Date post: | 26-Dec-2015 |
Category: |
Documents |
Upload: | asher-rogers |
View: | 234 times |
Download: | 11 times |
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2008 Annual Meeting ● Assemblée annuelle 2008
Québec
2008 Annual Meeting ● Assemblée annuelle 2008
Québec
Canadian Institute
of Actuaries
Canadian Institute
of Actuaries
L’Institut canadien desactuaires
L’Institut canadien desactuaires
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
Agenda
1. Risk Management Overview
2. Major Financial Institution Case Study
3. Best Practices for a Risk Assessment
4. Perform Risk Assessment with CIA
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
The iceberg of risk
3
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
The Value Killers
Deloitte identified the following in its research The Value Killers (2005):
– Almost 50% of global 1000 companies lost 20% or more in share price in less than a month during the past 10 years — some never recovered.
– 80% of losses were due to interaction of multiple risks.– Most major losses were as the result of a series of high-
impact but low-likelihood events.– Almost all organizations have risk management located
in specialist silos.
4
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
Case Study of a Successful Risk Assessment
TD Bank Financial Group
5
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
The Situation – A Top Down Approach
These are the risks in achieving the
corporate strategy, now what controls are in place or need to be
put into place?
Corporate Strategy
Segment StrategySegment Strategy
Business Unit-Level Strategy
Segment StrategySegment Strategy
Objectives to fulfill strategy
Segment StrategySegment Strategy
Business Unit-Level Strategy
Segment StrategySegment Strategy
Business Unit-Level Strategy
Segment Strategy
Segment Strategy
Segment Strategy
Segment StrategySegment Strategy
Objectives to fulfill strategy
Segment StrategySegment Strategy
Objectives to fulfill strategy
Strategic Risks
Credit Risks
Market Risks
Insurance Risk
Liquidity Risks
Regulatory /Legal Risk
Operational Risk
Reputation Risk
6
The Situation – A Top Down Approach
Entity Level Risks
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008 The Risk Committee at TD Bank Financial Group was tasked
with the responsibility to satisfy itself that sound policies, procedures, and practices were implemented for the management of key risks.
The challenge facing TD Bank Financial Group was how to effectively and efficiently complete the risk assessment with the following factors involved:
• 60 RCSA workshops annually• Average of 10 attendees per session • Geographically separated: Canada, US, UK
The Challenge
7
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
Step 1:
Conduct risk assessment sessions with participants in the same location using Resolver*Ballot:
• Allowing TD Bank Financial Group to consider a set of risks with associated controls in a collaborative manner, and then to generate consensus on key areas of risk or control deficiency.
• Respondents given a wireless, hand-held, numeric keypad and results were presented immediately in sophisticated, real-time graphs and charts.
• Compared to previous method, this process allowed more meaningful discussion, faster report generation, and greater consensus on the results.
The Solution
8
The Solution
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
Step 2:
Introduced Resolver*Net, an online version for the risk assessment for groups that could not be in one location at the same time which:
• Allowed TD Bank Financial Group to gather input from a larger constituency
• Fewer attendees provided a time savings, but also the workshops themselves were reduced in length from 3 hours to 1 hour by doing the surveys from their desks.
• Allowed participants to submit written comments providing risk owners with a more comprehensive understanding of the impact and likelihood of risks occurring.
• Flexibility for external stakeholders with same scales and comparable data
9
The Solution
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
• Business unit- and Segment-level understanding of their risks
• Consensus around ‘high’ risks, weaknesses in control environment and what actions are needed (internal control culture)
• Risk assessment results are used to analyze risks across the Business Units, Segments and the Bank -> can help with resource allocation
• “No surprise” environment
• Improved financial performance as we move from a reactive to a proactive management of risks -> risks feed into Key Risk Indicators (KRIs)
10
The Results
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
5 Best Practices for Designing and Conducting a Risk Assessment
11
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
1. Define Your Risk Assessment Goals
12
Are your risks and controls commonly named across your organization in order to integrate results with other divisions or look for efficiencies in assessment or mitigation?
Do you have responses from the most informed people?
Do you have responses from enough people to have an accurate view?
How quickly are you able to execute the assessment from launch to reports?
Are you involving a smaller team or many people across the organization?
Also, are your participants at one level (e.g. management) or across many levels?
Will your risk assessment focus on one area (e.g. fraud), or combine several (Operational, Strategic, Compliance…)?
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2. Determine the scopeWhat is your goal in gathering risk assessment data :
– To look closely at one area or across the organization?
– To understand one risk area in detail (e.g. fraud) or examine many areas of risk?
13
e.g. many risk categories 1 location
e.g. 1 risk category,
all locations
e.g. 1 risk category, 1 location
e.g. many risk categories
all locationsD
epth
of
risk
s as
sess
ed
Reach across organization
Focused Broad
Broad
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2. Determine the scope
2 strategies for including many risk categories:
2. Specific participants are asked to assess specific risks (pre-selected for them)
1. All participants review all risks and can “opt-out” of assessing those they are not familiar with
Strategic Risks
Credit Risks
Market Risks
Insurance Risk
Liquidity Risks
Regulatory/Legal Risk
Operational Risk
Reputation Risk
14
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
3. Choose the appropriate forum for the Risk Assessment
15
a) Individual risk owner evaluates risk in GRC application, combined results roll-up into a risk dashboard
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
16
b) Risk & Control Self Assessment Workshop. Team of 5-25 people assess risks and average is calculated (same time/place)
3. Choose the appropriate forum for the Risk Assessment
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
17
c) Risk & Control Self Assessment Online Survey. Unlimited participants across the organization assess risks and average is calculated in aggregate or down to location (different time/place)
3. Choose the appropriate forum for the Risk Assessment
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
4. Clarify Your Likelihood & Impact Criteria
18
LIKELIHOOD:If you are scoring residual likelihood (considering all controls currently in place), it is critical that participants understand the controls that ARE and ARE NOT in place.
Risk 1Control 1.1Control 1.2Control 1.3
Risk 2Control 2.1Control 2.2Control 2.3
IMPACT:Clarify ALL impact metrics. Consider building an Impact Matrix. Write the definition for each intersection.
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
5. Create a Productive Workshop Environment
a) Responses should be anonymous – reported in aggregate
b) Reduce the influence of the “Loudest voice” in the room
19
The use of voting software with wireless keypads is an
effective technique.
Participants enter their scores and the anonymous
results are shown at the front of the room
You “see what they are thinking”
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
5. Create a Productive Workshop Environment
c) 3. Show levels of agreement around risk scores, discuss those where agreement is low and re-score
20
Represents low level of agreement
Represents high level of agreement
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
2008
Ann
ual M
eetin
g
Ass
embl
ée a
nnue
lle 2
008
5. Create a Productive Workshop Environment
d) 4. Share results with RCSA participants
21