Académique Documents
Professionnel Documents
Culture Documents
“Given the central role of effective, firmwide risk “Strong risk management and robust financial
management in maintaining strong financial regulation are the bedrock of a stable financial system”
institutions, it is clear that supervisors must redouble -Hugo Banziger, Deutsche Bank’s Chief Risk Officer and a
their efforts to help organizations improve their risk- Member of the Management Board, 2010
management practices…We are also considering the
need for additional or revised supervisory guidance
regarding various aspects of risk management,
including further emphasis on the need for an “I am fully convinced that going forward, continued
enterprise-wide perspective when assessing risk” improvement of risk management by banks, despite
-Ben Bernanke, US Federal Reserve Bank Chairman, 2008 their size, will not only impact on their behavior but
also their performance.”
-Liu Mingkang, Chairman, China Banking Regulatory
Commission, 2004
“A fundamental shortcoming is the wide disparity “A bank in which every employee understands his or
between the rapid pace of financial innovation and her responsibility for managing risk is likely to be
the risk management infrastructure on which this more sound than a bank in which risk management is
innovation was built…. historic or statistical always seen as someone else's responsibility. While
measures of risk and exposure, such as value-at-risk, risk management starts at the business-line level, a
past loss experiences and name concentration in the well-run bank also has in place an effective program
traditional banking book have proved inadequate.” for enterprise-wide risk management that is
- Nout Wellink , BIS Chairman, 2008 supported by strong internal controls.”
- Sara Raskin, Federal Reserve Bank Governor, 2011
Risk
Focusing on rewarded risk enables continued creation and preservation of value, even in turbulent times.
“A process, effected by an entity’s board of directors, management and other personnel, applied in
strategy setting and across the enterprise, designed to identify potential events that may affect the
entity, and manage risk to be within its appetite, to provide reasonable assurance regarding the
achievement of entity objectives.”*
A process for providing a risk adjusted view of A substitute for management’s judgment
the achievability of enterprise objectives A bureaucratic exercise that is isolated from the
A means to enhance informed decision making business units
and risk taking A guarantee of a zero risk environment
An aggregated portfolio view of risks and
vulnerabilities and their potential interactions
A methodology that supports accountability for
risk across the organization
Traditional View
Credit Risk
Performance measured on ex-post basis in Return
Business Risk
on Assets (ROA) or contribution terms. Business
Operational Risk
Country Risk
Compliance
Unit Return on Equity (ROE), if measured, based on
Market Risk
Liquidity Risk
simply equity allocations
Reputation
Institution’s overall capital ratio
Regulatory capital
Evolving View
View on managing risk enterprise-wide
Measure risk, allocate capital based on risk, and measure performance relative to the cost of risk
(economic capital)
Clarify risk/return economics for line management, and incorporate into pricing and customer
profitability
Risk adjusted performance for business units, customers and portfolios utilize the same approach
Greater link between CFO and Chief Risk Officer
Evolving risk management capabilities is to build upon an institution’s strengths and existing
capabilities
6 Copyright © 2012 Deloitte Development LLC. All rights reserved.
Benefits and challenges of risk management
Risk management provides many benefits throughout the organization and beyond. However,
implementing an ERM program may pose challenges across the organization, especially with
risk language, risk infrastructure and risk data
Benefits Challenges
1. Clear governance practices embedded 2. Risk and return balance and risk
into the organizational structure: management priorities:
Increase oversight, interaction and Decision making is risk/return oriented and in
communication with board and senior partnership — risk is “right sized” to organization
management risk operating committees
Communicate a statement of the risk Compensation structure is aligned with risk and
philosophy and appetite of the firm that is reward
actionable and can be assessed
Risk management function has risk “veto”
Document and clarify roles and responsibilities authority with clear escalation/resolution
Develop integrated market and credit risk processes
framework processes
Re-prioritize infrastructure investment areas, Risk management should seek guidance and
focus on risk exposure aggregation, netting and have access to the board in order to understand
product coverage their objectives and perspective
Increased external disclosures to shareholders,
regulators, rating agencies
Optimized
Integrated
Comprehensive
Initial Siloed
• Ad hoc/chaotic • Independent risk • All risk types and • Risk interactions and • Risk discussion is
management activities business units dependencies embedded in strategic
• Reactive
• Limited focus on the encompassed rigorously evaluated planning, capital
• Processes undefined allocation, product
linkage between risks • End to end business • Risks to develop
and undocumented development, etc.
• Limited alignment of risk management overarching risk profile
• Depends primarily on process implemented aggregated • Use of dynamic early
risk to strategies
individual heroics, warning indicators
• Disparate monitoring & • Common framework, • Enterprise-wide “at
capabilities, and verbal
reporting functions program statement, risk” measure adopted • Linkage to
wisdom
policy, and risk • Risk performance measures
assessment criteria modeling/scenarios and incentives
• Dedicated team or
function
Optimized
Integrated
ERM Maturity
Reasons for higher ERM capabilities in
certain industries: Financial Services
• Highly regulated industry with intense
scrutiny from government entities
• Sophisticated risk analysis inherent to Insurance
the business
• Nature of operations is high risk
Energy
Mining
Note: Gradients indicate that a
Industrials small number of outliers define the
upper end of the range.
Technology
Life Sciences
Retail
Note: Placement of industries in this chart is judgmental, but based on Deloitte’s
depth of ERM knowledge and experience with a wide variety of industries.
Risk Intelligence (RI) is Deloitte’s risk management philosophy that is focused on maintaining the right balance between risk and reward. Simply put, organizations create value by
taking risks and lose value by failing to manage them. An effective risk management program focuses simultaneously on value protection and value creation. Deloitte calls
organizations that have attained this advanced state of risk management capability a “Risk Intelligent Enterprise™.”
13 Copyright © 2012 Deloitte Development LLC. All rights reserved.
Making ERM practical
Companies achieving higher maturity levels observe the 9 principles
Risk Governance
A common definition of risk, which addresses both value preservation and value
Common Definition of Risk
creation, is used consistently throughout the organization
Key roles, responsibilities, and authority relating to risk management are clearly
Roles & Responsibilities
defined and delineated within the organization
Governing bodies (e.g., Boards, Audit Committees, etc.) have appropriate transparency and
Transparency for Governing Bodies
visibility into the organizations risk management practices to discharge their responsibilities
Other functions (e.g., internal audit, risk management, compliance, etc.) provide
Objective Assurance and Monitoring objective assurance as well as monitor and report on the effectiveness of an
organization's risk program to governing bodies and executive management
Certain functions have a pervasive impact on the business and not only provide support to the
Support of Pervasive Functions business units as it relates to the organization's risk program, but also enhance and enable
success when strategically aligned and considered as essential elements of the program
14 Copyright © 2012 Deloitte Development LLC. All rights reserved.
Operating models
Control/Compliance Center for Excellence Reporter / Central Analysis
Operating
Philosophy
Executive Internal
Business Units ERM Function Risk Committees Audit Committee
Committee Audit
Take and Manage Monitor &
Oversee Approve Ratify Validate
Risks Aggregate
Board of Directors
External Auditor
• Understand how the
Regulator
• Portfolio optimization on the business makes money— • Top talent within audit—to
macro and micro level and actively challenge challenge the front office
initiatives if appropriate and risk management
• Promote a strong culture of function
adhering to limits and • Top talent with business
managing risk exposure experience engaging with • Independent oversight
management and NBD as function with ability to
• Ongoing monitoring of risks equals enforce fulfillment of
findings
• Independent from
management and staff that • Ability to link business and
originate risk exposures risk with process and IT
know-how
• Overarching risk oversight
unit across all risk types and
business units
Description Taking risk is Company takes an Company takes a Company accepts as little
considered part of aggressive approach balanced approach to risk risk as possible
company’s strategy towards taking risk taking
Example risk New market expansion Portfolio management, Operations, asset / liability Heath, safety, environment,
appetite by and acquisition innovation management security, fraud, financial
business activity activities reporting, regulatory
compliance and reputation
1 2 3 4 Risk 5 Risk
Risk Risk Risk
Response & Monitoring &
Identification Assessment Measurement
Mitigation Reporting
Core internal audit roles in regards Legitimate internal audit roles Roles internal audit should
to ERM with safeguards not undertake
21*Source: The Institute of Internal Auditors (IIA) Position Statement Copyright © 2012 Deloitte Development LLC. All rights reserved.
Leading Practices and
Insights from Deloitte’s
Global Risk Management
Survey – Seventh Edition
Global Risk Management Survey 2011
The seventh edition of the bi-annual Global Risk Management Survey represents Deloitte’s most recent
look at the state of risk management across the global financial services industry
Source: Navigating in a Changed World, Deloitte Global Risk Management Survey, 7th edition
http://www.deloitte.com/assets/Dcom-UnitedStates/Local%20Assets/Documents/us_fsi_grms_031711.pdf
23 Copyright © 2012 Deloitte Development LLC. All rights reserved.
About the survey Primary Business
To what extent are responsibilities for risk management incorporated into performance
goals and compensation across the organization?
60%
56%
49%
50%
40%
22%
20%
20%
25%
22% 29%
26% 13%
19% 17% 10%
10%
10%
12% 13% 7%
6% 6%
2% 2% 3% 3% 3% 3%
0%
2008 2010 2008 2010 2008 2010 2008 2010 2008 2010
Senior management Middle management Finance personnel Operations personnel Staff personnel
Completely Substantially
How much value do you believe your organization has received from its
ERM program, or equivalent, in each of the following areas?
How effective do you think your organization is in managing each of the following
types of risks?
90%
77% 76%
80% 74% 71% 71%
71% 71%
70% 64% 64% 62%
60%
60% 56% 54% 54%
53%
49% 48% 47%
50% 45% 44% 44% 43%
41%
37% 37% 36%
40%
30%
20%
10%
0%
38%
37%
33%
31%
29%
28%
27%
Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this
presentation.
About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which
is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu
Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain
services may not be available to attest clients under the rules and regulations of public accounting.