风险管理 国际视角.

1、Neil BrownTerry HatherellJune 6, 2002FEI Canada Annual ConferenceEnterprise-wide Risk Management 2002 Deloitte & Touche. Deloitte & Touche refers to Deloitte & Touche LLP and related entities. All rights reserved.1Discussion itemsnThe new risk imperativenA vision for mastering risknTrans

2、forming your risk management Business Risk Management ProcessnLeading the way2The new risk imperative3Current risk management situationUnacceptable Risk GapAbility to Manage RisksBusiness RisksBusiness risks are increasing exponentially while risk management practices are not keeping pace.4Enterpris

3、e-wide Risk Management (EWRM) is a natural evolution in the art of risk management Risk Management perspectiveValue contributedfinancialoperationsRisk ManagementmanagementBusiness Risk ManagementstrategyEnterprise-wide Risk Management Broadened risk focus Improved linkage of risk and opportunity Inc

4、reased scope 5Common reasons for implementing EWRMnExpand corporate governancenUnexpected losses nImplement strategic management toolnKPI shortfalls and tightened marginsnImprove capital budgeting decisionsnMergers and acquisitionsnRegulatory requirements6A vision for mastering risk7“EWRM is a struc

5、tured and disciplined approach that aligns strategy, processes, people, technology and knowledge with the purpose of evaluating and managing the uncertainties the enterprise faces as it creates value.”Enterprise-wide risk management defined8Business Risk - “The level of exposure to uncertainties tha

6、t the enterprise must understand and effectively manage as it executes its strategies to achieve its business objectives and create value”What does this definition mean?nRisk is not about a single point estimatenTime frame is an important factor when evaluating risknNot just threats; there is upside

7、 as well as downsidenExposure and uncertainty are important factors“Business Risk” provides the context for an EWRM approach9nFragmented nNegative nReactive nAd hoc nCost-basednNarrowly-focusednFunctionally-drivennIntegrated nPositivenProactive nContinuousnValue-basednBroadly-focusednProcess-drivenF

8、romToThe approach to managing risk is evolving10Redefining the value propositionnOptimizes risk, return and capitalnFocuses on ALL sources of valuenAggregates information for decision makingnIs an integral part of the management of the businessnEnhances corporate governance11Transforming your risk m

9、anagement - Business risk management process12Business Risk Management Process (BRMP)lEnterprise-wide risk management is a process. The BRMP is a systematic approach to building and improving risk management capabilities.lllllll Develop business risk management strategiesDesign/implement risk manage

10、ment capabilitiesMonitor risk management performanceContinuously improve risk management capabilitiesInformation for decision makingEstablish business risk management process Goals and objectives Oversight structure Common languageAssess business risks Identify Source Measure13Establish the business

11、 risk management processManaging risk is nothing more than managing your business. Develop Business RiskManagement strategies Avoid Retain Reduce Exploit TransferDesign/implementrisk managementcapabilitiesMonitor riskmanagementperformanceContinuously improverisk managementcapabilitiesAssess business

12、 risks Identify Source MeasureInformationfor decisionmakingEstablish Business RiskManagement Process Goals and objectives Common language Oversight structureEstablish business risk management processGoals and objectives for risk managementOversight structureManagement and Board reportingCorporate ri

13、sk policyTechnology support information management14Establish the business risk management process Oversight structureStructure should be adequate to oversee risk management. Often includes senior management working committees, a senior manager responsible for Enterprise-wide Risk Management, formal

14、 charters and job descriptions, clear authorization levels and effective reporting lines.Board of DirectorsChief Executive OfficerCFORisk ManagerRisk management complianceLegal and regulatory complianceRisk Management Executive CommitteeBusiness risk management functionTreasurerCIO15Establish the bu

15、siness risk management processRole of the Risk CommitteenDevelop and implement the corporate risk policynDevelop and oversee implementation of specific risk policiesnAssess entity risk profilenRecommend risk tolerances and profiles to the CEO and Board for approvalnEvaluate risk measurement methodol

16、ogiesnAssign owners for significant risksnEvaluate the effectiveness of the infrastructure in place for managing specific risks nReview risk reporting from each of the individual risk owners on a regular basis (i.e. at least quarterly)nSubmit risk reports to the board at least quarterly16Establish t

17、he business risk management process Risk policiesnPolicies should focus primarily on the “what” and not the “how.” In essence, they establish the guidelines needed for day-to-day decision-making which allow process and risk owners adequate flexibility to manage the organization under changing condit

18、ions.nOrganizations should evaluate existing risk management policies and strategies and critically evaluate the following: How and why were the policies developed? Were the policies defined to satisfy legal and regulatory requirements? Were the policies developed in a fragmented environment with a

19、bias toward “risk as downside”? Were the policies designed with little or no focus on risk management as a source of value?nThe overall risk management policy assigns responsibility for performing key tasks, establishes accountability with the appropriate managers, defines boundaries and limits, and

20、 formalizes reporting channels. These elements provide the baseline for a sound policy statement. 17Establish a common risk language Business Risk Model Develop Business RiskManagement strategies Avoid Retain Reduce Exploit TransferDesign/implementrisk managementcapabilitiesMonitor riskmanagementper

21、formanceContinuously improverisk managementcapabilitiesAssess business risks Identify Source MeasureInformationfor decisionmakingEstablish Business RiskManagement Process Goals and objectives Common language Oversight structureEstablish business risk management process Common languageEnvironmentrisk

22、ProcessriskInformation for decision makingriskSources of uncertaintyUncertainties affecting the viability of our business modelUncertainties affecting the execution of our business modelUncertainties over the relevance and reliability of information that supports our value creation decision18Establi

23、sh a common risk language Business Risk ModelEnvironmental scanBusiness modelBusiness portfolioValuationOrganization structureMeasurement (strategy)Resource allocationPlanningLife cycleProduct/service pricingContract commitmentMeasurement (operations)AlignmentEnvironment riskPriceLiquidityCreditInfo

24、rmation for decision making riskProcess riskOperationsInterest rateCurrencyEquityCommodityFinancial instrumentBudget and planningAccounting informationFinancial reporting evaluationTaxationPension fundInvestment evaluationRegulatory reportingBusiness reportingEnvironment/strategicProcess/operational

25、FinancialCompetitor Customer wants Technological innovation Sensitivity Shareholder relations Capital availabilitySovereign/political Legal Regulatory Industry Financial markets Catastrophic loss Cash flowOpportunity costConcentrationDefaultConcentrationSettlementCollateralCustomer satisfactionHuman

26、 resourcesKnowledge capitalProduct developmentEfficiencyCapacityPerformance gapCycle timeSourcingChannel effectivenessPartneringComplianceBusiness interruptionProduct/service failureEnvironmentalHealth and safetyTrademark/brand erosionEmpowermentInformation processing/technologyIntegrityLeadership A

27、uthority/limitOutsourcingPerformance incentivesChange readinessCommunicationsRelevanceIntegrityAccessAvailabilityInfrastructureManagement fraudEmployee/third party fraudIllegal actsUnauthorized useReputation19Assess Business Risks Elements of Risk Assessment Develop Business RiskManagement strategie

28、s Avoid Retain Reduce Exploit TransferDesign/implementrisk managementcapabilitiesMonitor riskmanagementperformanceContinuously improverisk managementcapabilitiesAssess business risks Identify Source MeasureInformationfor decisionmakingEstablish Business RiskManagement Process Goals and objectives Co

29、mmon language Oversight structureRisk IdentificationRisk PrioritizationRisk SourcingAssessment of Current Risk Management Assess business risks Identify Source Measure20Assess Business Risks Risk Assessment ApproachConfirmexpectations Executesurvey & interviewprocessPlan &executeworkshopDeve

30、lop &presentreportExecutelaunch activities21Assess Business Risks Risk Identification Customized Business Risk ModelEnvironment riskPriceLiquidityCreditInformation for decision making riskProcess riskOperationsCurrencyBudget and planningBusiness reportingEnvironment/strategicProcess/operationalF

31、inancial Legal Regulatory Capital availability PoliticalCustomer satisfactionHuman resourcesEfficiencyEmpowermentInformation processing/technologyIntegrityAuthority/limitCommunicationsAccessInfrastructureEmployee/third party fraud22Inherent likelihood of occurrenceSignificanceHIGHLOWHIGHAuthorityCom

32、modityCustomer SatisfactionHumanResourcesCapitalAvailabilityPoliticalEfficiencyFraudRegulatoryLegalCurrencyAssess Business Risks Risk prioritization Risk Map 23Assess Business Risks Risk Sourcing UnderstandMarkets &CustomersDevelopVision &StrategyDesignProducts&ServicesMarket & SellP

33、roduce &DeliverProductsandServicesDevelop & Manage Human ResourcesManage InformationManage Financial and Physical ResourcesExecute Environmental Management ProgramManage External RelationshipsManage Improvement and ChangeCore OperatingProcessesSupportProcessesLow inherent riskModerate inhere

34、nt riskHigh inherent risk24Assess Business Risks Assessing Risk Management Effectiveness Risk management effectivenessLevel of riskUnder-managed16111412742151396381015Zone of balancedrisk managementOver-managedHighHighLow25Develop business risk management strategies Develop Business RiskManagement s

35、trategies Avoid Retain Reduce Exploit TransferDesign/implementrisk managementcapabilitiesMonitor riskmanagementperformanceContinuously improverisk managementcapabilitiesAssess business risks Identify Source MeasureInformationfor decisionmakingEstablish Business RiskManagement Process Goals and objec

36、tives Common language Oversight structureEstablish business risk management processGoals and objectives for risk managementOversight structureManagement and Board reportingCorporate risk policyTechnology support information managementManaging risk is nothing more than managing your business.26Design

37、/implement risk management capabilities Develop Business RiskManagement strategies Avoid Retain Reduce Exploit TransferDesign/implementrisk managementcapabilitiesMonitor riskmanagementperformanceContinuously improverisk managementcapabilitiesAssess business risks Identify Source MeasureInformationfo

38、r decisionmakingEstablish Business RiskManagement Process Goals and objectives Common language Oversight structureAccept RepriceSelf insureOffset PlanRetain DisperseControlReduce InsureReinsureHedgeSecuritizeShareOutsource IndemnifyTransfer AllocateDiversifyExpandCreate RedesignReorganizePrice Arbit

39、rageRenegotiateInfluenceExploit DivestProhibit StopTargetScreenEliminateAvoid Develop business risk management strategies Avoid Retain Reduce Exploit Transfer27Design/implement risk management capabilities- Example of integrated infrastructure components Systems and DataMethodologiesManagementReport

40、sPeopleBusiness and RiskManagementProcessesBusinessStrategies and PoliciesWhen building capabilities, key components must be linked by design. Risk if component is deficient:Process does not achieve strategyPeople cannot perform processReports do not provide information for effective managementMetho

41、dologies do not adequately analyze informationInformation is not available for analysis and reporting Develop Business RiskManagement strategies Avoid Retain Reduce Exploit TransferDesign/implementrisk managementcapabilitiesMonitor riskmanagementperformanceContinuously improverisk managementcapabili

42、tiesAssess business risks Identify Source MeasureInformationfor decisionmakingEstablish Business RiskManagement Process Goals and objectives Common language Oversight structureDesign/implement risk management capabilities28Another example: credit riskCredit policyCustomer acceptance criteriaCredit p

43、rocessCredit exposure aggregationCredit risk subcommittee charterCredit manager and staff roles/ responsibilitiesCredit authorizationCredit exposure reportsWatch listConcentration reportsCredit analysis templatesRisk rating systemExposure measurement methodologyCredit systemIT structureSystems and D

44、ataMethodologiesManagementReportsBusiness and RiskManagementProcessesBusiness Strategiesand PoliciesPeople29Implementing EWRMA phased approachllllllll Develop business risk management strategies Avoid Retain Reduce Transfer ExploitDesign/implement risk management capabilitiesMonitor risk management

45、performanceContinuously improve risk management capabilitiesAssess business risks Identify Source MeasureInformation for decision makingEstablish business risk management process Goals and objectives Oversight structure Common languagePhase 1Phase 3Phase 2Strategy and capabilitydevelopment activitie

46、sfor one risk at a time30Risk management capability maturity continuumCapabilities are characteristic of individuals, not of the organizationProcess established and repeating; reliance on people is reducedPolicies, processes and standards defined and formalized across the companyRisks measured and m

47、anaged quantitatively and aggregated on an enterprise-wide basisOrganization focused on continuous improvement of business risk managementInitialRepeatableDefined Risk identification Common language Dedicated resources Risk management policy Risk sourcing Enterprise-wide risk strategies Risk diversi

48、fication exploited competitively Quantification of risk versus tolerances Integrated risk measurement systems Risk measures applied to business performance goals Defined process Risk responsibilities Policy guidelines followed across the organization Risk measurement Consistent risk reportingManaged

49、OptimizingSystematically build and improve risk management capabilities31Leading the way32Getting startednLead from the topnMobilize key executivesnPresent a persuasive business case for changenCreate a vision for EWRMnSet realistic goalsnDevelop a plan for actionnIdentify priorities for actionnTake stock of your opportunities, then identify your risksnThink about the unthinkable - preventing surprises is at the heart of risk managementnMaster the make-or-break risks inherent in your business modelnApply a risk perspective to major change events33Key success factors that make the differe