Post on 30-Jan-2018
ERM 57 ReviewCAD 010
Speakers:
Michael W. Elliott, CPCU, AIAF, Senior Director of Knowledge Resources, The Institutes
Ann Myhr, CPCU, ARM, AU, Senior Director of Knowledge Resources,
The Institutes
Learning Objectives
At the end of this session, you will:
• Dissect the most challenging ERM 57 course topics.
• Practice ERM 57 exam questions.
• Familiarize yourself with the ERM 57 exam format.
What to Expect on the Exam
• Educational Objectives
• Balanced Exam
• Pretest Items
Test Taking Tips
• Get the easy ones
• Don’t get bogged down early
• Use the “mark for later review” feature
• Eliminate the obviously wrong answers
• Use your scratch paper to keep track
Assignment 1
Introduction to Enterprise
Risk Management
ERM Definition
RIMS
A strategic business discipline that supports the achievementof an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.
Traditional Risk Management Department
ERM Governance Model
Classifications ofRisk
Risk Quadrants
Risk quadrants differ from risk classifications. While risk classifications focus on specific characteristics of the risk itself, risk quadrants focus onA: pure and subjective risks.B: subjective and objective risks.C: risk diversification.D: sources of risk.
Assignment 2
Enterprise Risk Management
In an Organization
Purpose and Types of Maturity Models
The purpose of a maturity model is to evaluate or improve a business process.
Two types of particular interest are:
• Capability Maturity Model
• RIMS Risk Maturity Model
Capability Maturity Model (CMM) and Capability Maturity
Model IntegrationHas five levels:
• Ad hoc
• Initial
• Defined
• Managed
• Optimizing
Based on the Capability Maturity Model (CMM) developed by Carnegie Mellon, an organization that has basic risk management processes with no attempt at enterprise-wide risk management is at which one of the maturity levels?
A: Managed
B: Initial
C: Ad hoc
D: Defined
RIMS Risk Maturity ModelUses 5 maturity levels based on CMM applied to 7 attributes:
• Adoption of ERM-based approach
• ERM process management
• Risk appetite management
• Root cause discipline
• Uncovering risks
• Performance management
• Business resiliency and sustainability
A risk maturity model that uses five maturity levels based on the Capability Maturity Model, determining the maturity level for each of seven attributes by evaluating the degree to which key drivers are present, is known as the
A: Capability Maturity Model
B: Standard and Poor’s (S&P) Risk Maturity Model
C: RIMS Risk Maturity Model
D: Aon Risk Maturity Index
Organizational Functions Related to ERM
Assignment 3
Enterprise Risk Management
Framework and Process
ERM Framework and Process
ISO 31000 Framework and Process
Source: ISO31000:2009
According to the ISO 31000 risk management standards, which one of the following is a component of risk assessment?
A: Establishing the context
B: Risk evaluation
C: Risk treatment
D: Monitoring and review
COSO ERM
Source: COSO – Enterprise Risk Management – Integrated Framework
Assignment 4
Risk Oversight
Role of Corporate Governance
• Separation of ownership and control
• Agency costs
• Aligning manager and shareholder interests
Corporate Governance Codes
• Balance of nonexecutive and executive directors
• Nonexecutive directors have access to others
• Nomination process
• Compensation committee
• Audit committee
• Evaluation of board members’ performance
• Shareholder approval of director and executive officer compensation
Board Membership and Committees
Membership
• Chair
• Inside directors
• Outside directors
Committees
• Compensation
• Audit
• Nominations/corporate governance
Risk Governance
• Architecture within which risk management operates in a company.
• Clarity about which risks are managed
• Provides guidance for sound and informed decision making
Source: Risk Governance Guidance for Listed Boards, (Singapore: Corporate Governance Council, May 10, 2012)
Chief Risk Officer (CRO)
• Senior manager
• Has access to the board an top management and partners with business unit managers
• Compliance champion vs. modeling expert
• CRO as strategic controller vs. CRO as strategic adviser
Risk Committees
Board-level
• Risk oversight
• Assist board in setting risk appetite
• Advise board on risk strategy
• Oversee critical risk exposures
Executive-level
• Risk management execution
• Provide board with information on key risks and how they are managed
• Approve risk management strategy design
Which one of the following is a responsibility of an executive-level risk committee?
A: Set the organization’s risk appetite
B: Oversee risk at the board level
C: Approve the design of an organization’s risk management strategy
D: Serve as a modeling expert rather than a compliance champion
Assignment 5
Strategic Planning and EnterpriseRisk Management
SWOT Analysis Table
Strategy Implementation
Some organizations apply a balanced scorecard approach to
implement strategy and to provide a foundation for strategy
evaluation. The balanced scorecard approach translates an
organization’s strategy into specific goals and actions
assigned to each department within the organization.
Organizational Levels
Which one of the following types of strategy determines how individual departments within an organization direct their activities?
A: Functional strategy
B: Business strategy
C: Corporate strategy
D: Operational strategy
Assignment 6
Risk-Based Performance and
Process Management
Risk Based Performance
Key Performance Indicators (KPIs)
o Critical Success Factors
o Risk Tolerance
Successful organizations have goals and objectives. A financial or nonfinancial measurement that defines how successfully an organization is progressing toward its long-term goals is referred to as
A: an operating standard (OS).
B: a critical success factor (CSF).
C: a key performance indicator (KPI).
D: an objective gauge (OG).
Purpose of Key Risk Indicators (KRIs)
Effective KRIs provide objective, quantifiable information about emerging risks and trends in existing risks that can affect an organization’s success.
Which one of the following is an example of an external key risk indicator (KRI) that a manufacturer might monitor?
A: Number of employee injuries
B: Age of accounts payable
C: Amount of budget variances
D: Cost of raw materials
Assignment 7
Internal Audit and Control
Internal Control and Risk Management
Internal control – a system or process that an organization
uses to achieve its operational goals, internal and external
financial reporting goals, or legal and regulatory compliance
goals.
Three Lines of Defense Model
Source: FERMA/ECIIA
According to the Three Lines of Defense Model, internal audit’s role in risk assessment techniques is to A: design them. B: implement them. C: provide assurance on their effectiveness. D: perform a control risk self-assessment (CRSA).
Risk-Based Auditing
Aligns audit resources with the areas that pose the greatest
organizational risk.
Evolution of Internal Audit
Transaction Approvals
Assurance of Internal Controls
Risk-based Approach
The modern approach to internal auditing differs from the traditional approach by focusing onA: the effectiveness of internal controls.B: the relative riskiness of various activities.C: transaction approvals.D: systems-based compliance.
Assignment 8
Regulation and Compliance
Roles of Compliance and Internal Audit
Compliance
• Determines compliance issues
• Develops work plans to meet compliance requirements
• Conducts compliance risk assessments
Internal Audit
• Audits internal controls that test for compliance
• Identifies gaps in internal control systems and processes
• Serves as internal consultant on compliance threats and opportunities
Regulation
Rules-Based
• More certainty and predictability
• Less responsive to change
• Inflexible
• Often circumvented
Principles-Based
• More flexible and focuses on outcomes
• Responds more quickly in a changing environment
• Requires more communication between the regulator and the regulated
NAIC ORSA
Risk Management Framework
Assessment of Risk Exposure
Prospective Solvency
Assessment
• Principles-based (guidelines)
• Applies ERM to insurance companies
The NAIC Own Risk and Solvency Assessment (ORSA) model law represents a change from past NAIC directives because it isA: specific in terms of reporting.B: retrospective.C: voluntary.D: principles-based.
Assignment 10
Risk Modeling
Influence Diagrams and Probabilities
• GEV Industries hires inexperienced and experienced workers
to operate simple and complex machines. Accident rates vary
by worker experience and complexity of machine.
• GEV would like to estimate accident rates if it (a) assigns
workers randomly to machines or (b) assigns workers to
machines based on experience.
Influence Diagram
Worker Experience
AccidentRate
? Machine Complexity
Cost ofRisk
Worker assignment to machines
Machine and Worker Data
Simplemachines
Complexmachines
Inexperiencedworkers
Experienced workers
40 160 60 140
Inexp. worker (30%) Exp. Worker (70%)
Simple machine (20%) 6% 14%
Complex machine (80%) 24% 56%
Random Worker Assignments Probabilities
Accident Conditional Probability
Inexperienced Experienced
Simple Machine 5% 0%
Complex Machine 40% 10%
Random Worker Assignments Probabilities
Inexp. worker Exp. worker
Simple machine .3% 0.0%
Complex machine 9.6% 5.6%
Accident Conditional Probability
Accident Probability
Inexperienced Experienced
Simple Machine 5% 0%
Complex Machine 40% 10%
Inexp. worker (30%) Exp. Worker (70%)
Simple machine (20%) 6% 14%
Complex machine (80%) 24% 56%
Total accident probability = 15.5%
Worker Assignments by Experience
Inexp. worker Exp. worker
Simple machine 1% 0%
Complex machine 4% 7%
Accident Conditional Probability
Accident Probability
Inexperienced Experienced
Simple Machine 5% 0%
Complex Machine 40% 10%
Inexp. worker (30%) Exp. Worker (70%)
Simple machine (20%) 20% 0%
Complex machine (80%) 10% 70%
Total accident probability = 12%
Twenty percent of PDQ Transport’s trucks have advanced safety equipment and 80% do not. Thirty of PDQ’s drivers are inexperienced and 90 are experienced. Assuming drivers are assigned randomly to trucks, what is the probability that an inexperienced driver is assigned to a truck without advanced safety equipment?A: 18%B: 20%C: 24%D: 60%
Correlation
• Relationship between two variables
• Number between +1 and -1
• 0 means no correlation
Two variables are perfectly positively correlated. If one of the variables increases, the other willA: increase in direct proportion.B: decrease in direct proportion.C: increase at half the rate.D: decrease at half the rate.
Value at Risk (VaR)
A $500,000, 2 percent VaR means losses from an investment are expected to be A: $10,000. B: less than $500,000 2 percent of the time. C: $490,000. D: greater than $500,000 2 percent of the time.
Assignment 11
Risk-Based Capital Allocation
Cost of Equity
KE = rf + ß (rm – rf )
Where:ß = Beta of securityrm = Expected return on the marketrf = Risk-free rate
Cost of Debt Equation
Cost of debt KD = (risk free rate of return rf +
risk premium) × (1 – tax rate)
Polytech Company
Tax rate 40%
Risk-free rate 4%
Current Debt $10 million
Polytech credit spread 2.10%
Current Equity $100 million
Expected market return 10%
Market risk premium 6%
Polytech Beta 1.20
Polytech Company
• Estimate the cost of debt
• Estimate the cost of equity
• Optimal capital structure = weighted average of the cost of debt and the cost of equity
Polytech Company – Cost of Debt
(Risk-free rate of return + credit spread) X (1 – tax rate)
(4% + 2.10%) X (1-.40)
3.66%
Polytech Company – Cost of Equity
Risk-free rate of return + Beta X (Market rate of return – risk-free rate of return)
4% + 1.20 (10% - 4%)
11.20%
Polytech Company – Weighted Average Cost of Capital
$10 mil. debt divided by $110 mil. (debt + equity) = .091
.091 weight of debt; .909 weight of equity
(3.66% X .091) + (11.20% X .909)
.333% + 10.181%
10.514%
Market Value Surplus (MVS)
Economic Capital
Market Value Surplus Example
Autumn Assurance Group has assets at fair value of $100 million. The present value of Autumn’s liabilities is $85 million. The market value margin is $5 million. Using probability models, Autumn determines that its VaR is $8 million because it expects to incur an $8 million or greater loss of capital at a .5 percent probability over a one-year period.
1. What is Autumn’s MVS?
2. What is Autumn’s economic capital?
3. Does Autumn have excess capital or a deficiency in capital?
Questions?
Assignment 9
Risk Assessment and Treatment
Risk Identification Tools
• Facilitated workshops
• Delphi technique
• Scenario analysis
• HAZOP
• SWOT
Which one of the following team approaches to risk identification involves a select group of experts in question-and-response cycles until a consensus is achieved?A: HAZOPB: Scenario analysisC: Delphi techniqueD: SWOT
Risk Treatment Techniques
Assignment 12
Risk Management Environment and Culture
Risk Centers and Owners
• Risk center – unit within an organization at which level a risk (or
risks) is most effectively managed
• Risk owner – individual accountable for identification, assessment,
treatment, and monitoring of risks in a specific environment
Advantages of Risk Centers
• Reduces the scope of risk analysis
• Allows for the involvement of operational managers
• Helps focus on the organization’s strategic goals and operational objectives
• Ensures that risks are managed at the most appropriate level in the organization
Risk Attitude
Risk Avoiding Risk SeekingRisk Optimizing
Additional Slides
Evolution of Risk Management
Insurance Management
RiskManagement
Enterprise Risk Management
ERM Value Proposition
• Identify key risks
• Employ risk-based decision making
• Improve internal control
• Improve risk governance
• Comply with legal and regulatory requirements
Solvency I and II (Insurance Cos)
• Solvency I
• Early 1970s
• Focused on capital adequacy
• Solvency II
• 3 pillars
• 1 – Risk-based capital
• 2 – Risk management and governance
• 3 – Transparent reporting
• Includes an own risk and solvency assessment (ORSA)
Basel II and III (Banks)
• Basel II
• Issued in 2004
• Minimum capital requirements using weights for different types of credit risk
• Basel III
• Response to the Great Recession
• Operational risk added
• Risk management framework
• Board of directors role (approve framework, risk appetite, governance)
ERM Process Model
Risk Identification Tools – Risk Register
EventID
Risk Scenario Likelihood Impact Risk Level Risk Treatment(present)
Proposed improvement action
Next Review Date
Loss of personal computer
3 1 None None Remove from list
Damage to reputation
2 4 Review policy Implement … 2 months
Loss of statefunding
3 5 None •Increase lobbying•Step up givingcampaign
1 month
….
1
2
3
Public University
Risk Identification Tools - Risk Map
3
2
1
1
2
3
Loss of a personal
computer
Damage to reputation
Loss of state funding
Inherent and Residual Risk
Inherent
Treat
Residual
Treat
Optimum
A risk map showing a large difference between inherent and residual risk indicates that the A: current risk treatment is ineffective. B: risk does not need to be treated. C: current risk treatment is effective. D: risk exceeds the organization’s risk tolerance.
Decision Tree
ERM Tools - Modern Portfolio TheoryEx
pec
ted
Val
ue
of
the
Ret
urn
Risk – standard deviation (variability)
X
Ris
k A
pp
etit
e
X
X
X
The efficient frontier consists of portfolios that A: are riskless. B: provide the average market return. C: provide the highest return at different risk levels. D: return the risk-free rate of return.
Earnings at Risk
Earnings at risk of $200,000 with 90 percent confidence are projected to be
A: $180,000.
B: less than $200,000 10 percent of the time.
C: $200,000 90 percent of the time.
D: greater than $200,000 10 percent of the time.