Enterprise Risk Management Encyclopedia Entry.docx

Enterprise Risk Management Encyclopedia Entry.docx

《Enterprise Risk Management Encyclopedia Entry.docx》由会员分享，可在线阅读，更多相关《Enterprise Risk Management Encyclopedia Entry.docx（11页珍藏版）》请在冰豆网上搜索。

EnterpriseRiskManagementEncyclopediaEntry

Title:

EnterpriseRiskManagement

Authors:

JingAi

TheUniversityofTexasatAustin

Austin

Texas

U.S.A.

PatrickL.Brockett（correspondingauthor）

TheUniversityofTexasatAustin

Austin

Texas

U.S.A.

Keywords:

enterpriseriskmanagement（ERM）;riskappetite;operationalrisk;riskintegration;riskmeasure;riskaggregation;holisticriskmanagement

Abstract:

Enterpriseriskmanagement（ERM）isarecentriskmanagementtechniquewhereaportfolioofrisksismanagedinaholisticmanner.ERMhasinspiredinterestsfromvariouspartiesincludingcorporateexecutives,regulators,andratingagencies.UndertheERMframework,corporationstakeonnecessaryriskstopursuetheirstrategicobjectiveswithintheirrespectiveriskappetite.ThecoreoftheERMprocessisefficientriskintegration.Inter-relationsamongrisksandriskprioritizationarehighlightedintheriskintegrationprocessunderERM.Certainriskmeasuresandaggregationmethodsareusuallyinvolvedinitsimplementation.Effectiveriskreportingandcommunicationsinawell-designedorganizationalstructurearealsoessentialforthesuccessofERM.Beinganevolvingprocess,theultimategoalofERMistomovebeyondtheinitialincentiveoffulfillingcomplianceneedtoachievingrealeconomicvalue.

Note:

*inthemaintextsuggestspossiblecross-referencestootherentriesintheencyclopedia.Thesametermwhichappearsmultipletimesisonlymarkedonce.

WHATISERM?

Definition

Enterpriseriskmanagement（ERM）isarecentriskmanagementtechniquepracticedincreasinglybylargecorporationsinallindustriesthroughouttheworld.Itwaslistedasoneofthetwentybreakthroughideasfor2004inHarvardBusinessReview[1].ERMreflectsthechangeofmindsetinriskmanagementoverthepastdecades.Businessleadersrealizethatcertainrisksareinevitableinordertocreatevaluethroughoperationsandsomerisksareindeedpreciousopportunitiesifeffectivelyexploitedandmanaged.Inpursuitoftheabove,acorporation’sriskmanagementpracticeshouldbecarriedoutinaholisticfashion,alignedwithitsstrategicobjectives.Itflowsfromtherecognitionthatadollarspentonriskisadollarcosttothefirmregardlessofwhetherthisriskarisesinthefinancearenaorinthecontextofaphysicalcalamitysuchasafire.ERMproposesthatthefirmaddresstheserisksinaunifiedmanner.

TheprevailingdefinitionofERMadoptedbymostcorporationsistheoneproposedbyCommitteeofSponsoringOrganizationsoftheTreadwayCommission（COSO）intheir2004ERMframework[2].Itintendedtoestablishkeyconcepts,principlesandtechniquesofERM.Inthisframework,ERMisdefinedas“aprocess,effectedbyanentity’sboardofdirectors,managementandotherpersonnel,appliedinstrategysettingandacrosstheenterprise,designedtoidentifypotentialeventsthatmayaffecttheentity,andmanagerisktobewithinitsriskappetite,toprovidereasonableassuranceregardingtheachievementofentityobjectives.”ThisdefinitionhighlightsthatERMreachestothehighestleveloftheorganizationalstructureandisdirectlyrelatedtothecorporations’businessstrategies.Theconceptofriskappetiteisacrucialcomponentofthedefinition.Riskappetitereflectsthefirm’swillingnessandabilitytotakeonrisksinordertoachievetheobjective.Onceitisestablished,allsubsequentriskmanagementdecisionswillbemadewithinthecorporation’sriskappetite.Thus,thearticulationofriskappetitegreatlyaffectstherobustnessandsuccessofanERMprocess.Differentthemesofbusinessobjectivesareappliedtodetermineriskappetite.Amongthemostcommononesaresolvencyconcerns,ratingsconcerns,andearningsvolatilityconcerns[3].Thethemesdirectingtheriskappetiteprocessshouldbeconsistentwiththecorporation’sriskcultureandoverallstrategies.

Despiteitswideacceptance,theCOSOdefinitionisnottheonlyavailabledefinition.Forexample,CasualtyActuarialSociety（CAS）offeredanalternativedefinitioninits2003overviewofERM.InCAS’sdefinition,“ERMisthedisciplinebywhichanorganizationinanyindustryassesses,controls,exploits,finances,andmonitorsrisksfromallsourcesforthepurposeofincreasingtheorganizations’short-andlong-termvaluetoitsstakeholders.”[4]IndividualcorporationsmaydefineERMuniquelyaccordingtotheirownunderstandingandobjectives.Creatingaclear,firm-tailoreddefinitionisanimportantprecursortothefirmimplementingasuccessfulERMframework.Infact,a2006surveyofUScorporationsidentifiedthatlackofanunambiguousunderstandingofERMistheoneobstaclepreventingcompaniesfromputtingERMinplace[5].

CurrentdevelopmentofERM

Asarisingmanagementdiscipline,currentdevelopmentofERMvariesacrossindustriesandcorporations.Theinsuranceindustry,financialinstitutions,andtheenergyindustryareamongtheindustrysectorswhereERMhasseenrelativelyadvanceddevelopmentinabroadrangeofcorporations[6].TheenforcementofERMintheseindustrieswasoriginallystimulatedbyregulatoryrequirements.Recently,morecorporationsinotherindustries,andeventhepublicsector,arebecomingawareofthepotentialvalueofERMandriskmanagersareincreasinglybringingittotopexecutives’agendas.Accordingtoa2006surveyofUScorporations,overtwothirdsofthesurveyedcompanieseitherhaveanERMprograminplaceorareseriouslyconsideringadoptingone[5].AnearliersurveyofCanadiancompaniesobtainedsimilarresults.ItfoundthatoverathirdofthesamplecompanieswerepracticingERMin2003andanevenlargerportionofthesamplecompaniesweremovinginthatdirection[7].

DifferentstagesofERMimplementationhavebeenidentified.Accordingtoa2005surveyconductedofCanadianandUSorganizations,ERMimplementationcanbebrokendownintothreestagesbasedonthelevelofdevelopment[8].StageoneisERMstrategydevelopment,wherecorporationsdefinekeyconcepts,makeERMpoliciesandestablishtheriskmanagementframework.ThesecondstageisERMstrategyimplementation.CorporationsatthisstageimplementtheestablishedERMframeworkintheiroverallstrategiesandoperations.ThethirdstageofERMismonitoringandmaintainingthesystem.Atthisstage,ERMsustainabilityisthemainfocusachievedbyeffectiveinternaland/orexternalevaluations.Onlyasmallnumberofcorporations,mainlyininsurance,financialandutilityindustries,areatthisstageofERMpractice.ItisworthnotingthatERMisacontinuousevolvingprocess,bynomeanslimitedtotheaboveidentifiedthreestages.Asmorein-depthunderstandingandtechniquesaredeveloped,corporationswillmoveupwardtohigherstagesandmoreadvancedstagesarealsolikelytoemerge.

ERMIMPLEMENTATION

NotwithstandingtheattractivenessofERMconceptually,corporationsareoftenchallengedtoputitintoeffect.OneofthemainchallengesinERMimplementationistomanagethetotalityofcorporationrisksasaportfolioratherthanasindividualsilosasistraditionallydone.SeveralspecificaspectsofERMimplementationtogetherwithpresentchallengesareconsideredbelow.

DeterminantsofERM

AlthoughERMislargelyconsideredasthemostadvancedriskmanagementconceptandtoolkit,itiscarriedoutatdifferentpacesbycorporations.StudieshaveexaminedcorporatecharacteristicsthatappeartobedeterminantsofERMadoption.Forexample,LiebenbergandHoyt（2003）[9]findthatfirmswithgreaterfinancialleveragearemorelikelytoappointaChiefRiskOfficer（CRO）,tosignaltheiradoptionofERM.Inanotherstudy,factorsincludingpresenceofCRO,boardindependence,ChiefExecutiveOfficer（CEO）andChiefFinancialOfficer（CFO）supportforERM,useofBigFourauditors,andentitysizearefoundtobepositivelyrelatedtothestageofERMadoption[6].ThesefactorsreflectERM’sroleincorporategovernance.LaunchandpursuitoftheERMprocessleadtobettercorporategovernance,whichisdesiredbybothexternalandinternalconstituencies.

OperationalizationofERM

ThecoreofthechallengeliesinoperationalizingERMinpractice.Integrationofrisksisnotmerelyaprocedureofstackingallriskstogether,butratheraprocedureoffullyrecognizingtheinter-relationsamongrisksandprioritizingriskstocreatetrueeconomicvalue.Importantcomponentsofthisprocedureincluderiskidentification,riskmeasurement,riskaggregation,riskprioritizationandriskcommunication.

Riskidentification

ThefourmajorcategoriesofrisksconsideredunderanERMframeworkarehazardrisk,financialrisk,operationalrisk*,andstrategicrisk[4].Hazardriskreferstophysicalriskswhosefinancialconsequencesaretraditionallymitigatedbypurchasinginsurancepolicies.Examplesofhazardriskincludefire,theft,businessinterruption,liabilityclaims,etc.Financialriskreferstothoserisksinvolvingcapitalandfinancialmarket.Marketrisk（interestraterisk,commodityrisk,foreignexchangerisk）andcreditrisk（defaultrisk）areamongthemostimportantfinancialrisks.Thistypeofriskisusuallyhedgedbyfinancialinstruments,suchasderivatives.Operationalriskisanascentriskcategoryandhasinspiredincreasinginterest.Operationalriskincludesinternalfraud,externalfraud,employmentpracticesandworkplacesafety,clients,productsandbusinesspractices,damagetophysicalassets,businessdisruptionandsystemfailures,andexecution,deliveryandprocessmanagement[10].ThenewlyreleasedBaselCapitalAccordII[10]firstdrewattentiontooperationalriskinthebankingindustry.Theimpactsoonspreadstootherindustriesandnowoperat