eBook - ePub

Corporate Value of Enterprise Risk Management

Name: Corporate Value of Enterprise Risk Management
Author: Sim Segal

The Next Step in Business Management

Sim Segal

Share book

English
ePUB (mobile friendly)
Available on iOS & Android

eBook - ePub

Corporate Value of Enterprise Risk Management

The Next Step in Business Management

Sim Segal

Book details

Book preview

Table of contents

Citations

About This Book

The ultimate guide to maximizing shareholder value through ERM

The first book to introduce an emerging approach synthesizing ERM and value-based management, Corporate Value of Enterprise Risk Management clarifies ERM as a strategic business management approach that enhances strategic planning and other decision-making processes.

A hot topic in the wake of a series of corporate scandals as well as the financial crisis
Looks at ERM as a way to deliver on the promise of balancing risk and return
A practical guide for corporate Chief Risk Officers (CROs) and other business professionals seeking to successfully implement ERM

ERM is here to stay. Sharing his unique insights and experiences as a recognized global thought leader in this field, author Sim Segal offers world-class guidance on how your business can successfully implement ERM to protect and increase shareholder value.

Frequently asked questions

How do I cancel my subscription?

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.

Can/how do I download books?

At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.

What is the difference between the pricing plans?

Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.

What is Perlego?

We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.

Do you support text-to-speech?

Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.

Is Corporate Value of Enterprise Risk Management an online PDF/ePUB?

Yes, you can access Corporate Value of Enterprise Risk Management by Sim Segal in PDF and/or ePUB format, as well as other popular books in Business & Managerial Accounting. We have over one million books available in our catalogue for you to explore.

Information

Publisher

Wiley

Year

2011

ISBN

9781118023303

Edition

Topic

Business

Subtopic

Managerial Accounting

Index

Business

Part I

Basic ERM Infrastructure

Chapter 1

Introduction

History is the sum total of the things that could have been avoided.

Konrad Adenauer

Enterprise risk management, or ERM, is generally defined as follows:

The process by which companies identify, measure, manage, and disclose all key risks to increase value to stakeholders.

One of the challenges with ERM lies in understanding what this definition means. There are many interpretations, and some would say misinterpretations, of this short definition. In the next chapter, we will fully and properly define ERM. For now, consider ERM simply as an approach to treat risk holistically in an organization.

Evolution of ERM

ERM has been gaining significant momentum in recent years. We will discuss the following eight most important factors driving this trend, which are as follows:

1. Basel Accords

2. September 11th

3. Corporate accounting fraud

4. Hurricane Katrina

5. Rating agency scrutiny

6. Financial crisis

7. Rare events

8. Long-term trends

The first seven factors involve significant discrete events and are listed in chronological order, while the remaining factor includes trends that have developed gradually over time. Some of the discrete events originate from, or relate primarily to, the financial services sector. However, it is helpful for those in all sectors to understand these events because they are commonly known in ERM circles and their impacts on ERM are felt in all industry sectors. In addition, it is helpful to understand the chronology because the order of events has played a role in ERM development. The cumulative impact of events, and the regulatory and corporate responses to them, has led to the current environment for ERM.

Basel Accords

Basel II,¹ an international guideline for risk management, influenced the advancement of ERM practices in the financial services sector. The Basel Accords are guidelines developed by a group of global banking regulators in an attempt to improve risk management practices. Basel II, the second of two accords developed by the Basel Committee on Banking Supervision, was published in 2001.

There are three pillars in Basel II:

Pillar 1: Minimum capital requirements
Pillar 2: Supervisory review
Pillar 3: Market discipline

Pillar 1 specifies methods to calculate capital requirements, offering standardized options based on industry averages and advanced options for more sophisticated banks based on their own internal models, customized to account for the specifics of the company, its businesses, and its risks, and largely using management's own estimates for most parameters.

Pillar 2 allows for supervisors to review the bank's risk management practices and risk exposures and, if necessary, apply a multiplier to increase the amount of minimum required capital calculated in Pillar 1.

Pillar 3 addresses appropriate risk disclosures.

The most important advancement since Basel I was the expansion of scope to include operational risks, moving banks in the direction of a holistic treatment of risk (although many other risks, including all strategic risks, are still excluded).

In retrospect, it is easy to criticize and say that the Basel Committee failed in their goal, as evidenced by the global financial crisis that began in the United States in 2007. However, these accords were widely adopted and did represent an improvement from prior practices. Even if the Basel Accords fell short of their goal to develop a standard benchmark for stellar risk management practices, they did however result in an enhanced focus on risk in the banking sector and beyond, as others held up the banking sector as a model for managing risk. Solvency II, a set of risk management standards for European Union (EU) insurance companies scheduled to take effect in November 2012, is clearly influenced by Basel II, and is largely analogous to it.

September 11th

The terrorist attacks on the United States on September 11, 2001, advanced our thinking in the area of ERM by raising awareness of four major aspects of risk:

1. Terrorism risk

2. Concentration risk

3. Risk complexity

4. Need for an integrated approach

Terrorism Risk

Virtually all organizations are more aware of the possibility of a terrorist attack as a result of September 11th. Many of these organizations, particularly those operating in or near major cities or potential terrorist targets, have also thought through various terrorism scenarios. They have examined the potential impacts of an attack impacting their physical assets, employees, customers, stakeholders, suppliers, and/or the economies in which they operate. These exercises have led to some preventive mitigation (such as decentralizing offices) as well as enhanced business continuity plans. An additional benefit is the general raising of awareness of the possibility of the previously unthinkable. This is helpful, since ERM requires management to keep an open mind to a more complete range of future scenarios.

Concentration Risk

Even before September 11th, companies were aware of the danger of concentrations of risk. For example, companies try to avoid depending too much on a single large customer or supplier; investing too much of their assets in any one sector; or having too much knowledge, power, or access concentrated with one employee. However, September 11th dramatically changed the way companies, and governments, thought about concentration risk.

The result was a complete rethinking of where and how resources are, or might become, exposed in a concentrated way to terrorism or other types of risk. Where are our most critical employees located? Where do we gather our most critical employees together? Where are the bulk of our invested assets geographically? Are any of our key customers or suppliers or other credit counterparties exposed to significant concentration risk? One manifestation of this was many employers decentralizing their locations out of major landmark buildings and also out of major cities.

Risk Complexity

September 11th raised awareness of the complexity of risk. A complex set of interdependencies, which remains beneath the surface until a significant disruption reveals it, became apparent in the aftermath of the attacks. There were numerous secondary impacts that were unexpected, or at least had not been examined until then.

Though it may appear obvious now, few would have predicted how severely the airline business would be impacted. After all, statistically, even with a moderate increase in terrorism, flying is still far safer than other modes of travel. According to a study by Sivak and Flannigan published in the January–February issue of American Scientist, even if a terrorist event equivalent to September 11th occurred every month, flying would still be safer than driving.² However, the human factor is a significant component of risk complexity. It is more difficult to account for fear and other irrational human tendencies, which often direct actions that are counter to our collective best interests. A Cornell University study found that an additional 725 people lost their lives in just the three months following September 11th as a result of a shift from flying to driving.³

Another type of risk complexity that was highlighted as a result of September 11th was that while there are mostly downside impacts from a horrible event, there are often upside impacts as well. For example, anyone in the security business can tell you how much opportunities increased after the attacks. In addition, companies providing teleconferencing benefited as well, as business travel decreased dramatically. While this is not a new concept, again, the sheer scale of September 11th increased awareness that in considering a risk scenario, it is important to factor in the potentially offsetting upside impacts as well.

Need for an Integrated Approach

September 11th highlighted the need for an integrated approach to risk management. It moved the U.S. government closer to managing risks on a basis more consistent with ERM principles. The government reorganization in response to September 11th is analogous to the beginnings of an ERM program. They established the Department of Homeland Security, later organized under the ODNI (Office of the Department of National Intelligence), which centralizes efforts regarding most risks facing the country. One of the key recognitions was that the government was in possession of intelligence which should have, or could have, prevented the attacks, but due to a lack of coordination, sharing, and prioritization of information, a disaster occurred. It is the same within companies. Many companies possess excellent information, but fail to realize their potential—both in terms of averting disasters as well as capitalizing on opportunities—due to a lack of integration between separate business segments.

Corporate Accounting Fraud

In 2001 and 2002, a wave of accounting scandals rocked the business world. Enron, Tyco, and WorldCom were just three of the most prominent examples. These firms suffered dramatic financial collapses and had executives convicted and sentenced to prison. The names of these executives—Jeff Skilling, Ken Lay, Andrew Fastow, Dennis Kozlowski, and Bernie Ebbers—still send shudders down the spines of executives everywhere, nearly a decade later. In addition, Arthur Andersen, the audit firm for both Enron and WorldCom, went out of business as a result of the scandals. The fallout from all the accounting scandals included two significant events that led many companies to improve their risk management processes.

The first event involved litigation, and increased the accountability of members of the board of directors and, more important, their personal financial liability, in the event of undetected corporate accounting fraud. In a WorldCom lawsuit, a settlement was reported that involved 10 outside directors paying damages out of their personal assets amounting to approximately 20 percent of their net worth, and which were not allowed to be reimbursed by their directors and officers (D&O) liability insurance coverage. An Enron lawsuit settlement involved similar personal payments from directors.

These settlements were significant in that they led to two major trends. First, serving on a board of directors became less attractive due to the increased liability. Many companies saw directors retiring from the board, and found it more difficult to recruit directors. The second, and more important trend for ERM, is that the remaining directors became more diligent about risk, and began asking management what was being done to protect the company against key risks. In many instances where companies have adopted ERM, it was precipitated by pressure on management from a member of the board of directors.

The second event involved legislation and enhanced the risk management practices of companies and their auditors in relation to ensuring the accuracy of external financial reports. In 2002, the U.S. Congress passed the Sarbanes-Oxley Act, also commonly referred to as SOX. Similar legislation was later adopted elsewhere, including Japan (J-SOX), France, Italy, and some other countries. This legislation required companies to establish a highly detailed and expensive process for identifying risks to, and establishing, documenting, and testing the effectiveness of risk controls for, the financial reporting process, and to have company executives formally attest to the accuracy of the financial reports. In an effort to comply with SOX, many companies adopted a modified version of the COSO Internal Control framework developed in the early 1990s.⁴

Though SOX has been widely criticized as onerous and ineffective, it did raise corporate awareness of risk regarding financial reporting accuracy as well as more generally. Many companies used process maps to help identify vulnerable areas (e.g., regarding the handoffs and access to data) in the reporting process, and some began to expand the use of p...