Quick Menu: ERM / ERM in Insurance / Our Services / Independent evaluation of ERM
Independent evaluation of ERM program
Whether starting an ERM program or looking to enhance it, an independent evaluation is a good place to begin. RM Adviser team performs a high-level or detailed assessment, benchmarking your ERM program against criteria and leading practices. This helps identify areas for targeted improvements, “quick hits” that can produce near-term results and an implementation plan. The evaluation includes reviewing a comprehensive set of ERM program elements, such as:
- ERM framework
- Risk governance
- Risk definition and categorization
- Risk identification and prioritization
- Risk quantification
- ERM and economic capital (EC) models
- Risk appetite
- Risk response - downside (risk mitigation) and upside (risk taking)
- Integration of ERM into key company processes
- Risk monitoring
- Risk disclosures including communications to rating agencies
- Comparative analysis of key competitors’ risk disclosures
RM Adviser Team delivers a scorecard, a gap analysis and a high-level implementation plan and conducts a half-day workshop for executives to present results and enhance buy-in.
ERM framework and risk governance
Various ERM frameworks and risk governance structures exist. Selecting the appropriate one requires experience. RM Adviser team works with management to understand and reflect the existing company culture and synthesize a tailored risk culture, examining areas such as:
- ERM framework
- How ERM is organized functionally (processes, activities, etc.)
- The definition of ERM (scope of risks, lines of business, etc.)
- Risk governance - the hierarchical organizational
- Roles and responsibilities (board, ERM committee, internal audit, etc.)
- Policies and procedures
- External governance constraints (e.g., rating agencies, regulators)
For organizations in the early stages of implementing an ERM program, RM Adviser team typically develops a high-level ERM framework and risk governance structure, allowing for further refinement as ERM becomes more embedded in the organization’s decision making over time. For more developed ERM programs, RM Adviser team helps to develop a detailed and effective set of risk policies and procedures, including a linkage to cascade risk authority limits down from enterprise risk appetite to individual risk tolerance thresholds in the lines of business.
ERM is a process to identify, measure, manage and disclose all key risks to increase value to stakeholders. Since risk identification is the first step in the ERM process cycle (after developing the initial ERM framework, risk governance and plan), some assume that by now the approach must have matured, and that common practice is essentially “best practice.” However, our research and client work show that common practice in risk identification is suboptimal in several aspects and produces misleading information in risk identification and in all downstream ERM phases: risk quantification, risk management and risk disclosure. Relying on this flawed information can cause management to focus on the wrong priorities, make poor decisions and produce improper risk disclosures.
To have a successful ERM risk identification phase and avoid these problems, companies must:
- Define risks by source
- Categorize risks with consistent granularity
- Identify risks prospectively
- Gather data appropriately
- Define frequency/severity clearly
To facilitate the adoption of all five of these critical criteria, RM Adviser team works with you to:
- Define and categorize risks
- Allocate Top 10 company specific risks to individual or group Risk Profile
- Conduct internal qualitative risk assessment regarding frequency and severity
- Scan external environment for emerging risks
Once this process step is properly established, RM Adviser team can facilitate periodic (e.g., annual) internal qualitative risk assessments to preserve anonymity of participants, enhancing the quality of the results.
RM Adviser team offers a comprehensive range of assistance in risk quantification, including developing risk scenarios, ERM models and risk correlations.
Developing risk scenarios
Most ERM programs have risk scenarios for financial (market, credit and liquidity) and insurance risks. However, many ERM programs lack risk scenarios or employ a less robust risk scenario development process for operational and strategic risks. A true ERM program includes all types of risk. Therefore, it is critical to fully develop risk scenarios and then quantify all key risks, including operational and strategic risks - often a direct cause of or a contributing factor in company failures.
RM Adviser team helps companies develop a robust set of risk scenarios for all key risks, including operational and strategic. We use an adaptation of an approachs originating in the risk management standards, e.g., AU/NZ 4360:2004, ISO31000. Such standard is fast, efficient and effective at developing scenarios that paint the risk landscape for each key risk and provides a solid foundation for the quantification of all key risks. In addition, this process enhances buy-in for the ERM process, engaging, rather than imposing upon, risk experts throughout the organization, including the lines of business. Finally, the process of conducting and documenting risk scenarios provides immediate value, in terms of both enhancing the risk culture by spreading a “risk mindset” and sharing expert information on risks previously residing with one risk expert or department.
Developing ERM models
ERM models must be developed to quantify individual risk exposures and to quantify the enterprise risk exposure, which is a measure of the enterprise’s integrated risk based on all the key risks and how they interact (whether to exacerbate or offset each other). In addition, it is helpful if the ERM models can be constructed to work in concert with, and not in opposition to, existing risk and value models, such as economic capital (EC) and embedded value (EV) models. Unfortunately, many ERM programs fail to meet either of these goals. Many ERM programs are unable to quantify all key risks, and omit operational and strategic risks. In addition, most ERM programs suffer from a disconnect between the ERM, EC and EV models, where they reside in multiple areas with conflicting data, assumptions and politics.
RM Adviser team also helps companies avoid these pitfalls. We help companies develop ERM models that quantify all key risks and that fully integrate the ERM, EC and EV models. This eliminates friction, overlap and inefficiency and results in all risk personnel pulling in the same direction. In addition, and more important, it provides a key linkage between risk and value, resulting in an ERM program that informs decision making, including strategic planning.
See RMA proposition on Enterprise Architecture Vs. S2 Implementation Project
In helping companies select the most appropriate ERM model, RM Adviser team provides key insights into the critical balance between robustness and practicality. We take into account a multitude of factors, including company culture, risk culture, existing risk models and stage in the ERM program implementation process. For companies in the early stages, a high-level first-stage model may be best. For more advanced ERM programs, a more sophisticated model may be needed. RM Adviser team offers a full set of approaches, ranging from spreadsheet-based models to our own proprietary software platform for Risk Management of Insurers, Risk _ Ma, as well as the latest applications to reduce the more complex models’ run times, such as replicating portfolios.
RM Adviser team assists companies in all aspects of ERM model development, including:
- Methodology design and documentation
- Selection of basis (real world, market consistent, etc.)
- Data identification, gathering and normalization
- Model building, including tailoring to the undertaking’s key risks, value drivers, level of decision-making detail and key metrics
- Stochastic scenario file production/validation
- Reconciliation to existing models and measures
- Development of replicating/minimum risk portfolios
- Reasonability testing and detailed results checking
- Staff training
Developing risk correlations
To quantify the impact of multiple risks occurring simultaneously, a method must be developed, and assumptions made, to quantify the correlation. Various methods are available, in a range of levels of sophistication and number of assumptions required. RM Adviser team helps companies select the most appropriate approach to match a company’s ERM program characteristics and level of ERM modeling in particular.
RM Adviser team conducts workshops to guide the ERM committee in defining the undertaking’s risk appetite - the level of risk to which the company is comfortable being exposed. This typically takes place once the risk quantification is completed or at least piloted, since enterprise risk exposure is a key input into this process. Once risk appetite is defined, RM Adviser team assists companies in cascading this down to lower-level risk tolerances in a consistent manner throughout the organization.
An effective ERM program includes not only a risk response of risk mitigation, but also a risk response of taking on more risk, where the risk-to-value ratio is favorable. RM Adviser team helps companies build ERM models that serve as decision-making tools for both types of risk response.
The most important action in ERM is the risk response of managing enterprise risk exposure toward risk appetite. An appropriately constructed ERM model not only serves this purpose, but also supports all types of decision making. RM Adviser team has helped many companies establish this type of risk response capability.
RM Adviser team offers extensive practical experience in helping companies use ERM information to inform a variety of decisions. Examples include:
- Hedging market and credit risk exposures
- Designing reinsurance structures to transfer insurance risk
- Selecting the optimal product mix to maximize expected returns
- Pricing new products on a market-consistent basis
- Designing a process for deriving the optimal strategic asset allocation
Integration of ERM into key company processes
A good test of an ERM program is whether decision making throughout the company employs ERM information. This is also part of what Rating agencies looks for in its ERM evaluation: Is it real? Are people using this for decision making in the lines of business? RM Adviser team helps companies integrate their ERM programs into key company processes, such as:
- Strategic planning
- Tactical decision making
- Product Pricing
- Transactions (e.g., mergers and acquisitions)
A key to successfully integrating ERM into decision-making processes is to incorporate ERM metrics into internal reporting and incentive compensation. This is part of the risk culture of the organization. RM Adviser team advises companies on designing an ERM program that is amenable to such integration and implementing a successful integration.
Many assumptions are embedded in an ERM program. Part of the process of continual improvement in ERM is to examine risk events after they unfold and learn from them to improve assumption setting as well as other aspects of the ERM program — such as implementation of mitigation plans post-event and effectiveness of pre-event mitigation. RM Adviser team helps companies set up a risk monitoring program to capture key information when risk events occur, and a feedback process to learn from the event and identify areas for improvement. This is another area rating agencies looks for in its ERM evaluation.
One of the most overlooked risks is that of improper risk disclosures. While the risk disclosures of most companies within a given sector are similar, ERM program sophistication varies widely. Companies should carefully examine their ERM information, particularly the potential impact of key risks to shareholder value, and enhance their risk disclosures to reflect this information. RM Adviser team works with companies to identify such information and to craft appropriate risk disclosures.
Own Risk and Solvency Assessment (ORSA)
The insurer must, as part of its risk management system, perform a so-called Own Risk and Solvency Assessment (ORSA). The ORSA must not be regarded as an internal model and that the outcome of the ORSA does not represent an „alternative” requirement to the SCR or the MCR. The ORSA is, in other words, instrumental in the insurer’s risk management: the ORSA is an integral element of the insurer’s strategy and should be referenced in strategic decision making. The ORSA must be performed regularly and in any case after every major change in the company’s risk profile.
No mandatory implementing measures for the ORSA have been provided by the European Commission, but RM Adviser team works with companies to draft guidelines on this point.
See more for Solvency 2 Implementation (RMA consultation) document for Bulgarian Insurers was written with the date of 31 October 2012 in mind.
For further information, please register by send an e-mail to: Óffice@rmadviser.com