Risk Management / Enterprise / Financial

Next Subject

• INTRODUCTION TO ENTERPRISE RISK MANAGEMENT
• RISK CATEGORIES
• RISK MANAGEMENT REVIEWS
• ACCOUNTING / AUDITING / TREASURY MANAGEMENT
• ANALYSIS
• CERTIFICATE TRACKING
• CHARTING & MAPPING
• ENTERPRISE RISK MANAGEMENT
• RISK MANAGEMENT INFORMATION SYSTEMS

Introduction To Enterprise Risk Management

Top of page

The process whereby an organization optimizes the manner in which it takes risks. When conducted appropriately, enterprise risk management recognizes that business (including non-profit business) is about taking risks. All organizations accumulate resources and invest them in activities which are uncertain. Successful organizations take risks which are necessary for their goals, while avoiding other risks. Accordingly, enterprise risk management is not about seeking or avoiding risk. It is about optimizing risk.

Risk management involves different individuals in various positions performing different functions. These positions / functions can be reviewed to check for appropriate communication, interaction and co-operation. Some of them are:

• Traditional Risk Manager handles hazard risk and risk financing, which often includes input and overlap into some or all of the areas listed
• Chief Risk Officer or Chief Audit Executive focuses, integrates, and communicates the activities of internal audit and other risk management functions across the organization
• Internal auditor assesses control risks
• Chief Continuity Officer is repsonsible for disaster / continutiy planning
• VP Finance controls and supervises various areas of financial risk and hazard risk
• Financial Risk Manager handles Financial Risks
• Strategic business units develop controls for operational risk
• Occupational safety officer handles employee safety.
• Medical supervisors handle clinical risk management
• Quality assurance officer co-ordinates quality assurance and continuous improvement efforts
• Product Steward is responsible for quality control of the manufacture of the product
• Chief food safety officer is responsible for quality control of the food supplied
• Chief Security Officer handles security
• Plant / Building manager handles equipment and building safety
• Environmental officer handles environmental / pollution exposures
• Corporate counsel controls legal / contractual exposures in all areas
• Marketing and public relations personnel focus on reputation risk
• Human resources department addresses employment risk
• Technology / Information officer controls computer security and e-commerce risks
• Treasury focuses on credit and monetary risk
• Commodities traders hedge price fluctuation risks
• Senior management and the board of directors focus on strategic challenges

Throughout an organization, each individual has responsibility to manage risks within his or her own area, often with a lack of regular interaction, resulting in duplication of efforts and missed opportunities. Where appropriate, these various branches of risk management can be augmented by a system of control which is supervised by a coordinator who can assist the various specialists in the risk management techniques of:

• Identifying the major risks faced by the organization;
• Measuring those risks. Measuring is the process of assigning a value to a given risk level, either quantitatively or qualitatively;
• Controlling risks, which is the process of modifying the risk level to comply with the risk taking appetite and policies set by shareholders and board of directors. This includes transferring, eliminating, financing or reducing losses or potential losses by way of:
• Examining feasibility of risk management techniques, e.g., avoid and transfer risks through safety, engineering, contractual, retaining those risks which are within the organization's financial capacity, insuring risks which are above the organization's retention capacity, hedging through use of derivative instruments, insuring for traditionally insured hazard risks together with financial risk contingencies in a specially designed package policy etc.;
• Selecting the apparently best techniques;
• Implementing the chosen risk management techniques;
• Monitoring and improving. Monitoring is the process of tracking changes in the measure of risk over time, often reported against a limit or benchmark.

The overall aim of a coordinated approach TO risk management is to focus on :

1. Revenue Growth - customer, product, or market goals.

2. Margin - cost reduction, including restructuring of costs and provision of services
and supply-chain efficiencies.

3. Assets - asset turnover, flexibility, effectiveness, and efficiency targets;
safeguarding of assets.

4. Expectations - various expectations of stakeholders, regulators, rating agencies,
banks, creditors, employees, customers, partners, and suppliers.

This responsibility can sometimes be handled by a CRO (Chief Risk Officer) or a Chief Audit Executive (CAE). It will not eliminate the need for any of the separate functions, but will simply formalize an integrated approach to risk management. Where the CRO position has succeeded in both meeting senior management's needs and overcoming organizational resistance, it has been in the role of a leader and facilitator and integrator and not as a technician. In this role, the CRO serves as a coordinator, more than a manager, of risks. He or she is a communicator who can facilitate dialog among the individual risk managers, both reassuring them of their individual value to the organization and maximizing that value.

Whether such a position is appropriate for your organization is open to examination and discussion. It is not for every organization.

Each organization will place different emphasis on the various categories or risk depending on the nature of the business. The areas of risk can be divided into the following categories: (Some of the risks are externally driven and other internally driven). These categories cross over is some instances.

Risk Categories

Top of page

Governance Risk

• Policies, procedures, structure, and authorities that oversee key company directions and decisions.

Strategic and Execution Risk

• Business strategy and future initiatives, such as plans to enter new markets, form new alliances, or launch new products
• Capital availability
• Competition
• Customer changes, demographic, social / cultural trends
• Customer demand
• Industry changes
• Legal and regulatory - Also Operational Risk
• Merger & acquisition integrations
• Regulatory and political trends
• Reputational risk (e.g., trademark / brand erosion, fraud, unfavorable publicity) - also operational risk
• Research & development, Intellectual capital, technological innovation

Financial Risk

• Price (e.g., asset value, interest rate, foreign exchange, commodity)
• Liquidity (e.g., cash flow, call risk, opportunity cost)
• Credit (e.g., asset ratings, default, downgrade)
• Inflation / purchasing power
• Equity risk, Project financing
• Hedging / basis risk
• Liability risk, reserve type and size
• Market
• Input cost

Operational Risk

• Controls and the control infrastructure, particularly with respect to the protection and utilization of existing assets and operations
• Board composition, compliance, regulation - Also Governance Risk
• Human resources, recruitment
• Empowerment (e.g., leadership, change readiness)
• Expense
• Culture
• Fraud - Also classified as Hazard Risk
• Human error, incompetence
• Systems, information technology (e.g., relevance and availability)
• Information / business reporting (e.g., budgeting and planning, accounting information, pension fund, investment evaluation, taxation
• Product development
• Product service, failure
• Capacity, efficiency
• Reputation - Also strategic risk
• Supply chain, channel management
• Business cyclicality
• Catastrophic risk - Also classified as Hazard Risk

Infrastructure Risk

• Performance of people, processes, and systems that support the company's operations

External Risk

• Environment in which the company operates or external factors beyond the company's control

Hazard Risk

• Fire and other property damage, terrorism, theft & crime risks etc.
• Natural events, windstorm, flood, earthquake
• Business interruption, suppliers, public access
• Liability, contracts, environment, employees, products & services
• Disease and disability, including work related injuries

Risk Management Reviews

Top of page

A risk management Review is an evaluation of an organization’s risk management status and processes to provide an objective, expert opinion on their effectiveness. The scope of risk management is greater than many realize, so a minor percentage improvement can have a large dollar impact.

Cost of Risk Analysis:

The total cost of risk is the sum of:

1. Uninsured and self-insured losses;
2. Indirect and consequential cost of these losses;
3. Loss prevention (fire protection, safety, security);
4. Claims adjusting;
5. Legal defense;
6. Fees to service firms and brokers;
7. Insurance premiums;
8. Internal administration.

Analysis of current arrangements:

A review will generally:

• Analyze exposures to loss and determine what risks should be eliminated, reduced, insured or self-insured / not insured;
• Evaluate the effectiveness of the present insurance program in terms of the protection afforded, services provided and cost;
• Evaluate policy limits;
• Consider possible alternatives such as deductibles, retrospective rating, self insurance and other methods of improving cash flow;
• Assess internal loss prevention, security, and claims handling;
• Evaluate outside services such as insurance brokers and claims adjusters;
• Help develop a formal corporate policy on risk management;
• Evaluate risk administration, record-keeping, cost allocation, placement of the risk management function in the corporate structure, staffing, and other internal risk management functions;
• Provide a written report indicating the findings of the Reviewer(s) and making specific recommendations relative to areas that appear to be in need of attention.

Nature & scope:

The nature and scope of a review will vary as a function of what it is designed to accomplish. Assistance may be called for to look into a specific problem or situation. For example, outside expertise may be needed to evaluate the administration of a risk management and insurance program, to set up bidding specifications for insurance purchases, to determine the feasibility of self-insurance or a captive insurer, or to look into the merits of membership in a reciprocal insurance exchange. Projects may also be conducted to:

• investigate possible conflicts of interest in the purchase of insurance;
• determine the need for a risk management department;
• Review extent of enterprise risk management within the organization and the appropriateness of formalizing a chief risk officer position.
• decide the best way to handle claims and/or improve the filing and processing of loss and claim reports;
• consolidate the insurance programs of autonomous subsidiaries;
• reconcile premium adjustments;
• check the qualifications of insurance representatives and insurers;
• investigate the market for a difficult line of insurance, through specialist brokers and insurers.

Get Risk Management Standard from Association of Insurance and Risk Managers (AIRMIC)

Accounting / Auditing / Treasury Management

Top of page

• Association for Financial Professionals
• Auditnet Resource List

Analysis

Top of page

• @Risk - Analytical risk management software that does Monte Carlo and other simulations for risk spread.
• Advisen - Advisen is the leading provider of strategic information services to the commercial insurance industry. Through business-critical data, proprietary analytic tools and custom-built software applications, all based on technology standards, Advisen is the only company that offers its customers a fully integrated service - information and tools - for individual desktops, workgroup environments and company-wide installations. Examples of Advisen's tools include:
• Policy and demographic benchmarking
• Loss Analysis - Trending, Development, Triangulation and Benchmarking
• Business Prospecting
• Program Structure Charting
• Policy Comparisons
• Monte Carlo Simulation Models
• Dynamic Financial Analysis for Insurance Companies
• Risk Financing Economic Modeling
• LOB - Rate, Loss and XS Factor Databases
• LOB - Large Loss Databases
• Rating Models
• Pro Rata Wheel Analysis
• Regulatory Violation Databases

• Agena - Agena provides software products to solve complex risk assessment and decision problems. Our technological advantage lies in our expertise in applying Bayesian Networks (BNs) - technology recognised as superior to other competing approaches. For the past four years, we have been honing our technology into a group of products for key business and market areas:
• Operational Risk
• Reliability Assessment
• Software Quality Project Risk Management
• TV Personalisation
• Cadmus Corporate Solutions Limited - Michael Murphy.
• Capital Market Risk Advisors, Inc
• Chartered Enterprise Risk Analyst - CERA
• Hubbard - Decision Research
• J.E.Boritz Consultants Limited
• J P Morgan
• Kamakura Corporation - Kamakura Corporation is the first software company in the world to provide a single fully integrated software package that does these critical functions that used to be performed by different vendors:
• Default probability estimation from market and accounting data
• Credit-adjusted value at risk and net income simulation
• Market risk
• Asset and liability management
• Net income simulation and balance sheet simulation
• Performance measurement and transfer pricing
• Profit Suite 2020 - Connects the dots, provides the visualization, the probabilities, the numbers, the measurements, the financials and rich simulations at the event and enterprise levels.
• Risk Advisory
• RiskAMP - RiskAMP is a full-featured Monte Carlo Simulation Engine for Microsoft Excel®. With the RiskAMP Add-in, you can add Risk Analysis to your spreadsheet models quickly, easily.
• Vose Software - A leading international firm specializing in quantitative risk analysis software tools.

Certificate Tracking

Top of page

• Ins-Cert.com - Agents post data and "Holders" view certificates on-line. No paper, fax or images! FREE service for Holders, with compliance checking & reports.
• IDS

Charting & Mapping

Top of page

• Canada Map Sales
• CDS Business Mapping - Distance to shore maps.
• ESRI Canada Limited - Geographic Information Systems.
• Google Maps
• MapInfo - MapInfo's new Risk Data Suite™ for underwriting, rating, and portfolio risk management combines geospatial datasets with historical information for Weather and natural hazards with useful aggregate exposure grids to provide a powerful analytical basis for mission critical insurance decisions.
• Map Town - Topographical maps - land legal descriptions - Canada.
• Visio - Charting software

Enterprise Risk Management

Top of page

• Advisen - Advisen is the leading provider of strategic information services to the commercial insurance industry. Through business-critical data, proprietary analytic tools and custom-built software applications, all based on technology standards, Advisen is the only company that offers its customers a fully integrated service - information and tools - for individual desktops, workgroup environments and company-wide installations. Examples of Advisen's tools include:
• Policy and demographic benchmarking
• Loss Analysis - Trending, Development, Triangulation and Benchmarking
• Business Prospecting
• Program Structure Charting
• Policy Comparisons
• Monte Carlo Simulation Models
• Dynamic Financial Analysis for Insurance Companies
• Risk Financing Economic Modeling
• LOB - Rate, Loss and XS Factor Databases
• LOB - Large Loss Databases
• Rating Models
• Pro Rata Wheel Analysis
• Regulatory Violation Databases
• Andrew Robinson International - Some of our Insurance Advisory services:
• Insurance Coverage Audits, Exposure Analysis, Design of Insurance Specifications for Competitive Bidding, Analysis and Evaluation of Quotations from Brokers and Insurers, Insurance Program Monitoring & Management, Claim Preparation, Negotiation and Audits, Cost Allocation Systems
• Some of our Risk Management services:
  • Evaluation of Service Providers in the Risk Value Chain, Risk & Insurance Assessment as part of M&A Due Diligence, Self-Insurance Feasibility Studies, Alternative Risk Transfer and Finite Risk Transfer Solutions, Outsourced Risk Management ("rent-a-risk manager"), Enterprise Risk Management,
  • Risk Mapping, Risk Process & Product Design (integrated disability, etc.),
  • Risk Securitization, Intellectual Property Strategies, Operational Reviews (benchmarking, best practices, etc.), Expert Testimony.
• Association of Insurance and Risk Managers (AIRMIC)
• Certificate in Enterprise Risk Management (ERM)
• Conference Board of Canada
• Corporate Governance
• COSO - COSO was originally formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting, an independent private sector initiative which studied the causal factors that can lead to fraudulent financial reporting and developed recommendations for public companies and their independent auditors, for the SEC and other regulators, and for educational institutions.
• Dictionary of Financial Risk Management
• Financial Services Fact Book
• Global Association of Risk Professionals - Site for financial risk management professionals.
• Glossary of Financial Risk Management
• Incisive Media Plc
• Insurance & Finance Research Station - By M. Okubo.
• Kevin Quinley on Risk Management
• MetricStream - MetricStream provides an integrated and flexible framework for documenting and assessing risks, defining controls, managing assessments and audits, identifying issues and implementing recommendations and remediation plans. The risk management system includes powerful tools for risk analysis and monitoring such as configurable risk calculators and risk heat maps. White Papers on many usfeul areas.
• Risk Advisory
• Risk Management Magazine
• Risk Managers Guide to all 50 States - from riskVue.
• Strategic Risk Council - The Conference Board of Canada.
• Sungard
• Treasury and Risk Management Magazine
• Wikipedia Article and links
• Workforce - Human Resources trends and tools.

Risk Management Information Systems

Top of page

• Chubb RMIS Suite of Products
• CS Stars
• Dashboard Insight
• e-Carma - Travelers.
• ESIS - Global Risk Advantage - ACE
• Gallagher Bassett Services Inc.
• iView Systems
• Methodware
• RiskMaster
• Risk Sciences Group - Sigma Encore Suite
• Risk Technologies Inc.
• Risxfacs.com from Gallagher Bassett Services Inc.
• RMIS Web
• RMS - Founded at Stanford University in 1988, RMS is the world's leading provider of products and services for the quantification and management of catastrophe risks.
• Venue™ Claims Management