eBook - ePub
Enterprise Risk Management in Finance
David L. Olson, Kenneth A. Loparo
This is a test
Share book
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Enterprise Risk Management in Finance
David L. Olson, Kenneth A. Loparo
Book details
Book preview
Table of contents
Citations
About This Book
Enterprise Risk Management in Finance is a guide to measuring and managing Enterprise-wide risks in financial institutions. Financial institutions operate in a unique manner when compared to other businesses. They are, by the nature of their business, highly exposed to risk at every level, and indeed employ their own risk management functions to manage many of these risks. However, financial firms are also highly exposed at enterprise level. Traditional approaches and frameworks for ERM are flawed when applied to banks, asset managers or insurance houses, and a different approach is needed. This new book provides a comprehensive, technical guide to ERM for financial institutions. Split into three parts, it first sets the scene, putting ERM in the context of finance houses. It will examine the financial risks already inherent in banking, and then insurance operations, and how these need to be accounted for at a floor and enterprise level. The book then provides the necessary tools to implement ERM in these environments, including performance analysis, credit analysis and forecasting applications. Finally, the book provides real life cases of successful and not so successful ERM in financial institutions. Technical and rigorous, this book will be a welcome addition to the literature in this area, and will appeal to risk managers, actuaries, regulators and senior managers in banks and financial institutions.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoâs features. The only differences are the price and subscription period: With the annual plan youâll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Enterprise Risk Management in Finance an online PDF/ePUB?
Yes, you can access Enterprise Risk Management in Finance by David L. Olson, Kenneth A. Loparo in PDF and/or ePUB format, as well as other popular books in Commerce & Gestion des risques financiers. We have over one million books available in our catalogue for you to explore.
Information
Topic
CommerceSubtopic
Gestion des risques financiers1
Enterprise Risk Management
Introduction
Living and working in todayâs environment involves many risks. The processes used to make decisions in this environment should consider the need both to keep people gainfully employed (through increased economic activity) and to protect humanity from threats arising from human activity. Terrorism led to the gas attack on the Japanese subway system in 1995, to 9/11 in 2001, and to the bombings of the Spanish and British transportation systems in 2004 and 2005 respectively. But nature has been far more deadly, with hurricanes in Florida, tsunamis in Japan, earthquakes in China, and volcanoes in Iceland. These locations only represent recent, well-publicized events. Nature can strike at us anywhere. We need to consider the many risks that exist, and to come up with strategies, controls, and regulations that accomplish a complex combination of goals.
Risks can be viewed as threats, but business exists to cope with risks. No one should expect compensation or profit without taking on some risk. The key to successful risk management is to select those risks that one is competent to deal with, and to find some way to avoid, reduce, or insure against those risks not in this category. Consideration of risk has always been part of business, manifesting itself in the growth of coffee houses such as Lloydâs of London in the 17th century, spreading risk related to cargoes on the high seas. The field of insurance developed to cover a wide variety of risks, related to external and internal risks covering natural catastrophes, accidents, human error, and even fraud. Enterprise risk management (ERM) is a systematic, integrated approach to managing all risks facing an organization. It focuses on board supervision, aiming to identify, evaluate, and manage all major corporate risks in an integrated framework. The board is responsible for providing strategic input, identifying performance objectives, making key personnel appointments, and providing management oversight. Enterprise risks are inherently part of corporate strategy. Thus consideration of risks in strategy selection can be one way to control them. ERM can be viewed as top-down by necessity for this reason.
Definition
Risk management can be defined as the process of identification, analysis and either acceptance or mitigation of uncertainty in investment decision-making. Once risk has been processed in this manner, risk management seeks coordinated and economical application of resources to control the probability and/or impact of adverse events, and to monitor the effectiveness of actions taken.1 Risk management is about managing uncertainty related to a threat. ERM has been recognized as being one of the most important issues in business management in the last decade. There are systematic variations in ERM practices in the financial services industry. There is a need to monitor and address all risks inherent in organizational operations as necessary to avoid economic catastrophe. There is a need to consider all corporate risks within a single ERM framework in order to gain long-run competitive advantage.
In the US, recent crises include the 2007 subprime crisis of the banking industry, the Fannie Mae and Freddie Mac crisis in secondary US mortgage markets, the failure of Lehman Brothers, Merrill Lynchâs takeover by Bank of America and insurance industry giant AIG applying for emergency financial support from the Federal Reserve. More recently, the H1N1 virus has sharpened the awareness of the response system worldwide. Risks can arise in many facets of business. Global economic crisis risks are profound and widespread over the last decade. Businesses in fact exist to cope with risk in their area of specialization. But chief executive officers are responsible for dealing with any risk that fate throws at their organization.
Risk management began in the financial disciplines. Financial risk management has focused on banking, accounting, and finance. There are many good organizations that have done excellent work to aid organizations dealing with those specific forms of risk, applying many types of models. Risk management can also be applied in other areas, to include accounting. Risk management can be defined as the process of identification, analysis and either acceptance or mitigation of uncertainty in investment decision-making. Risk management is about managing uncertainty related to a threat. Traditional risk management focuses on risks stemming from physical or legal causes such as natural disasters or fires, accidents, death and lawsuits. Financial risk management deals with risks that can be managed using traded financial instruments. The most recent concept, enterprise risk management, provides a tool to enhance the value of systems, both commercial and communal, from a systematic point of view. Operations research (OR) is always useful for optimizing risk management.
Accounting perspective
Accounting responsibilities involve auditing organizational operations to provide stakeholders with accurate, transparent information of finances. This includes assuring that a sound process is in place to detect, deal with, and monitor risk. The accounting approach to risk management is centered to a large degree on the standards promulgated by the Committee on Sponsoring Organizations of the Treadway Commission (COSO), generated by the Treadway Commission beginning in 1992. The SarbanesâOxley Act of 2002 outlines regulatory requirements for publicly traded firms to establish, evaluate, and assess the effectiveness of internal accounting controls. SOC has had a synergistic impact with COSO. While many companies have not used it, COSO offers a framework for organizations to manage risk.2 COSO objectives are:
1.Effectiveness and efficiency of operations
2.Reliability of financial reporting
3.Compliance with applicable laws and regulations.
To attain these objectives, COSO identifies the components of internal control:
â˘Control environment
â˘Risk assessment
â˘Control activities
â˘Information and communication
â˘Monitoring.
COSO was found to be used to a large extent by only 11% of the organizations surveyed, and only 15% of the respondents believed that their internal auditors used the COSO 1992 framework in full. Chief executive officers and chief financial officers are required to certify effective internal controls. These controls can be assessed against COSO. This benefits stakeholders. Risk management is now understood to be a strategic activity, and risk standards can ensure uniform risk assessment across the organization. Resources are more likely to be devoted to the most important risk, and better responsiveness to change is obtained.
The COSO framework
In 2004, COSO published an Enterprise Risk Management â Integrated Framework.3 COSO provides a framework to manage enterprise uncertainty, expressed in their ERM Cube. The cube considers dimension of objective categories, activities, and organizational levels, as shown in Table 1.1.
Table 1.1 COSO ERM cube1
This framework provides key principles and concepts, a common language, and clear direction and guidance.4
Categories
The strategic level involves overarching activities such as organizational governance, strategic objectives, business models, consideration of external forces, and other factors. The operations level is concerned with business processes, value chains, financial flows, and related issues. Reporting includes information systems as well as means to communicate organizational performance on multiple dimensions, to include finance, reputation, and intellectual property. Compliance considers organizational reporting on legal, contractual, and other regulatory requirements (including environmental).
Activities
The COSO internal control process consists of a series of actions.5
1.Internal Environment: The process starts with identification of the organizational units, with entity level representing the overall organization. The tone is set by the top of the organization. This includes actions to develop a risk management philosophy, create a risk management culture, and design a risk management organizational structure.
2.Objective Setting: Each participating division, business unit, and subsidiary would then identify business objectives and strategic alternatives, reflecting vision for enterprise success. These objectives would be categorized as strategic, operations, reporting, and compliance. These objectives need to be integrated with enterprise objectives at the entity level. Objectives should be clear and strategic, and should reflect the entity-wide risk appetite.
3.Event Identification: Management needs to identify events that could influence organizational performance, either positively or negatively. Risk events are identified, along with event interdependencies. (Some events are isolated, while others are correlated.) Measurement issues associated with methodologies or risk assessment techniques need to be considered.
4.Risk Assessment: Each of the risks identified in Step 3 is assessed in terms of probability of occurrence, as well as the impact each risk will have on the organization. Thus both impact and likelihood are considered. Their product provides a metric for ranking risks. Assessment techniques can include point estimates, ranges, or best/worst-case scenarios.
5.Risk Response: Strategies available to manage risks are developed. These can in...