Enterprise Risk Management Encyclopedia Entry.docx
《Enterprise Risk Management Encyclopedia Entry.docx》由会员分享,可在线阅读,更多相关《Enterprise Risk Management Encyclopedia Entry.docx(11页珍藏版)》请在冰豆网上搜索。
EnterpriseRiskManagementEncyclopediaEntry
Title:
EnterpriseRiskManagement
Authors:
JingAi
TheUniversityofTexasatAustin
Austin
Texas
U.S.A.
PatrickL.Brockett(correspondingauthor)
TheUniversityofTexasatAustin
Austin
Texas
U.S.A.
Keywords:
enterpriseriskmanagement(ERM);riskappetite;operationalrisk;riskintegration;riskmeasure;riskaggregation;holisticriskmanagement
Abstract:
Enterpriseriskmanagement(ERM)isarecentriskmanagementtechniquewhereaportfolioofrisksismanagedinaholisticmanner.ERMhasinspiredinterestsfromvariouspartiesincludingcorporateexecutives,regulators,andratingagencies.UndertheERMframework,corporationstakeonnecessaryriskstopursuetheirstrategicobjectiveswithintheirrespectiveriskappetite.ThecoreoftheERMprocessisefficientriskintegration.Inter-relationsamongrisksandriskprioritizationarehighlightedintheriskintegrationprocessunderERM.Certainriskmeasuresandaggregationmethodsareusuallyinvolvedinitsimplementation.Effectiveriskreportingandcommunicationsinawell-designedorganizationalstructurearealsoessentialforthesuccessofERM.Beinganevolvingprocess,theultimategoalofERMistomovebeyondtheinitialincentiveoffulfillingcomplianceneedtoachievingrealeconomicvalue.
Note:
*inthemaintextsuggestspossiblecross-referencestootherentriesintheencyclopedia.Thesametermwhichappearsmultipletimesisonlymarkedonce.
WHATISERM?
Definition
Enterpriseriskmanagement(ERM)isarecentriskmanagementtechniquepracticedincreasinglybylargecorporationsinallindustriesthroughouttheworld.Itwaslistedasoneofthetwentybreakthroughideasfor2004inHarvardBusinessReview[1].ERMreflectsthechangeofmindsetinriskmanagementoverthepastdecades.Businessleadersrealizethatcertainrisksareinevitableinordertocreatevaluethroughoperationsandsomerisksareindeedpreciousopportunitiesifeffectivelyexploitedandmanaged.Inpursuitoftheabove,acorporation’sriskmanagementpracticeshouldbecarriedoutinaholisticfashion,alignedwithitsstrategicobjectives.Itflowsfromtherecognitionthatadollarspentonriskisadollarcosttothefirmregardlessofwhetherthisriskarisesinthefinancearenaorinthecontextofaphysicalcalamitysuchasafire.ERMproposesthatthefirmaddresstheserisksinaunifiedmanner.
TheprevailingdefinitionofERMadoptedbymostcorporationsistheoneproposedbyCommitteeofSponsoringOrganizationsoftheTreadwayCommission(COSO)intheir2004ERMframework[2].Itintendedtoestablishkeyconcepts,principlesandtechniquesofERM.Inthisframework,ERMisdefinedas“aprocess,effectedbyanentity’sboardofdirectors,managementandotherpersonnel,appliedinstrategysettingandacrosstheenterprise,designedtoidentifypotentialeventsthatmayaffecttheentity,andmanagerisktobewithinitsriskappetite,toprovidereasonableassuranceregardingtheachievementofentityobjectives.”ThisdefinitionhighlightsthatERMreachestothehighestleveloftheorganizationalstructureandisdirectlyrelatedtothecorporations’businessstrategies.Theconceptofriskappetiteisacrucialcomponentofthedefinition.Riskappetitereflectsthefirm’swillingnessandabilitytotakeonrisksinordertoachievetheobjective.Onceitisestablished,allsubsequentriskmanagementdecisionswillbemadewithinthecorporation’sriskappetite.Thus,thearticulationofriskappetitegreatlyaffectstherobustnessandsuccessofanERMprocess.Differentthemesofbusinessobjectivesareappliedtodetermineriskappetite.Amongthemostcommononesaresolvencyconcerns,ratingsconcerns,andearningsvolatilityconcerns[3].Thethemesdirectingtheriskappetiteprocessshouldbeconsistentwiththecorporation’sriskcultureandoverallstrategies.
Despiteitswideacceptance,theCOSOdefinitionisnottheonlyavailabledefinition.Forexample,CasualtyActuarialSociety(CAS)offeredanalternativedefinitioninits2003overviewofERM.InCAS’sdefinition,“ERMisthedisciplinebywhichanorganizationinanyindustryassesses,controls,exploits,finances,andmonitorsrisksfromallsourcesforthepurposeofincreasingtheorganizations’short-andlong-termvaluetoitsstakeholders.”[4]IndividualcorporationsmaydefineERMuniquelyaccordingtotheirownunderstandingandobjectives.Creatingaclear,firm-tailoreddefinitionisanimportantprecursortothefirmimplementingasuccessfulERMframework.Infact,a2006surveyofUScorporationsidentifiedthatlackofanunambiguousunderstandingofERMistheoneobstaclepreventingcompaniesfromputtingERMinplace[5].
CurrentdevelopmentofERM
Asarisingmanagementdiscipline,currentdevelopmentofERMvariesacrossindustriesandcorporations.Theinsuranceindustry,financialinstitutions,andtheenergyindustryareamongtheindustrysectorswhereERMhasseenrelativelyadvanceddevelopmentinabroadrangeofcorporations[6].TheenforcementofERMintheseindustrieswasoriginallystimulatedbyregulatoryrequirements.Recently,morecorporationsinotherindustries,andeventhepublicsector,arebecomingawareofthepotentialvalueofERMandriskmanagersareincreasinglybringingittotopexecutives’agendas.Accordingtoa2006surveyofUScorporations,overtwothirdsofthesurveyedcompanieseitherhaveanERMprograminplaceorareseriouslyconsideringadoptingone[5].AnearliersurveyofCanadiancompaniesobtainedsimilarresults.ItfoundthatoverathirdofthesamplecompanieswerepracticingERMin2003andanevenlargerportionofthesamplecompaniesweremovinginthatdirection[7].
DifferentstagesofERMimplementationhavebeenidentified.Accordingtoa2005surveyconductedofCanadianandUSorganizations,ERMimplementationcanbebrokendownintothreestagesbasedonthelevelofdevelopment[8].StageoneisERMstrategydevelopment,wherecorporationsdefinekeyconcepts,makeERMpoliciesandestablishtheriskmanagementframework.ThesecondstageisERMstrategyimplementation.CorporationsatthisstageimplementtheestablishedERMframeworkintheiroverallstrategiesandoperations.ThethirdstageofERMismonitoringandmaintainingthesystem.Atthisstage,ERMsustainabilityisthemainfocusachievedbyeffectiveinternaland/orexternalevaluations.Onlyasmallnumberofcorporations,mainlyininsurance,financialandutilityindustries,areatthisstageofERMpractice.ItisworthnotingthatERMisacontinuousevolvingprocess,bynomeanslimitedtotheaboveidentifiedthreestages.Asmorein-depthunderstandingandtechniquesaredeveloped,corporationswillmoveupwardtohigherstagesandmoreadvancedstagesarealsolikelytoemerge.
ERMIMPLEMENTATION
NotwithstandingtheattractivenessofERMconceptually,corporationsareoftenchallengedtoputitintoeffect.OneofthemainchallengesinERMimplementationistomanagethetotalityofcorporationrisksasaportfolioratherthanasindividualsilosasistraditionallydone.SeveralspecificaspectsofERMimplementationtogetherwithpresentchallengesareconsideredbelow.
DeterminantsofERM
AlthoughERMislargelyconsideredasthemostadvancedriskmanagementconceptandtoolkit,itiscarriedoutatdifferentpacesbycorporations.StudieshaveexaminedcorporatecharacteristicsthatappeartobedeterminantsofERMadoption.Forexample,LiebenbergandHoyt(2003)[9]findthatfirmswithgreaterfinancialleveragearemorelikelytoappointaChiefRiskOfficer(CRO),tosignaltheiradoptionofERM.Inanotherstudy,factorsincludingpresenceofCRO,boardindependence,ChiefExecutiveOfficer(CEO)andChiefFinancialOfficer(CFO)supportforERM,useofBigFourauditors,andentitysizearefoundtobepositivelyrelatedtothestageofERMadoption[6].ThesefactorsreflectERM’sroleincorporategovernance.LaunchandpursuitoftheERMprocessleadtobettercorporategovernance,whichisdesiredbybothexternalandinternalconstituencies.
OperationalizationofERM
ThecoreofthechallengeliesinoperationalizingERMinpractice.Integrationofrisksisnotmerelyaprocedureofstackingallriskstogether,butratheraprocedureoffullyrecognizingtheinter-relationsamongrisksandprioritizingriskstocreatetrueeconomicvalue.Importantcomponentsofthisprocedureincluderiskidentification,riskmeasurement,riskaggregation,riskprioritizationandriskcommunication.
Riskidentification
ThefourmajorcategoriesofrisksconsideredunderanERMframeworkarehazardrisk,financialrisk,operationalrisk*,andstrategicrisk[4].Hazardriskreferstophysicalriskswhosefinancialconsequencesaretraditionallymitigatedbypurchasinginsurancepolicies.Examplesofhazardriskincludefire,theft,businessinterruption,liabilityclaims,etc.Financialriskreferstothoserisksinvolvingcapitalandfinancialmarket.Marketrisk(interestraterisk,commodityrisk,foreignexchangerisk)andcreditrisk(defaultrisk)areamongthemostimportantfinancialrisks.Thistypeofriskisusuallyhedgedbyfinancialinstruments,suchasderivatives.Operationalriskisanascentriskcategoryandhasinspiredincreasinginterest.Operationalriskincludesinternalfraud,externalfraud,employmentpracticesandworkplacesafety,clients,productsandbusinesspractices,damagetophysicalassets,businessdisruptionandsystemfailures,andexecution,deliveryandprocessmanagement[10].ThenewlyreleasedBaselCapitalAccordII[10]firstdrewattentiontooperationalriskinthebankingindustry.Theimpactsoonspreadstootherindustriesandnowoperat