eBook - ePub
Corporate Value of Enterprise Risk Management
The Next Step in Business Management
Sim Segal
This is a test
Condividi libro
- English
- ePUB (disponibile sull'app)
- Disponibile su iOS e Android
eBook - ePub
Corporate Value of Enterprise Risk Management
The Next Step in Business Management
Sim Segal
Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni
Informazioni sul libro
The ultimate guide to maximizing shareholder value through ERM
The first book to introduce an emerging approach synthesizing ERM and value-based management, Corporate Value of Enterprise Risk Management clarifies ERM as a strategic business management approach that enhances strategic planning and other decision-making processes.
- A hot topic in the wake of a series of corporate scandals as well as the financial crisis
- Looks at ERM as a way to deliver on the promise of balancing risk and return
- A practical guide for corporate Chief Risk Officers (CROs) and other business professionals seeking to successfully implement ERM
ERM is here to stay. Sharing his unique insights and experiences as a recognized global thought leader in this field, author Sim Segal offers world-class guidance on how your business can successfully implement ERM to protect and increase shareholder value.
Domande frequenti
Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
Corporate Value of Enterprise Risk Management è disponibile online in formato PDF/ePub?
Sì, puoi accedere a Corporate Value of Enterprise Risk Management di Sim Segal in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Betriebswirtschaft e Betriebliches Rechnungswesen. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.
Informazioni
Part I
Basic ERM Infrastructure
Chapter 1
Introduction
History is the sum total of the things that could have been avoided.
Konrad Adenauer
Enterprise risk management, or ERM, is generally defined as follows:
The process by which companies identify, measure, manage, and disclose all key risks to increase value to stakeholders.
One of the challenges with ERM lies in understanding what this definition means. There are many interpretations, and some would say misinterpretations, of this short definition. In the next chapter, we will fully and properly define ERM. For now, consider ERM simply as an approach to treat risk holistically in an organization.
Evolution of ERM
ERM has been gaining significant momentum in recent years. We will discuss the following eight most important factors driving this trend, which are as follows:
1. Basel Accords
2. September 11th
3. Corporate accounting fraud
4. Hurricane Katrina
5. Rating agency scrutiny
6. Financial crisis
7. Rare events
8. Long-term trends
The first seven factors involve significant discrete events and are listed in chronological order, while the remaining factor includes trends that have developed gradually over time. Some of the discrete events originate from, or relate primarily to, the financial services sector. However, it is helpful for those in all sectors to understand these events because they are commonly known in ERM circles and their impacts on ERM are felt in all industry sectors. In addition, it is helpful to understand the chronology because the order of events has played a role in ERM development. The cumulative impact of events, and the regulatory and corporate responses to them, has led to the current environment for ERM.
Basel Accords
Basel II,1 an international guideline for risk management, influenced the advancement of ERM practices in the financial services sector. The Basel Accords are guidelines developed by a group of global banking regulators in an attempt to improve risk management practices. Basel II, the second of two accords developed by the Basel Committee on Banking Supervision, was published in 2001.
There are three pillars in Basel II:
- Pillar 1: Minimum capital requirements
- Pillar 2: Supervisory review
- Pillar 3: Market discipline
Pillar 1 specifies methods to calculate capital requirements, offering standardized options based on industry averages and advanced options for more sophisticated banks based on their own internal models, customized to account for the specifics of the company, its businesses, and its risks, and largely using management's own estimates for most parameters.
Pillar 2 allows for supervisors to review the bank's risk management practices and risk exposures and, if necessary, apply a multiplier to increase the amount of minimum required capital calculated in Pillar 1.
Pillar 3 addresses appropriate risk disclosures.
The most important advancement since Basel I was the expansion of scope to include operational risks, moving banks in the direction of a holistic treatment of risk (although many other risks, including all strategic risks, are still excluded).
In retrospect, it is easy to criticize and say that the Basel Committee failed in their goal, as evidenced by the global financial crisis that began in the United States in 2007. However, these accords were widely adopted and did represent an improvement from prior practices. Even if the Basel Accords fell short of their goal to develop a standard benchmark for stellar risk management practices, they did however result in an enhanced focus on risk in the banking sector and beyond, as others held up the banking sector as a model for managing risk. Solvency II, a set of risk management standards for European Union (EU) insurance companies scheduled to take effect in November 2012, is clearly influenced by Basel II, and is largely analogous to it.
September 11th
The terrorist attacks on the United States on September 11, 2001, advanced our thinking in the area of ERM by raising awareness of four major aspects of risk:
1. Terrorism risk
2. Concentration risk
3. Risk complexity
4. Need for an integrated approach
Terrorism Risk
Virtually all organizations are more aware of the possibility of a terrorist attack as a result of September 11th. Many of these organizations, particularly those operating in or near major cities or potential terrorist targets, have also thought through various terrorism scenarios. They have examined the potential impacts of an attack impacting their physical assets, employees, customers, stakeholders, suppliers, and/or the economies in which they operate. These exercises have led to some preventive mitigation (such as decentralizing offices) as well as enhanced business continuity plans. An additional benefit is the general raising of awareness of the possibility of the previously unthinkable. This is helpful, since ERM requires management to keep an open mind to a more complete range of future scenarios.
Concentration Risk
Even before September 11th, companies were aware of the danger of concentrations of risk. For example, companies try to avoid depending too much on a single large customer or supplier; investing too much of their assets in any one sector; or having too much knowledge, power, or access concentrated with one employee. However, September 11th dramatically changed the way companies, and governments, thought about concentration risk.
The result was a complete rethinking of where and how resources are, or might become, exposed in a concentrated way to terrorism or other types of risk. Where are our most critical employees located? Where do we gather our most critical employees together? Where are the bulk of our invested assets geographically? Are any of our key customers or suppliers or other credit counterparties exposed to significant concentration risk? One manifestation of this was many employers decentralizing their locations out of major landmark buildings and also out of major cities.
Risk Complexity
September 11th raised awareness of the complexity of risk. A complex set of interdependencies, which remains beneath the surface until a significant disruption reveals it, became apparent in the aftermath of the attacks. There were numerous secondary impacts that were unexpected, or at least had not been examined until then.
Though it may appear obvious now, few would have predicted how severely the airline business would be impacted. After all, statistically, even with a moderate increase in terrorism, flying is still far safer than other modes of travel. According to a study by Sivak and Flannigan published in the January–February issue of American Scientist, even if a terrorist event equivalent to September 11th occurred every month, flying would still be safer than driving.2 However, the human factor is a significant component of risk complexity. It is more difficult to account for fear and other irrational human tendencies, which often direct actions that are counter to our collective best interests. A Cornell University study found that an additional 725 people lost their lives in just the three months following September 11th as a result of a shift from flying to driving.3
Another type of risk complexity that was highlighted as a result of September 11th was that while there are mostly downside impacts from a horrible event, there are often upside impacts as well. For example, anyone in the security business can tell you how much opportunities increased after the attacks. In addition, companies providing teleconferencing benefited as well, as business travel decreased dramatically. While this is not a new concept, again, the sheer scale of September 11th increased awareness that in considering a risk scenario, it is important to factor in the potentially offsetting upside impacts as well.
Need for an Integrated Approach
September 11th highlighted the need for an integrated approach to risk management. It moved the U.S. government closer to managing risks on a basis more consistent with ERM principles. The government reorganization in response to September 11th is analogous to the beginnings of an ERM program. They established the Department of Homeland Security, later organized under the ODNI (Office of the Department of National Intelligence), which centralizes efforts regarding most risks facing the country. One of the key recognitions was that the government was in possession of intelligence which should have, or could have, prevented the attacks, but due to a lack of coordination, sharing, and prioritization of information, a disaster occurred. It is the same within companies. Many companies possess excellent information, but fail to realize their potential—both in terms of averting disasters as well as capitalizing on opportunities—due to a lack of integration between separate business segments.
Corporate Accounting Fraud
In 2001 and 2002, a wave of accounting scandals rocked the business world. Enron, Tyco, and WorldCom were just three of the most prominent examples. These firms suffered dramatic financial collapses and had executives convicted and sentenced to prison. The names of these executives—Jeff Skilling, Ken Lay, Andrew Fastow, Dennis Kozlowski, and Bernie Ebbers—still send shudders down the spines of executives everywhere, nearly a decade later. In addition, Arthur Andersen, the audit firm for both Enron and WorldCom, went out of business as a result of the scandals. The fallout from all the accounting scandals included two significant events that led many companies to improve their risk management processes.
The first event involved litigation, and increased the accountability of members of the board of directors and, more important, their personal financial liability, in the event of undetected corporate accounting fraud. In a WorldCom lawsuit, a settlement was reported that involved 10 outside directors paying damages out of their personal assets amounting to approximately 20 percent of their net worth, and which were not allowed to be reimbursed by their directors and officers (D&O) liability insurance coverage. An Enron lawsuit settlement involved similar personal payments from directors.
These settlements were significant in that they led to two major trends. First, serving on a board of directors became less attractive due to the increased liability. Many companies saw directors retiring from the board, and found it more difficult to recruit directors. The second, and more important trend for ERM, is that the remaining directors became more diligent about risk, and began asking management what was being done to protect the company against key risks. In many instances where companies have adopted ERM, it was precipitated by pressure on management from a member of the board of directors.
The second event involved legislation and enhanced the risk management practices of companies and their auditors in relation to ensuring the accuracy of external financial reports. In 2002, the U.S. Congress passed the Sarbanes-Oxley Act, also commonly referred to as SOX. Similar legislation was later adopted elsewhere, including Japan (J-SOX), France, Italy, and some other countries. This legislation required companies to establish a highly detailed and expensive process for identifying risks to, and establishing, documenting, and testing the effectiveness of risk controls for, the financial reporting process, and to have company executives formally attest to the accuracy of the financial reports. In an effort to comply with SOX, many companies adopted a modified version of the COSO Internal Control framework developed in the early 1990s.4
Though SOX has been widely criticized as onerous and ineffective, it did raise corporate awareness of risk regarding financial reporting accuracy as well as more generally. Many companies used process maps to help identify vulnerable areas (e.g., regarding the handoffs and access to data) in the reporting process, and some began to expand the use of p...