Risk Mangement

Submitted by :Akhilesh Agnihotri BTB/08/1017 Section A

ENTERPRISE / OPERATIONAL RISK MANAGEMENT

At first glimpse, there is much similarity between operational risk management and other classes of risk (e.g., credit, market, liquidity risk, etc.) and the tools and techniques applied to them. In fact, the principles applied are nearly identical. Both ORM and ERM must identify measure, mitigate and monitor risk. However, at a more detailed level, there are numerous differences, ranging from the risk classes themselves to the skills needed to work with operational risk. Operational risk management is just beginning to define the next phase of evolution of corporate risk management. Should firms be able to develop successful ORM programs, the next step will be for these firms to integrate ORM with all other classes of risks into truly enterprise-wide risk management frameworks. See Exhibit 1 for an example of an ERM / ORM organizational structure representative of the banking industry

WHY ENTERPRISE MANAGEMENT?

OPERATIONAL

RISK

There are many reasons ERM / ORM functions are being established within corporations. The following are a few of the reasons these functions are being established.

ORGANIZATIONAL OVERSIGHT
Two groups have recently emphasized the importance of risk management at the organizations highest levels. In October 1999, the National Association of Corporate Directors released its Report of the Blue Ribbon Commission on Audit Committees, which recommends that audit committees define and use timely, focused information that is responsive to important performance measures and to the key risks they oversee. The report states that the chair of the audit committee should develop an agenda that includes a periodic review of risk by each significant business unit. In January 2000, the Financial Executives Institute released the results of a survey on audit committee effectiveness. Respondents, primarily chief financial officers and corporate controllers, ranked key areas of business and financial risk as most important for audit committee oversight. In light of events surrounding recent corporate scandals (e.g., Enron, etc.), and the increasing executive and regulatory focus on risk management, the percentage of companies with formal ERM methods is increasing and audit committees are becoming more involved in corporate oversight. The UK and Canada have set forth specific legal requirements for audit committee oversight of risk evaluation, mitigation, and management which are widely accepted as best practices in the U.S.

MAGNITUDE OF PROBLEM
The magnitude of loss and impact of operational risk and losses to date is difficult to ignore. Based on years of industry loss record-keeping from public sources, large operational risk-related financial services losses have averaged well in excess of $15 billion annually for the past 20 years, but this only reflects the large public and visible losses. Research has yielded nearly 100 individual relevant losses greater than $500 million each, and over 300 individual losses greater than $100 million each. Exhibit 2
1

is a listing of major operational losses. Interestingly enough, the majority of these losses have occurred in financial services, which explain the industrys leading focus on operational risk management especially in the area of asset-liability modeling and treasury management models to manage risks in the highly volatile capital markets activity of derivative trading and speculation.

MARKET FACTORS
Market factors also play an important role in motivating organizations to consider ERM / ORM. Comprehensive shareholder value management and ERM / ORM are very much linked. Todays financial markets place substantial premiums for consistently meeting earnings expectations. Not meeting expectations can result in severe and rapid decline in shareholder value. Research conducted by Tillinghast-Towers Perrin found that with all else being equal, organizations that achieved more 3 consistent earnings than their peers were rewarded with materially higher market valuations. Therefore, for corporate executives, managing key risks to earnings is an important element of shareholder value management. The traditional view of risk management has often focused on property and liability related issues or internal controls. However, traditional risk events such as lawsuits and natural disasters may have little or no impact on destroying shareholder value compared to other strategic and operational exposuressuch as customer demand shortfall, competitive pressures, and cost overruns. One explanation for this is that traditional risk hazards are relatively well understood and managed todaynot that they dont matter. Managers now have the opportunity to apply tools and techniques for traditional risks to all risks that affect the strategic and financial objectives of the organization. For non-publicly traded organizations, ERM / ORM is valuable for many of the same reasons. Rather than from the perspective of shareholder value, ERM / ORM would provide managers with a comprehensive overview of other important items such as cash flow risks or stakeholder risks. Regardless of the organizational form, ERM / ORM can be an important management tool.

CORPORATE GOVERNANCE
Defense against operational risk and losses flows from the highest level of the organizationthe board of directors and executive management. The board, the management team that they hire, and the policies that they develop, all set the tone for a company.

COMMENTS
1) It seems clear that ERM / ORM is more than another management fad or academic theory. We believe that ERM / ORM will become part of the management process for organizations in the future. Had ERM / ORM processes been in place during the past two decades, a number of the operational risk debacles that took place may not have occurred or would have been of lesser magnitude. 2) Companies are beginning to see the benefit of protecting themselves from all types of potential risk exposures. By identifying and mapping risk exposures throughout the organization, a company can concentrate on mitigating those exposures that can do the most damage. With an

understanding of risks, their severity, and their frequency, a company can turn to solutions; be it retaining, transferring, sharing, or avoiding a particular risk. 3) Our thoughts on what will happen in the ERM / ORM environment in the next 5 years are: In the next 5 years, it is likely that companies will no longer view risk management as a specialized and isolated activity: the management of insurance or foreign exchange risks, for instance. The new approach will keep managers and employees at all levels sensitized to and concerned about risk management. Risk management will be coordinated with senior management oversight and everyone in the organization will view risk management as part of his or her job. The risk management process will be continuous and broadly focused. All business risks and opportunities will be covered. In the next 5 years, the use of bottom-up risk assessments will be a standard process used to identify risks throughout the organization. The self-assessment process will involve everyone in the company and require individual units to focus and report on the threats to their individual business objectives.