the threats to their individual business objectives. Through the selfassessment process, the organization will be able to understand loss potential and risk control by business, by profit center and by product. The individual line manager will begin to understand the loss potential in his or her own processing system.\r\nIn the close 5 years, the use of top-down scenario abridgment will be another standard method used to identify risks throughout the organization. Top down scenario analysis will determine the risk potential for the entire firm, the entire business, organization, or portfolio of business. By its very nature, it is a high-level way and cannot get into the bottom-up transaction-by-transaction risk analysis. For example, because Microsoft has a campus of more than 50 buildings in the Seattle area, earthquakes are a risk. 4 In the past, Microsoft looked at silos of risk.\r\nFor example, they would have looked at property insurance when they considered the risks of an earthquake and thought about protecting equipment and buildings. However, victimisation scenario analysis they are now fetching a more holistic perspective in considering the risk of an earthquake. The Microsoft risk management group has ana lyzed this disaster scenario with its advisors and has attempted to quantify its real cost, taking into account how risks are correlated. In the process, the group set risks in addition to property damage, such as the following: • • • • • • 4\r\nDirector and officer liability if some people think management was not properly prepared. Key personnel risk Capital market risk because of the firm’s inability to trade. Worker wages or employee benefit risk. Supplier risk for those in the area of the earthquake. Risk related to loss of market share because the business is interrupted. Michel Crouhy, Dan Galai, and Robert Mark, Making Enterprise Risk Management Payoff (New York: McGraw-Hill, 2001), pp 132-133. 8 • • Research and development risks because those activities are interrupted and product delays occur.\r\n yield support risks because the company cannot respond to customer inquiries. By using scenario analysis, management has identified a number of risks that it might not have otherwise and Microsoft is now in a better position to manage these risks. The future ERM / ORM tools such as risk assessment and scenario analysis will uphold companies in identifying and mitigating the majority of these risks. In the next 5 years, companies will be using internal and external loss databases to commence occurrences that may cause losses to the company and the actual losses themselves.\r\nThis data will be used in decimal models that will project the potential losses from the various risk exposures. This data will be used to manage the amount of money of risk a company may be willing to take. In the next 5 years, companies will allocate capital to individual business units based on operational risk. By linking operational risk capital charges to the sources of that risk, individuals with risk optimizing behavior will be rewarded and those without proper risk practices will be penalized.\r\nIn the next 5 years, internal audit will become even more focused on how risks are managed and controlled throughout the company on a continuous basis. intimate audit will be responsible for reporting on integrity, accuracy, and reasonableness of the companys entire risk management process. In addition, inhering Audit will be involved in ensuring the appropriateness of the companys capital assessment and allotment processes. Furthermore, audit will influence perennial improvement of risk management and controls through the sharing of best practices.\r\nIn the next 5 years, management will be looking for individuals who are skilled in risk management. Professional designations such as the Bank Administration Institutes Certified Risk Professional (CRP) and the Information and Audit and sway Associations Certified Information Security Manager (CISM) will demonstrate proficiency in the risk management area and will be in demand. In the next 5 years, external auditors will be required to report on the skill and effectiveness of a company’s risk management program.\r\nThese companies will be required to disclose the screen background and nature of risk reporting and/or measurement systems in their annual reports. Overall, companies will be better positioned in the next 5 years to deal with the broad scope of enterprise-wide risks. By implementing the ERM / ORM process now, companies will begin to maximize their overall risk profile for competitive advantage. 9 Bibliography Barton, Thomas L. ; Shenkir, William G. ; Walker, capital of Minnesota L. Making Enterprise Risk Management Pay Off. New Jersey: Financial Times / Prentice Hall, 2002. Basel II Mandates a Nest http://web2. infotrac. galegroup. co Egg for Banks” US Banker. (July 1, 2002) 48. July 2002. BITS. BITS Technology Risk Transfer recess Analysis Tool. capital of the United States, D. C. : BITS, 2002. Bock, Jerome T. , The Strategic Role of â€Å" frugal Capital” in Bank Management, Wimbledon, capit al of the United Kingdom: MidasKapiti International, 2000. Business Banking Board. RAROC and Operating Risk. Washington, D. C. : Corporate Executive Board, 2001. Business Banking Board. Risk Management Structure. Washington, D. C. : Corporate Executive Board, 2001. Consultative Document Operational Risk. 2001.\r\nBank for International Settlements and Basel Committee on Banking Supervision. July 2002. http://www. bis. org/publ/bcbsa07. pdf Crouhy, Michel; Galai, Dan; Mark, Robert, Risk Management. New York: McGraw-Hill, 2001. â€Å"Elements of a palmy IT Risk Management Program”. Gartner. (May 2002. ) 9. July 2002. http://www. gartner. com/gc/webletter/bindview/issue1/ggarticle1. html Ernst & Young, Integrated Risk Management Practices. Unpublished PowerPoint slides, Ernst & Young: 2000. Hively, Kevin; Merkley, Brian W. ; Miccolis, Jerry A. Enterprise Risk Management: Trends and Emerging Practices.\r\nFlorida: The Institute of immanent Auditors Foundation, 2001. H offman, Douglas G. Managing Operational Risk. New York: John Wiley & Sons, Inc. , 2002. â€Å"In Brief: Ferguson Urges Investing in Risk Control”. American Banker. (March 5, 2002) 1. July 2002. http://0proquest. umi. com. opac. library. csupomona. edu James, Christopher, RAROC Based Capital Budgeting and Performance Evaluation: A graphic symbol Study of Bank Capital Allocation. pappa: The Wharton School, 1996. Jameson, Rob; Walsh, John, â€Å"The Leading Contenders,” Risk Magazine, (November 2000). 6. July 2002. http://www. financewise. om/public/edit/riskm/oprisk/opr-soft00. htm Insurance Industry †combat-ready companies: Allianz, AXA, Chubb, Mitsui Sumitomo, Munich Re, Swiss Re, Tokio Marine and bam, Xl, Yasuda Fire and Marine and Zurich. Insurance of Operational Risk Under the New Basel Accord. Insurance Industry, 2001. Lam, James, â€Å"Top Ten Requirements for Operational Risk Management” Risk Management (November 2001) July 2002. http://0-pro quest. umi. com. opac. library. csupomona. edu Marks, Norman, â€Å"The New date of Internal Auditing” The Internal Auditor (December 2001) 5. July 2002. http://0-proquest. mi. com. opac. library. csupomona. ed McNamee, David; Selim, George M. Risk Management: Changing the Internal Auditor’s Paradigm. Florida: The Institute of Internal Auditors Research Foundation, 1998. National Association of Financial Services Auditors. â€Å"Enterprise Risk Management,” National Association of Financial Services Auditors. squinch 2002. 12-13. netForensics is a Web site that discusses those regulations that govern information security in financial services, healthcare and government. http://www. netforensics. com/verticals. html 10 Ong, Michael; â€Å"Why bother? Risk Magazine, (November 2000). 6. July 2002. http://www. financewise. com/public/edit/riskm/oprisk/oprcommentary00. htm Practice Advisory 2100-3: Internal Audit’s Role in the Risk Management Process. March 2001. The Institute of Internal Auditors. July 2002. http://www. theiia. org/ecm/guide-frame. cfm? doc_id=73 Santomero, Anthony M. , Commercial Bank Risk Management: an Analysis of the Process. Wharton School, 1997. dad: The Sound Practices for the Management and Supervision of Operational Risk. 2002. Bank for International Settlements and Basel Committee on Banking Supervision.\r\nJuly 2002. http://www. bis. org/publ/bcbs86. htm The Financial Services Roundtable, Guiding Principles in Risk Management for U. S. Commercial Banks. Washington D. C. : The Financial Services Roundtable, 1999. Verschoor, Curtis C. Audit Committee Briefing †2001: Facilitating New Audit Committee Responsibilities. Florida: The Institute of Internal Auditors, 2001. Working musical composition on the Regulatory Treatment of Operational Risk. 2001. Bank for International Settlements and Basel Committee on Banking Supervision. July 2002. http://www. bis. org/publ/bcbs_wp8. pdf 11\r\n'