eBook - ePub

Corporate Value of Enterprise Risk Management

Name: Corporate Value of Enterprise Risk Management
Author: Sim Segal

The Next Step in Business Management

Sim Segal

Buch teilen

English
ePUB (handyfreundlich)
Über iOS und Android verfügbar

eBook - ePub

Corporate Value of Enterprise Risk Management

The Next Step in Business Management

Sim Segal

Angaben zum Buch

Buchvorschau

Inhaltsverzeichnis

Quellenangaben

Über dieses Buch

The ultimate guide to maximizing shareholder value through ERM

The first book to introduce an emerging approach synthesizing ERM and value-based management, Corporate Value of Enterprise Risk Management clarifies ERM as a strategic business management approach that enhances strategic planning and other decision-making processes.

A hot topic in the wake of a series of corporate scandals as well as the financial crisis
Looks at ERM as a way to deliver on the promise of balancing risk and return
A practical guide for corporate Chief Risk Officers (CROs) and other business professionals seeking to successfully implement ERM

ERM is here to stay. Sharing his unique insights and experiences as a recognized global thought leader in this field, author Sim Segal offers world-class guidance on how your business can successfully implement ERM to protect and increase shareholder value.

Häufig gestellte Fragen

Wie kann ich mein Abo kündigen?

Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.

(Wie) Kann ich Bücher herunterladen?

Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.

Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?

Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.

Was ist Perlego?

Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.

Unterstützt Perlego Text-zu-Sprache?

Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.

Ist Corporate Value of Enterprise Risk Management als Online-PDF/ePub verfügbar?

Ja, du hast Zugang zu Corporate Value of Enterprise Risk Management von Sim Segal im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Betriebswirtschaft & Betriebliches Rechnungswesen. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.

Information

Verlag

Wiley

Jahr

2011

ISBN

9781118023303

Auflage

Thema

Betriebswirtschaft

Thema

Betriebliches Rechnungswesen

Part I

Basic ERM Infrastructure

Chapter 1

Introduction

History is the sum total of the things that could have been avoided.

Konrad Adenauer

Enterprise risk management, or ERM, is generally defined as follows:

The process by which companies identify, measure, manage, and disclose all key risks to increase value to stakeholders.

One of the challenges with ERM lies in understanding what this definition means. There are many interpretations, and some would say misinterpretations, of this short definition. In the next chapter, we will fully and properly define ERM. For now, consider ERM simply as an approach to treat risk holistically in an organization.

Evolution of ERM

ERM has been gaining significant momentum in recent years. We will discuss the following eight most important factors driving this trend, which are as follows:

1. Basel Accords

2. September 11th

3. Corporate accounting fraud

4. Hurricane Katrina

5. Rating agency scrutiny

6. Financial crisis

7. Rare events

8. Long-term trends

The first seven factors involve significant discrete events and are listed in chronological order, while the remaining factor includes trends that have developed gradually over time. Some of the discrete events originate from, or relate primarily to, the financial services sector. However, it is helpful for those in all sectors to understand these events because they are commonly known in ERM circles and their impacts on ERM are felt in all industry sectors. In addition, it is helpful to understand the chronology because the order of events has played a role in ERM development. The cumulative impact of events, and the regulatory and corporate responses to them, has led to the current environment for ERM.

Basel Accords

Basel II,¹ an international guideline for risk management, influenced the advancement of ERM practices in the financial services sector. The Basel Accords are guidelines developed by a group of global banking regulators in an attempt to improve risk management practices. Basel II, the second of two accords developed by the Basel Committee on Banking Supervision, was published in 2001.

There are three pillars in Basel II:

Pillar 1: Minimum capital requirements
Pillar 2: Supervisory review
Pillar 3: Market discipline

Pillar 1 specifies methods to calculate capital requirements, offering standardized options based on industry averages and advanced options for more sophisticated banks based on their own internal models, customized to account for the specifics of the company, its businesses, and its risks, and largely using management's own estimates for most parameters.

Pillar 2 allows for supervisors to review the bank's risk management practices and risk exposures and, if necessary, apply a multiplier to increase the amount of minimum required capital calculated in Pillar 1.

Pillar 3 addresses appropriate risk disclosures.

The most important advancement since Basel I was the expansion of scope to include operational risks, moving banks in the direction of a holistic treatment of risk (although many other risks, including all strategic risks, are still excluded).

In retrospect, it is easy to criticize and say that the Basel Committee failed in their goal, as evidenced by the global financial crisis that began in the United States in 2007. However, these accords were widely adopted and did represent an improvement from prior practices. Even if the Basel Accords fell short of their goal to develop a standard benchmark for stellar risk management practices, they did however result in an enhanced focus on risk in the banking sector and beyond, as others held up the banking sector as a model for managing risk. Solvency II, a set of risk management standards for European Union (EU) insurance companies scheduled to take effect in November 2012, is clearly influenced by Basel II, and is largely analogous to it.

September 11th

The terrorist attacks on the United States on September 11, 2001, advanced our thinking in the area of ERM by raising awareness of four major aspects of risk:

1. Terrorism risk

2. Concentration risk

3. Risk complexity

4. Need for an integrated approach

Terrorism Risk

Virtually all organizations are more aware of the possibility of a terrorist attack as a result of September 11th. Many of these organizations, particularly those operating in or near major cities or potential terrorist targets, have also thought through various terrorism scenarios. They have examined the potential impacts of an attack impacting their physical assets, employees, customers, stakeholders, suppliers, and/or the economies in which they operate. These exercises have led to some preventive mitigation (such as decentralizing offices) as well as enhanced business continuity plans. An additional benefit is the general raising of awareness of the possibility of the previously unthinkable. This is helpful, since ERM requires management to keep an open mind to a more complete range of future scenarios.

Concentration Risk

Even before September 11th, companies were aware of the danger of concentrations of risk. For example, companies try to avoid depending too much on a single large customer or supplier; investing too much of their assets in any one sector; or having too much knowledge, power, or access concentrated with one employee. However, September 11th dramatically changed the way companies, and governments, thought about concentration risk.

The result was a complete rethinking of where and how resources are, or might become, exposed in a concentrated way to terrorism or other types of risk. Where are our most critical employees located? Where do we gather our most critical employees together? Where are the bulk of our invested assets geographically? Are any of our key customers or suppliers or other credit counterparties exposed to significant concentration risk? One manifestation of this was many employers decentralizing their locations out of major landmark buildings and also out of major cities.

Risk Complexity

September 11th raised awareness of the complexity of risk. A complex set of interdependencies, which remains beneath the surface until a significant disruption reveals it, became apparent in the aftermath of the attacks. There were numerous secondary impacts that were unexpected, or at least had not been examined until then.

Though it may appear obvious now, few would have predicted how severely the airline business would be impacted. After all, statistically, even with a moderate increase in terrorism, flying is still far safer than other modes of travel. According to a study by Sivak and Flannigan published in the January–February issue of American Scientist, even if a terrorist event equivalent to September 11th occurred every month, flying would still be safer than driving.² However, the human factor is a significant component of risk complexity. It is more difficult to account for fear and other irrational human tendencies, which often direct actions that are counter to our collective best interests. A Cornell University study found that an additional 725 people lost their lives in just the three months following September 11th as a result of a shift from flying to driving.³

Another type of risk complexity that was highlighted as a result of September 11th was that while there are mostly downside impacts from a horrible event, there are often upside impacts as well. For example, anyone in the security business can tell you how much opportunities increased after the attacks. In addition, companies providing teleconferencing benefited as well, as business travel decreased dramatically. While this is not a new concept, again, the sheer scale of September 11th increased awareness that in considering a risk scenario, it is important to factor in the potentially offsetting upside impacts as well.

Need for an Integrated Approach

September 11th highlighted the need for an integrated approach to risk management. It moved the U.S. government closer to managing risks on a basis more consistent with ERM principles. The government reorganization in response to September 11th is analogous to the beginnings of an ERM program. They established the Department of Homeland Security, later organized under the ODNI (Office of the Department of National Intelligence), which centralizes efforts regarding most risks facing the country. One of the key recognitions was that the government was in possession of intelligence which should have, or could have, prevented the attacks, but due to a lack of coordination, sharing, and prioritization of information, a disaster occurred. It is the same within companies. Many companies possess excellent information, but fail to realize their potential—both in terms of averting disasters as well as capitalizing on opportunities—due to a lack of integration between separate business segments.

Corporate Accounting Fraud

In 2001 and 2002, a wave of accounting scandals rocked the business world. Enron, Tyco, and WorldCom were just three of the most prominent examples. These firms suffered dramatic financial collapses and had executives convicted and sentenced to prison. The names of these executives—Jeff Skilling, Ken Lay, Andrew Fastow, Dennis Kozlowski, and Bernie Ebbers—still send shudders down the spines of executives everywhere, nearly a decade later. In addition, Arthur Andersen, the audit firm for both Enron and WorldCom, went out of business as a result of the scandals. The fallout from all the accounting scandals included two significant events that led many companies to improve their risk management processes.

The first event involved litigation, and increased the accountability of members of the board of directors and, more important, their personal financial liability, in the event of undetected corporate accounting fraud. In a WorldCom lawsuit, a settlement was reported that involved 10 outside directors paying damages out of their personal assets amounting to approximately 20 percent of their net worth, and which were not allowed to be reimbursed by their directors and officers (D&O) liability insurance coverage. An Enron lawsuit settlement involved similar personal payments from directors.

These settlements were significant in that they led to two major trends. First, serving on a board of directors became less attractive due to the increased liability. Many companies saw directors retiring from the board, and found it more difficult to recruit directors. The second, and more important trend for ERM, is that the remaining directors became more diligent about risk, and began asking management what was being done to protect the company against key risks. In many instances where companies have adopted ERM, it was precipitated by pressure on management from a member of the board of directors.

The second event involved legislation and enhanced the risk management practices of companies and their auditors in relation to ensuring the accuracy of external financial reports. In 2002, the U.S. Congress passed the Sarbanes-Oxley Act, also commonly referred to as SOX. Similar legislation was later adopted elsewhere, including Japan (J-SOX), France, Italy, and some other countries. This legislation required companies to establish a highly detailed and expensive process for identifying risks to, and establishing, documenting, and testing the effectiveness of risk controls for, the financial reporting process, and to have company executives formally attest to the accuracy of the financial reports. In an effort to comply with SOX, many companies adopted a modified version of the COSO Internal Control framework developed in the early 1990s.⁴

Though SOX has been widely criticized as onerous and ineffective, it did raise corporate awareness of risk regarding financial reporting accuracy as well as more generally. Many companies used process maps to help identify vulnerable areas (e.g., regarding the handoffs and access to data) in the reporting process, and some began to expand the use of p...