Enterprise Risk Mgmt Test 1 Graded A Q&A Complete

Personal Financial Planning Pyramid - bottom to top: 1.Risk mgmt protection (life/health insurance), 2.Wealth accumulation (savings & accumulation, growth & diversification, speculation investments) 3. Wealth distribution Traditional Risk Management Process (TRM) of an Organization - 1. Identify Risk 2. Evaluate Risk 3. Select a Risk Management Technique to treat each risk 4. Implement and Review Risk Management (RM) Techniques to treat risk - Risk avoidance Loss Control Risk Retension Risk Transfer Goal of Enterprise Risk Management - Take the right amount of risk to achieve cash flows that enable firm to meet all its cash flow needs and hold the optimal level of capital Optimal Risk Taking - Maximize risk-adjusted return not absolute return. The problem is most companies do not have info on enterprise risk exposures ERM (Enterprise Risk Management) - a process, effected by and entities' board of directors management and other personal, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives Traditional risk management definition - uncertainty concerning loss- deals with hazard risk Where does insurance fit into the risk management process? - Risk transfer. Like with insurance, a company or person pays a premiumWhat are the goals of ERM related to cash flow and capital? - Take the right amount of risk to achieve cash flows that enable the firm to meet all its cash flow needs and to hold the optimal level of capital Probability vs. cash flow (EBITDA) graph and the goal of ERM - achieve optimal shape for probability distribution curve of future operating cashflows Importance of risk management - risk management is important in optimizing capital usage to maximize shareholder wealth Shareholder value creation vs capital graph and the sweet spot to maximize shareholder value - Sweet spot: firm needs to hold some capital to deal with unexpected losses and maintain solvency. But not good to hold too much capital because profitability will suffer. Risk management can be used by firm to deploy capital efficiently to maximize shareholder value Return vs. risks graphs and concept of optimal risk taking - Overall goal is to maximize risk adjusted return, not absolute return-so firm wants to be in Zone 2- risk return optimization. The problem is most companies do not have info on enterprise risk exposures. Describe risk management before 1950? - risk management was mainly about transferring pure risk (buying insurance). Pure/hazard risk: for example, property and liability exposures. What did the American Society of Insurance Management (ASIM) change its name to in 1975? And what did the name change imply? - ASIM changed nah to Risk and Insurance Management Society (RIMS). Implies Risk Management is becoming more than just buying insurance In 1963, Doug Barlow became the first to use what title? - Risk Manager In 1993, James Lam became fist to use what title - Chief Risk Officer (CRO)COSO ERM Framework - Committee of Sponsoring Organizations- As firms struggle to implement ERM, frameworks are developed, based on internal audit view from the U.S. accounting profession What are the four phrases in the COSO ERM definition that distinguish ERM from TRM? - -Board of Directors -Strategy Setting -Risk Appetite -Achievement of Entity Objectives For what type of company (industry) did S&P first start including an ERM rating component for determining the overall S&P rating? - Insurance companies What was the name of the new international ERM standard that started in 2009? - ISO 31000 TRM means - "Uncertainty concerning loss" COSO 2004 means - "the possibility that an event will occur and adversely affect the achievement of objectives ISO 31000 (2009) means - "effect of uncertainty on objectives What are the four categories (quadrants) of risk typically used for ERM? - Operational Strategic Financial Hazard risk What category does TRM deal with - Hazard Risk What are two theoretical pillars of ERM? - Interdependency of RisksPortfolio Theory What are the six characteristics that distinguish TRM from ERM? - 1. View: Portfolio view of Risk 2. corporate governance 3.Economic capital view 4. Competitive advantage 5. Assigned ownership 6. Single, comprehensive risk oversight/control structure Portfolio view of risk - deals with risks holistically. Understands interdependencies and correlation among risks and considers internal/external contexts. Standardize risk terms across silos. Risk appetite/critera in evaluating strategic alternatives - Board of Directors and CEO set tone at top for ERM, which plays an important role in corporate governance. ERM should reduce cash flow volatility, increase likelihood of achieving vision, mission, and objectives, and increase firm value. Economic capital view - risks considered in capital allocation decisions to achieve highest riskadjusted return Risk can be positive meaning..... - an opportunity to exploit. ERM can provide competitive advantage All risks assigned ownership - with accountability. Risk culture: everyone is a risk manager. Communication across functions (silos) is essential Single, comprehensive risk oversight/control structure - for all types of risk. Identify, analyze (impact and likelihood), report, map, prioritize, mitigate, monitor, anticipate top/critical risks and understand root causes and emerging risks. Develops key risk indicators (KRIs) to signal risks to achieving key performance goals to enhance risk response decisions. Implements business continuity planning to increase inability. Complies with regulatory requirements without becoming a compliance-driven, check the box processWhat additional risk management technique is used by ERM that is not used for TRM? - Exploit Risk-For ERM, risk can also be viewed as an opportunity to exploit Unlike TRM, what does ERM also attempt to do and consider? - ERM also attempts to identify all risks and evaluation considers correlation between risks Four ways ERM can add value to an organization - 1.Improve strategic decision making 2.Anticipate risks and minimize threats 3.Imporve business performance 4.Comply with legal and regulatory requirements