Enterprise Risk Management Scott Moss, CIS P/C Trust Director
Maryam Z. Sherkat, MIABC Legal Counsel & Risk Officer
Mayor Teunis Westbroek, MIABC Board Chair
Outline ERM Frameworks Why CIS is Involved in ERM CIS ERM Efforts Risk Register and Ranking Risk Map CIS ERM Next Steps DART Challenges Outcome Improvements
What We Are Not Talking About
Not a class in ERM details Selling ERM Capital Modeling ERM
‒ Solvency II
‒ Own Risk Solvency Assessment (ORSA)
ERM Frameworks
RIMS Maturity Model UK & Australia standards of ERM COSO ISO 31000 (CIS follows this model)
ERM Framework 1. Establish the internal
and external context2. Risk assessment3. Risk treatment4. Monitor results5. Communicate and
consult with internal and external stakeholders
Why Is CIS Involved in ERM?
Be an example for members Good management Framework for decisions Explicitly address uncertainty Desire to continually improve Destined to be the future of risk
management
CIS ERM Efforts
1. Organizational Wide Assessment
2. Decision Making
3. Capital Modeling Using ERM
4. ERM Tools for Members
Risk Register & Ranking
Governance Operational Public Image Compliance Technology Hazard Human
Resource
Financial Business Model Political Competition Underwriting Reserving/Claims Reinsurance
Risk Map
FinancialBusiness ModelPoliticalCompetitionUnderwritingReserving/ClaimsReinsurance
2.5 3 3.5 4 4.5 5 5.50
1
2
3
4
5
6
4
5
5
2
4
3
3
5
4
3
CIS Risk Map
Impact/Severity
Likelihood/Frequency
CIS ERM Continuing
1. Assign “Risk
Owners”
2. Develop Mitigation Plans for each risk
3. Establish “Early
Warning Indicators”,
Benchmarks, and
Dashboards for each risk
4. Using ERM
Decision Model in
major decision
Decision Assist Risk Tools (DARTs)
Member-focused ERM services and tools: ERM Framework ERM Consulting Executive Risk Management Team Sample Risk Registers Sample Risk Mitigation Plans Sample Monitoring
Challenges
Definition of ERM not consistent
Does ERM “fit” in public sector?
Board understanding value
Members not having the resources or desire to practice ERM
Challenges
Cutting edge for pools in US
Not required by auditors or regulators
Results are unclear
Outcome Improvements
1. Enhance skills to make decisions with opportunities and threats.
2. Formal risk owners and risk mitigation plans.
3. Better monitoring of risks with early warning flags, benchmarks, and dashboards.
Why is the MIABC involved in ERM?
Initially, because it was required by our
regulator
Advanced Risk Management
Traditional RiskManagement
Enterprise-wide Risk Management
Risk is bad – focus is on transferring risk
Risk is an expense – focus is on reducing cost of risk
Risk is uncertainty –focus is on optimizingrisk to achieve goals
Evolution of Risk Management
MIABC ERM Process
MIABC ERM Framework
MIABC Working Groups
MIABC Mitigation Plans
Board has ultimate responsibility for overseeing the MIABC’s risk profile.
The MIABC’s management team oversees the ERM program.
Risks are to be managed within the Board’s risk parameters, expressed as a “Risk Appetite Statement” (RAS).
The RAS is the organization’s overarching attitude towards risk-taking.
Board’s Role in the ERM Program
MIABC Strategic Plan
Challenges Commitment to and understanding of ERM
both at Staff and Board level.
After initial progress, momentum slowed.
Quantifying risk rating and measuring progress.
Continued monitoring and assessment.
Benefits
Evolved approach to be more proactive with respect to risk management.
Identified areas of concern that needed to be addressed.
Enhanced focus of resources and efforts.
Benefits
Encouraged cross-departmental interaction and cooperation.
Identified risks of not undertaking certain activities and initiatives.
Closing
“Risk management needs to be interwoven into all aspects of a firm’s business and should be a part of the calculus of all decision-making.”
— Dr. Randall S. KrosznerGovernor, Federal Reserve Board
Contact Information
Scott Moss CIS P/C Trust [email protected]
Maryam Z. SherkatMIABC Legal Counsel & Risk [email protected]