LITMIR.BIZ

Скачать книгу

butterfly's wings, this had multiple effects around the globe. Rising oil prices drove up inflation, which caused the U.S. Federal Reserve to raise interest rates to historical levels, a response that fueled volatility not only in the United States but worldwide as well. These economic changes created a need for financial risk management that companies had not experienced before.

      The Seventies and early Eighties saw the introduction of new financial risk-management tools, particularly derivatives such financial futures, options, and swaps. These new tools allowed companies to manage volatile interest rates and foreign exchange rates and were effective when used properly. But some firms suffered severe losses from ill-conceived derivatives trades. In 1993, the German corporation Metallgesellschaft barely avoided bankruptcy after a $1.3 billion loss due to oil futures contracts. The next year, Procter & Gamble lost $157 million due to an injudicious swap. In the Nineties, devastating losses due to operational risk were all too common, often for lack of standard controls such as management supervision, segregation of duties, or basic checks and balances. In 1995 Barings Bank was driven bankrupt after a loss of $1.3 billion due to unauthorized derivatives trades. Only months later, Daiwa Bank was forced to end all U.S. operations in the aftermath of a $1.1 billion scandal surrounding unauthorized derivatives trading. Early risk managers operating under traditional practices simply overlooked operational risk, leaving it to the relevant business units.3

      THE CASE FOR ERM

      Despite the high-profile losses, the 1990s saw important steps forward in ERM. Risk quantification became more sophisticated with the advent of value-at-risk models (VaR). Before VaR, the primary risk measure was probable maximum loss, which is similar to the potential loss and can be expressed in the question, “What's the worst that could (reasonably) happen?” By contrast, a VaR metric predicts, to a specific level of confidence, potential losses over various time intervals. Early versions of modern ERM appeared around this time as companies developed more sophisticated risk quantification methods for market risk and credit risk, as well as initial operational risk management programs. In the mid-1990s, companies began appointing chief risk officers (CROs) to establish a C-suite executive who could integrate the various risk management functions under a single organization. Steady progress continued until the 2008 financial crisis, which revealed numerous shortcomings in risk management models and reminded businesses of the need for improvement.

      Organizations continue to discover the value of ERM and work to implement their own customized programs. Let us look at three perspectives:

      • The current demand for ERM

      • The current state of ERM

      • What ERM can look like and what it can do

      The Current Demand for ERM

      We work in a business climate rife with volatility and risk. A recent survey by the Association for Financial Professionals (AFP) found that 59 percent of financial professionals consider their firms to be subject to more earnings uncertainty now than five years previously. Only 12 percent believe they are operating with more certainty today.4 A similar majority said it is more difficult to forecast risk than it was five years ago and foresaw it getting even more difficult three years hence. Risks considered to have the greatest impact on earnings were (in order of decreasing frequency): customer satisfaction and retention, regulatory risk, GDP growth, political risk, energy price volatility, labor and HR issues, and natural disasters.

      So what are firms doing to prepare for these risks? By their own admission, less than they would like. Only 43 percent of respondents to the AFP study felt their ability to forecast crucial variables was relatively strong while the rest needed improvement; 10 percent even considered their capabilities weak to nonexistent. Companies recognize a growing need for changes in risk management processes. Organizations are hiring risk professionals, investing in IT systems, automating financial processes, and placing a greater focus on risk awareness and culture. Many have beefed up executive review of business strategy and assumptions (63 percent) while others have increased risk analysis and forecasting as well as reports to management.

      The individual ultimately responsible for managing this growing risk is frequently the CFO, named by 38 percent of the firms surveyed. Another 28 percent named the CEO or COO; 14 percent operated under a risk committee, 11 percent named the treasurer, and only 9 percent had a chief risk officer (CRO) as the primary overseer of risk management. It is important to note that these results were based on a cross-industry survey.

      Old Methods Won't Work

Today, companies recognize the need for better risk management, but amplifying old methods or tweaking existing structures to deal with increased risk carries dangers. Just one example: the highly interdependent risks that organizations frequently face. Figure 1.2 provides an illustration of risk interdependency in the form of a Venn diagram.

FIGURE 1.2 Risk Interdependencies

      Key interdependencies exist between financial and business risk, business and operational risk, and operational and financial risk. Furthermore, each major risk category comprises subcategories. For example, financial risk, as demonstrated in the figure, can be broken down into market risk, credit risk, and liquidity risk. These financial risks in turn have their own interdependencies.

      Let's examine loan documentation as a practical example of a key interdependency between operational risk and financial risk (in particular credit risk). As a business process, loan documentation quality is considered an operational risk. If a loan is performing (i.e., the borrower is making timely interest and loan payments), the quality of that specific loan document has no real economic impact. But if the loan is in default, the documentation quality can have a significant impact on loss severity because it affects collateral and bankruptcy rights. Loss analyses conducted by James Lam & Associates at lending institutions revealed that up to one-third of “credit losses” were associated with operational risks.

      According to the AFP survey above, about 12 percent of firms still use a siloed, decentralized structure. But in a complex, interlocking system of company-wide risks, this strategy is clearly insufficient. Some risks may remain poorly understood or even ignored. Gaps and redundancies may go unnoticed and unaddressed. And aggregate risk exposures across the organization could pose hidden threats. For example, if business units use different methodologies and systems to track counterparty risk, then it is difficult to quantify the aggregate exposure for a single counterparty. While the individual exposures at each business unit might be acceptable, the total counterparty exposure for the organization may exceed tolerance levels.

      On the other hand, an overly centralized system of risk management can fail to integrate the relevant risk information into the decision-making processes of an organization. A full 28 percent of organizations have a centralized risk management system, which can lead to ineffectual top-down management of risk-related decisions. Most organizations (60 percent) operate under a structure with centralized processes but decentralized implementation. In this arrangement, the risk monitoring, reporting, and systems are centralized, but the implementation of risk management strategies is in the hands of each business unit.5

      In a volatile economic climate, the most successful companies establish comprehensive, fully integrated risk management processes at each level of decision-making. ERM provides integrated analyses, strategies, and reporting with respect to an organization's key risks, which address their interdependencies and aggregate exposures. In addition, an integrated ERM framework supports the alignment of oversight functions such as risk, audit, and compliance, which rationalizes risk assessment, risk mitigation, and reporting activities. It also considers how macroeconomic factors, such as interest rates, energy prices, economic growth, inflation, and unemployment rate, can impact the organization's risk/return profile. This interweaving of ERM into an organization adds strength throughout, whereas merely applying a superstructure from the top down may leave weaknesses unaddressed.

      Integration Adds Value

      The value

Скачать книгу