ENTERPRISE RISK MANAGEMENT

A SELF STUDY PAPER

SUBMITTED TO

DEPARTMENT OF MANAGEMENT

Under The Supervision Submitted by

Assistant Professor Sunil kumar

Department of management MBA third sem

Ch.Bansi Lal University, Bhiwani

Countersigned by

Self-study paper In-charge

DEPARTMENT OF MANAGEMENT

CH.BANSI LAL UNIVERSITY BHIWANI

 CERTIFICATE -1

This is to certify that the material embodied in the self –study

paperentitled“Enterprise Risk Management”is based on original work .My
indebtenessto others works has been duly acknowledged at the relevant
places.

( Sunil )

M.B.A Third Sem

ROLL NO. 1600102014

CERTIFICATE -2

This is to certify that the selfstudy paper entitled, “Enterprise Risk

Management” Submitted by Sunil , Roll no. 16000102014 has been
supervised and checked by me and find it fit submission.

(Supervisor)

Mrs Vibha Rajgharia

Assistant professor

Department of Management

Ch.Bansi Lal University,Bhiwani

ENTERPRISE RISK MANAGEMENT

ABSTRACT:
Enterprise risk management (ERM) refers to a set of processes that enables the
effective management of the risks, opportunities, and expected and unexpected events that
may affect the enterprise. ... Together, these three frameworks are key enablers for a
successful ERM implementation and ongoing operation.

INTRODUCTION
Enterprise Risk Management (ERM Or E.R.M.) In Business Includes The Methods And
Processes Used By Organizations To Manage Risks And Seize Opportunities Related To The
Achievement Of Their Objectives. ERM Provides A Framework For Risk Management,
Which Typically Involves Identifying Particular Events Or Circumstances Relevant To The
Organization's Objectives (Risks And Opportunities), Assessing Them In Terms Of
Likelihood And Magnitude Of Impact, Determining A Response Strategy, And Monitoring
Progress. By Identifying And Proactively Addressing Risks And Opportunities, Business
Enterprises Protect And Create Value For Their Stakeholders, Including Owners, Employees,
Customers, Regulators, And Society Overall.

DEFINITION:
 Enterprise risk management (ERM) is the process of planning, organizing, leading,
and controlling the activities of an organization in order to minimize the effects
of risk on an organization's capital and earnings.
 Enterprise risk management (ERM) is the process of planning, organizing, leading,
and controlling the activities of an organization in order to minimize the effects of risk
on an organization's capital and earnings. Enterprise risk management expands the
process to include not just risks associated with accidental losses, but also financial,
strategic, operational, and other risks
 Enterprise risk management in business includes the methods and processes used by
organizations to manage risks and seize opportunities related to the achievement of
their objectives.
ERM FRAMEWORK

There are various important ERM frameworks, each of which describes an approach for
identifying, analyzing, responding to, and monitoring risks and opportunities, within the
internal and external environment facing the enterprise. Management selects a risk response
strategy for specific risks identified and analyzed, which may include:

1. Avoidance: exiting the activities giving rise to risk

2. Reduction: taking action to reduce the likelihood or impact related to the risk

3. Alternative Actions: deciding and considering other feasible steps to minimize risks.

4. Share or Insure: transferring or sharing a portion of the risk, to finance it

5. Accept: no action is taken, due to a cost/benefit decision

Monitoring is typically performed by management as part of its internal control activities,
such as review of analytical reports or management committee meetings with relevant
experts, to understand how the risk response strategy is working and whether the objectives
are being achieved.

RISK MANAGEMENT PROCESS

1. Establishing Context: This includes an understanding of the

current conditions in which the organization operates on an internal, external and risk
management context.

2. Identifying Risks: This includes the documentation of the

material threats to the organization’s achievement of its objectives and the
representation of areas that the organization may exploit for competitive advantage.

3. Analyzing/Quantifying Risks: This includes the calibration and,

if possible, creation of probability distributions of outcomes for each material risk.
 4. Integrating Risks: This includes the aggregation of all risk
distributions, reflecting correlations and portfolio effects, and the formulation of the
results in terms of impact on the organization’s key performance metrics.

5. Assessing/Prioritizing Risks: This includes the determination of

the contribution of each risk to the aggregate risk profile, and appropriate
prioritization.

6. Treating/Exploiting Risks: This includes the development of

strategies for controlling and exploiting the various risks.

7. Monitoring and Reviewing: This includes the continual

measurement and monitoring of the risk environment and the performance of the risk
management strategies.

FIVE BENEFITS OF ENTERPRISE RISK

MANAGEMENT

1. CREATION OF A MORE RISK FOCUSED CULTURE FOR THE

ORGANIZATION
Organizations that have implemented ERM note that increasing the focus on risk at the senior
levels results in more discussion of risk at all levels. The resulting cultural shift allows risk to
be considered more openly and breaks down silos with respect to how risk is managed.

2. STANDARDIZED RISK REPORTING

ERM supports better structure, reporting, and analysis of risks. Standardized reports that
track enterprise risks can improve the focus of directors and executives by providing data that
enables better risk mitigation decisions. The variety of data (status of key risk indicators,
mitigation strategies, new and emerging risks, etc.) helps leadership understand the most
important risk areas. These reports can also help leaders develop a better understanding of
risk appetite, risk thresholds, and risk tolerances.

3. IMPROVED FOCUS AND PERSPECTIVE ON RISK

ERM develops leading indicators to help detect a potential risk event and provide an early
warning. Key metrics and measurements of risk further improve the value of reporting and
analysis and provide the ability to track potential changes in risk vulnerabilities or likelihood,
potentially alerting organizations to changes in their risk profile.

4. EFFICIENT USE OF RESOURCES

In organizations without ERM, many individuals may be involved with managing and
reporting risk across operational units. While developing an ERM program does not replace
the need for day to day risk management, it can improve the framework and tools used to
perform the critical risk management functions in a consistent manner. Eliminating redundant
processes improves efficiency by allocating the right amount of resources to mitigating the
risk.

5. EFFECTIVE COORDINATION OF REGULATORY AND COMPLIANCE

MATTERS
Bond rating agencies, financial statement auditors, and regulatory examiners, have begun to
inquire about, test, and use monitoring and reporting data from ERM programs. Since ERM
data involves identifying and monitoring controls and mitigation efforts across the
organization, this information can help reduce the effort and cost of such audits and reviews.

Through all of the benefits noted above, ERM can enable better cost management and risk
visibility related to operational activities. It also enables better management of market,
competitive, and economic conditions, and increases leverage and consolidation of disparate
risk management functions.

10 COMMON ERM CHALLENGES

Very few organizations find enterprise risk management implementation easy–it requires a
rare combination of organizational consensus, strong executive management and an
appreciation for various program sensitivities. Despite the effort required, however, ERM is
worth it because it forces most organizations to step back and identify their risks, which is
one of the first steps to protecting capital and driving shareholder value. As boards and
executive management evaluate ERM, however, they usually come away with more questions
than answers. While each company faces specific concerns, the more challenging ERM issues
are generally consistent across companies and are largely unrelated to industry, geography,
regulation or competitive landscapes. By examining some of these common ERM challenges,
as well as the creative solutions that have been applied by other organizations, management
will be better equipped to develop and revamp their own enterprise risk management
programs.

1. Assessing ERM’s Value

In an economy driven by positive return on investment, organizations often struggle to
demonstrate sufficient ERM value to justify implementation costs. While traditional
investment decisions are evaluated using common risk and reward metrics such as return on
equity (ROE), return on assets (ROA) and risk adjusted return on capital (RAROC), ERM
value drivers are less prescriptive. Despite growing guidance, ERM remains largely
voluntary, resulting in a value proposition void of compliance language and regulatory
encouragement.

2. Privilege

An ERM program allows management to quantify the company’s risks. As risk information
becomes increasingly event-driven and dollar-based, company lawyers may raise issues
regarding risk distribution to external regulators, auditors and constituents. Organizations
must balance risk visibility and legal exposure.

3. Defining Risk

One of the biggest challenges is establishing a consistent and commonly applied risk
nomenclature. Any inconsistencies between risk definitions or methodologies are likely to
jeopardize the programs success.

4. Risk Assessment Method

Enterprise risk assessments are performed using a variety of approaches and tools, including
surveys, interviews and historical analysis. Each approach offers its own value and
drawbacks that must be closely reviewed to determine organization suitability.

5. Qualitative Versus Quantitative

A key decision for many organizations is whether risks are assessed using qualitative or
quantitative metrics. The decision is generally driven by the organizations industry,
commitment to ERM, its view regarding privilege and overall cost.

The qualitative method provides management with general indicators rather than specific risk
scores. Qualitative results are commonly presented as red, yellow and green light, or high,
medium and low risks. Qualitative assessments may be open to interpretation, guided by
descriptors (e.g., assess red light or high risk where the exposure represents a catastrophic
exposure) or framed using broad dollar ranges (e.g., a green light indicates an exposure less
than $10 million).

Qualitative risk assessments are frequently favored because they require less sophisticated
risk aggregation methods, mathematical support and user training, which means lower
implementation costs. Conversely, qualitative results are commonly criticized for their
limited alignment with key financial statement and budgetary indicators. Additionally, some
critics suggest qualitative results are generally more difficult to interpret, which limits
managements ability to assign accountability and remediate.

6. Time Horizon

The time horizon of ERM risk assessment is largely based on the organization’s intent to use
ERM risk results and its willingness to invest in risk management.

Many companies use ERM results for quarterly or year-end planning, while more
sophisticated companies integrate ERM results into annual budgeting and longer-term
strategic planning processes.

The shorter-term time horizon (less than 12 months) is generally preferred as it requires less
user training, provides increased risk estimation accuracy and is generally less expensive than
the longer-term alternative. The longer-term solution is applied where management values
risk visibility beyond the annual financial reporting period and additional time to remediate.
Regardless of the approach, the risk assessment time horizon must be consistent with
intended ERM program objectives.

7. Multiple Potential Scenarios

Consider the following scenario: The ERM team asks a respondent to assess the likelihood of
counterparty default and its subsequent loss impact during the current fiscal year. The
respondent determines that there is a 100% probability of at least one counterparty default
with a low financial impact over the defined time horizon (high probability/low impact
event). There is also a 5% probability of at least one counterparty default with a significant
financial impact (low probability/high impact event) and several default scenarios with
varying loss severity estimates (moderate probability/moderate impact).

This situation highlights an issue associated with basic risk assessment methods?most risks
have multiple event likelihoods and risk severities.

8. ERM Ownership

The question regarding who should “own” ERM is often unclear and commonly disputed at
the board, audit committee and management levels.

9. Risk Reporting

Organizations often struggle with two risk reporting issues: 1) what information should be
shared with various internal and external constituents, and 2) how should risk be
communicated.

10. Simulations and Stress Tests

Stress tests allow management to assess the degree that business operations may be
negatively affected by prescribed events and gauge the organization’s ability to respond.
While the concept is intuitive, organizations often struggle to balance the need for meaningful
simulation and stress tests against a nearly infinite number of potential scenarios. Similarly,
organizations frequently struggle to identify and predict unknown or unlikely risks (also
known as black swans or game changers).

CONCLUSION: enterprise risk management arose when the traditional risk manager and
the financial risk manager began reporting to the same individual in a corporation, commonly
the treasurer or chief financial officer. Each risk management specialty had its own
terminology, its own methodology and its own focus. However, each dealt with risk the firm
was facing. It quickly became apparent that a common approach to risk management would
be preferable to an individual approach and an integrated approach preferable to a separatist
approach. The evident success of first hazard risk management and later financial risk
management has encouraged managers to try to include these and other forms of risk in an
overall risk management strategy. Whether this approach succeeds will depend on the ability
of those involved in the separate risk categories to develop an integrated approach and extend
it to other areas of risk. This is not truly a new form of risk management it is simply a
recognition that risk management means total risk management, not some subset of risks. The
new focus on the concept of enterprise risk management provides an opportunity for 22 risk
managers to apply their well established and successful approaches to risk on a broader and
more vital scale than previously. This is an excellent opportunity to advance the science of
risk management.

REFERENCE:
 Casualty Actuarial Society Websites: http://www.casact.org/research/ermsurv.htm
http://www.casact.org/CONEDUC/specsem/erm/2001/handouts/handouts.htm
 Shimpi, Prakash A. 1999. Integrating Corporate Risk Management.
 Wikipedia
 Investopedia
 Holton, Glyn A. 1996. Enterprise Risk Management. Contingency Analysis.
(http://www.contingencyanalysis.com/_frame/frameerm.htm)