ERM 57 Review
-
Upload
miriam-nolan -
Category
Documents
-
view
82 -
download
0
description
Transcript of ERM 57 Review
Page 1
Recording of this session via any media type is strictly prohibited.
ERM 57 Review
Mike Elliott, CPCU, AIAF, MBARich Berthelsen, JD, CPCU, AIC, ARM, AU, ARe,
MBARIMS – April 2014
Page 2
Recording of this session via any media type is strictly prohibited.
Overview
• Exam Basics – What to Expect• Test-Taking Tips• Review of Sections Students Find the
Most Challenging
Page 3
Recording of this session via any media type is strictly prohibited.
What to Expect on the Exam
• Educational Objectives• Balanced Exam• Pretest Items
Page 4
Recording of this session via any media type is strictly prohibited.
Test-Taking Tips
• Get the easy ones• Don’t get bogged down early• Use the “mark for later review” feature• Eliminate the obviously wrong answers• Use your scratch paper to keep track
Page 5
Recording of this session via any media type is strictly prohibited.
Assignment 1
Introduction to Enterprise Risk Management
Page 6
Recording of this session via any media type is strictly prohibited.
ERM Definition
RIMSA strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.
Page 7
Recording of this session via any media type is strictly prohibited.
Traditional Risk Management Department
Page 8
Recording of this session via any media type is strictly prohibited.
ERM Governance Model
Page 9
Recording of this session via any media type is strictly prohibited.
Classifications of Risk
Page 10
Recording of this session via any media type is strictly prohibited.
Risk Quadrants
Page 11
Recording of this session via any media type is strictly prohibited.
Risk quadrants differ from risk classifications. While risk classifications focus on specific characteristics of the risk itself, risk quadrants focus onA: pure and subjective risks.B: subjective and objective risks.C: risk diversification.D: sources of risk.
Page 12
Recording of this session via any media type is strictly prohibited.
Assignment 2
Enterprise Risk Managementin an Organization
Page 13
Recording of this session via any media type is strictly prohibited.
Purpose and Types of Maturity Models
The purpose of a maturity model is to evaluate or improve a business process.Two types of particular interest are:• Capability Maturity Model• RIMS Risk Maturity Model
Page 14
Recording of this session via any media type is strictly prohibited.
Capability Maturity Model (CMM) and Capability Maturity Model Integration
Has five levels:• Ad hoc• Initial• Defined• Managed• Optimizing
Page 15
Recording of this session via any media type is strictly prohibited.
Based on the Capability Maturity Model (CMM) developed by Carnegie Mellon, an organization that has basic risk management processes with no attempt at enterprise-wide risk management is at which one of the maturity levels? A: ManagedB: InitialC: Ad hoc D: Defined
Page 16
Recording of this session via any media type is strictly prohibited.
RIMS Risk Maturity Model
Uses 5 maturity levels based on CMM applied to 7 attributes:• Adoption of ERM-based approach• ERM process management• Risk appetite management • Root cause discipline• Uncovering risks• Performance management• Business resiliency and sustainability
Page 17
Recording of this session via any media type is strictly prohibited.
A risk maturity model that uses five maturity levels based on the Capability Maturity Model, determining the maturity level for each of seven attributes by evaluating the degree to which key drivers are present, is known as the A: Capability Maturity ModelB: Standard and Poor’s (S&P) Risk Maturity ModelC: RIMS Risk Maturity ModelD: Aon Risk Maturity Index
Page 18
Recording of this session via any media type is strictly prohibited.
Organizational Functions Related to ERM
Page 19
Recording of this session via any media type is strictly prohibited.
Assignment 3
Enterprise Risk Management Framework and Process
Page 20
Recording of this session via any media type is strictly prohibited.
Framework and Process
Page 21
Recording of this session via any media type is strictly prohibited.
ISO 31000 Framework and Process
Source: ISO 31000:2009
Page 22
Recording of this session via any media type is strictly prohibited.
COSO ERM
Source: COSO – Enterprise Risk Management – Integrated Framework
Page 23
Recording of this session via any media type is strictly prohibited.
Applying Risk Management Framework
The main purpose of the framework is to integrate risk management throughout the organization. The framework has 4 components1. Lead and establish creditability2. Align and integrate3. Allocate resources4. Communicate and report
Page 24
Recording of this session via any media type is strictly prohibited.
Assignment 4
Risk Oversight
Page 25
Recording of this session via any media type is strictly prohibited.
Page 26
Recording of this session via any media type is strictly prohibited.
The European Corporate Law Directive on Auditing has produced a recommended framework that defines the corporate governance roles. Under this framework, which one of the following is responsible for converting strategy into operational objectives?A: Board of directorsB: Chief executive officerC: Operational managementD: Senior management
Page 27
Recording of this session via any media type is strictly prohibited.
Page 28
Recording of this session via any media type is strictly prohibited.
Which statement describes one of the responsibilities of an executive-level risk committee? A: Assist the board in establishing risk appetite and
risk tolerance levelsB: Monitor the organization’s compliance with
established risk limitsC: Approve the organization’s risk management
strategies, including their design and implementationD: Oversee exposures of the organization’s critical
risks and advise the board on risk strategy
Page 29
Recording of this session via any media type is strictly prohibited.
Assignment 5
Strategic Planning and EnterpriseRisk Management
Page 30
Recording of this session via any media type is strictly prohibited.
Strategy Implementation
Some organizations apply a balanced scorecard approach to implement strategy and to provide a foundation for strategy evaluation. The balanced scorecard approach translates an organization’s strategy into specific goals and actions assigned to each department within the organization.
Page 31
Recording of this session via any media type is strictly prohibited.
SWOT Analysis Table
Page 32
Recording of this session via any media type is strictly prohibited.
Organizational Levels
Page 33
Recording of this session via any media type is strictly prohibited.
Which one of the following types of strategy determines how individual departments within an organization direct their activities? A: Functional strategyB: Business strategyC: Corporate strategyD: Operational strategy
Page 34
Recording of this session via any media type is strictly prohibited.
Assignment 6
Risk-Based Performance and Process Management
Page 35
Recording of this session via any media type is strictly prohibited.
Key Performance Indicators
A key performance indicator (KPI) measures progress toward an organization’s goals, provides an attainable standard for a specific activity, and gives the focus or direction the activity is to take.
Page 36
Recording of this session via any media type is strictly prohibited.
Successful organizations have goals and objectives. A financial or nonfinancial measurement that defines how successfully an organization is progressing toward its long-term goals is referred to asA: an operating standard (OS).B: a critical success factor (CSF).C: a key performance indicator (KPI).D: an objective gauge (OG).
Page 37
Recording of this session via any media type is strictly prohibited.
Purpose of Key Risk Indicators (KRIs)
Effective KRIs provide objective, quantifiable information about emerging risks and trends in existing risks that can affect an organization’s success. A KRI can reveal an upward trend in the level of a risk that, if it continues, will exceed the designated risk threshold for that risk.
Page 38
Recording of this session via any media type is strictly prohibited.
Which one of the following is an example of an external key risk indicator (KRI) that a manufacturer might monitor?A: Number of employee injuriesB: Age of accounts payableC: Amount of budget variancesD: Cost of raw materials
Page 39
Recording of this session via any media type is strictly prohibited.
Assignment 7
Internal Audit and Control
Page 40
Recording of this session via any media type is strictly prohibited.
Internal Control and Risk Management
Internal control – a system or process that an organization uses to achieve its operational goals, internal and external financial reporting goals, or legal and regulatory compliance goals.
Page 41
Recording of this session via any media type is strictly prohibited.
COSO Internal Control Framework
Source: COSO Internal Control – Integrated Framework
Page 42
Recording of this session via any media type is strictly prohibited.
Three Lines of Defense Model
Source: FERMA/ECIIA
Page 43
Recording of this session via any media type is strictly prohibited.
According to the Three Lines of Defense Model, internal audit’s role in risk assessment techniques is toA: design them.B: implement them.C: provide assurance on their effectiveness.D: perform a control risk self-assessment (CRSA).
Page 44
Recording of this session via any media type is strictly prohibited.
Evolution of Internal Audit
Transaction Approvals
Assurance of Internal Controls
Risk-based Approach
Page 45
Recording of this session via any media type is strictly prohibited.
Risk-Based Auditing
Aligns audit resources with the areas that pose the greatest organizational risk.
Page 46
Recording of this session via any media type is strictly prohibited.
The modern approach to internal auditing differs from the traditional approach by focusing onA: the effectiveness of internal controls.B: the relative riskiness of various activities.C: transaction approvals.D: systems-based compliance.
Page 47
Recording of this session via any media type is strictly prohibited.
Assignment 8
Regulation and Compliance
Page 48
Recording of this session via any media type is strictly prohibited.
RegulationRules-Based
• More certainty and predictability
• Less responsive to change• Inflexible• Often circumvented
Principles-Based
• More flexible and focuses on outcomes
• Responds more quickly in a changing environment
• Requires more communication between the regulator and the regulated
Page 49
Recording of this session via any media type is strictly prohibited.
NAIC ORSA
Risk Management Framework
Assessment of Risk Exposure
Prospective Solvency
Assessment
• Principles-based (guidelines)• Applies ERM to insurance companies
Page 50
Recording of this session via any media type is strictly prohibited.
The NAIC Own Risk and Solvency Assessment (ORSA) model law represents a change from past NAIC directives because it isA: specific in terms of reporting.B: retrospective.C: voluntary.D: principles-based.
Page 51
Recording of this session via any media type is strictly prohibited.
Assignment 9
Risk Assessment and Treatment
Page 52
Recording of this session via any media type is strictly prohibited.
Risk Identification Tools
• Facilitated workshops• Delphi technique• Scenario analysis• HAZOP• SWOT
Page 53
Recording of this session via any media type is strictly prohibited.
Which one of the following team approaches to risk identification involves a select group of experts in question-and-response cycles until a consensus is achieved?A: HAZOPB: Scenario analysisC: Delphi techniqueD: SWOT
Page 54
Recording of this session via any media type is strictly prohibited.
Risk Treatment Techniques
Page 55
Recording of this session via any media type is strictly prohibited.
Assignment 10
Risk Modeling
Page 56
Recording of this session via any media type is strictly prohibited.
Influence Diagrams and Probabilities
GEV Industries hires inexperienced and experienced workers to operate simple and complex machines. Accident rates vary by worker experience and complexity of machine.
GEV would like to estimate accident rates if it (a) assigns workers randomly to machines or (b) assigns workers to machines based on experience.
Page 57
Recording of this session via any media type is strictly prohibited.
Influence Diagram
Worker Experience
AccidentRate
? Machine Complexity
Cost ofRisk
Worker assignment to machines
Page 58
Recording of this session via any media type is strictly prohibited.
Simple machines
Complexmachines
Inexperienced workers
Experienced workers
40 160 60 140
Machine and Worker Data
Inexp. worker (30%) Exp. Worker (70%)
Simple machine (20%) 6% 14%
Complex machine (80%) 24% 56%
Random Worker Assignments Probabilities
Accident Conditional ProbabilityInexperienced Experienced
Simple Machine 5% 0%
Complex Machine 40% 10%
Page 59
Recording of this session via any media type is strictly prohibited.
Inexp. worker Exp. worker
Simple machine .3% 0.0%
Complex machine 9.6% 5.6%
Accident Conditional Probability
Accident Probability
Inexperienced Experienced
Simple Machine 5% 0%
Complex Machine 40% 10%
Inexp. worker (30%) Exp. Worker (70%)
Simple machine (20%) 6% 14%
Complex machine (80%) 24% 56%
Random Worker Assignments Probabilities
Total accident probability = 15.5%
Page 60
Recording of this session via any media type is strictly prohibited.
Inexp. worker Exp. worker
Simple machine 1% 0%
Complex machine 4% 7%
Accident Conditional Probability
Accident Probability
Inexperienced Experienced
Simple Machine 5% 0%
Complex Machine 40% 10%
Inexp. worker (30%) Exp. Worker (70%)
Simple machine (20%) 20% 0%
Complex machine (80%) 10% 70%
Worker Assignments by Experience
Total accident probability = 12%
Page 61
Recording of this session via any media type is strictly prohibited.
Twenty percent of PDQ Transport’s trucks have advanced safety equipment and 80% do not. Thirty of PDQ’s drivers are inexperienced and 90 are experienced. Assuming drivers are assigned randomly to trucks, what is the probability that an inexperienced driver is assigned to a truck without advanced safety equipment?A: 18%B: 20%C: 24%D: 60%
Page 62
Recording of this session via any media type is strictly prohibited.
Correlation
• Relationship between two variables• Number between +1 and -1• 0 means no correlation
Page 63
Recording of this session via any media type is strictly prohibited.
Two variables are perfectly positively correlated. If one of the variables increases, the other willA: increase in direct proportion.B: decrease in direct proportion.C: increase at half the rate.D: decrease at half the rate.
Page 64
Recording of this session via any media type is strictly prohibited.
Value at Risk (VaR)
Page 65
Recording of this session via any media type is strictly prohibited.
A $500,000, 2 percent VaR means losses are expected to beA: $10,000.B: less than $500,000 2 percent of the time.C: $490,000.D: greater than $500,000 2 percent of the time.
Page 66
Recording of this session via any media type is strictly prohibited.
Assignment 11
Risk-Based Capital Allocation
Page 67
Recording of this session via any media type is strictly prohibited.
Cost of Equity
KE = rf + ß (rm – rf )
Where:ß = Beta of securityrm = Expected return on the marketrf = Risk-free rate
Page 68
Recording of this session via any media type is strictly prohibited.
Cost of Debt Equation
Cost of debt KD = (risk free rate of return rf + risk premium) × (1 – tax rate)
Page 69
Recording of this session via any media type is strictly prohibited.
Polytech Company
69
Tax rate 40%
Risk-free rate 4%
Current Debt $10 million
Polytech credit spread 2.10%
Curent Equity $100 million
Expected market return 10%
Market risk premium 6%
Polytech Beta 1.20
Page 70
Recording of this session via any media type is strictly prohibited.
Polytech Company
• Estimate the cost of debt• Estimate the cost of equity• Optimal capital structure = weighted average of the
cost of debt and the cost of equity
70
Page 71
Recording of this session via any media type is strictly prohibited.
Polytech Company – Cost of Debt
71
(Risk-free rate of return + credit spread) X (1 – tax rate)
(4% + 2.10%) X (1-.40)
3.66%
Page 72
Recording of this session via any media type is strictly prohibited.
Polytech Company – Cost of Equity
72
Risk-free rate of return + Beta X (Market rate of return – risk-free rate of return)
4% + 1.20 (10% - 4%)
11.20%
Page 73
Recording of this session via any media type is strictly prohibited.
Polytech Company – Weighted Average Cost of Capital
$10 mil. debt divided by $110 mil. (debt + equity) = .091.091 weight of debt; .909 weight of equity
(3.66% X .091) + (11.20% X .909).333% + 10.181%
10.514%
73
Page 74
Recording of this session via any media type is strictly prohibited.
Market Value Surplus (MVS)
Page 75
Recording of this session via any media type is strictly prohibited.
Economic Capital
Page 76
Recording of this session via any media type is strictly prohibited.
Market Value Surplus ExampleAutumn Assurance Group has assets at fair value of $100 million. The present value of Autumn’s liabilities is $85 million. The market value margin is $5 million. Using probability models, Autumn determines that its VaR is $8 million because it expects to incur an $8 million or greater loss of capital at a .5 percent probability over a one-year period.1. What is Autumn’s MVS?2. What is Autumn’s economic capital?3. Does Autumn have excess capital or a deficiency in
capital?
Page 77
Recording of this session via any media type is strictly prohibited.
Questions?
Page 78
Recording of this session via any media type is strictly prohibited.
Evolution of Risk Management
Insurance Management
Risk Management
Enterprise Risk Management
Page 79
Recording of this session via any media type is strictly prohibited.
ERM Value Proposition
• Identify key risks• Employ risk-based decision making• Improve internal control• Improve risk governance• Comply with legal and regulatory
requirements
Page 80
Recording of this session via any media type is strictly prohibited.
Solvency I and II (Insurance Cos)
Solvency I
• Early 1970s• Focused on capital
adequacy
Solvency II
• 3 pillars• 1 – Risk-based capital• 2 – Risk management and
governance• 3 – Transparent reporting• Includes an own risk and
solvency assessment (ORSA)
Page 81
Recording of this session via any media type is strictly prohibited.
Basel II and III (Banks)
Basel II
• Issued in 2004• Minimum capital
requirements using weights for different types of credit risk
Basel III
• Response to the Great Recession
• Operational risk added• Risk management
framework• Board of directors role
(approve framework, risk appetite, governance)
Page 82
Recording of this session via any media type is strictly prohibited.
ERM Process Model
Page 83
Recording of this session via any media type is strictly prohibited.
Risk Identification Tools – Risk Register
Event ID
Risk Scenario Likelihood Impact Risk Level Risk Treatment (present)
Proposed improvement action
Next Review Date
Loss of personal computer
3 1 None None Remove from list
Damage to reputation
2 4 Review policy Implement … 2 months
Loss of state funding
3 5 None •Increase lobbying•Step up giving campaign
1 month
….
1
2
3
Public University
Page 84
Recording of this session via any media type is strictly prohibited.
Risk IdenficationTools - Risk Map
2
1
3 1
2
3
Loss of a personal computer
Damage to reputation
Loss of state funding
Public University
Page 85
Recording of this session via any media type is strictly prohibited.
Inherent and Residual Risk
Inherent
Treat
ResidualTreat
Optimum
Page 86
Recording of this session via any media type is strictly prohibited.
A risk map showing a large difference between inherent and residual risk indicates that theA: current risk treatment is ineffective.B: risk does not need to be treated.C: current risk treatment is effective.D: risk exceeds the organization’s risk tolerance.
Page 87
Recording of this session via any media type is strictly prohibited.
Decision Tree
Page 88
Recording of this session via any media type is strictly prohibited.
ERM Tools - Modern Portfolio Theory
Expe
cted
Val
ue o
f the
Ret
urn
Risk – standard deviation (variability)
X
Risk
App
etite
X
X
X
Page 89
Recording of this session via any media type is strictly prohibited.
The efficient frontier consists of portfolios thatA: are riskless.B: provide the average market return.C: provide the highest return at different risk levels.D: return the risk-free rate of return.
Page 90
Recording of this session via any media type is strictly prohibited.
Earnings at Risk
Page 91
Recording of this session via any media type is strictly prohibited.
Earnings at risk of $200,000 with 90 percent confidence are projected to be A: $180,000.B: less than $200,000 10 percent of the time.C: $200,000 90 percent of the time.D: greater than $200,000 10 percent of the time.
Page 92
Recording of this session via any media type is strictly prohibited.
Assignment 12
Risk Management Environment and Culture
Page 93
Recording of this session via any media type is strictly prohibited.
Risk Centers and Owners
Risk center – unit within an organization at which level a risk (or risks) is most effectively managed
Risk owner – individual accountable for identification, assessment, treatment, and monitoring of risks in a specific environment
Page 94
Recording of this session via any media type is strictly prohibited.
Advantages of Risk Centers
Reduces the scope of risk analysisAllows for the involvement of operational
managersHelps focus on the organization’s strategic goals
and operational objectivesEnsures that risks are managed at the most
appropriate level in the organization
Page 95
Recording of this session via any media type is strictly prohibited.
Risk Attitude
Risk Avoiding
Risk
Seeking
Risk Optimizing