ERM 004 ERM 57 Exam Review Enterprise Risk Management

ERM 57 Review
Mike Elliott, CPCU, AIAF, MBA

Rich Berthelsen, JD, CPCU, AIC, ARM, AU, ARe,
MBA
RIMS April 2014
Recording of this session via any media type is strictly prohibited.
Page 1
Overview
Exam Basics What to Expect

Test-Taking Tips
Review of Sections Students Find the
Most Challenging
Page 2
What to Expect on the Exam
Educational Objectives
Balanced Exam
Pretest Items
Page 3
Test-Taking Tips
Get the easy ones

Dont get bogged down early
Use the mark for later review feature
Eliminate the obviously wrong answers
Use your scratch paper to keep track
Page 4
Assignment 1
Introduction to Enterprise Risk Management
Page 5
ERM Definition
RIMS
A strategic business discipline that supports the achievement
of an organizations objectives by addressing the full spectrum
of its risks and managing the combined impact of those risks
as an interrelated risk portfolio.
Page 6
Traditional Risk Management Department
Page 7
ERM Governance Model
Page 8
Classifications of Risk
Page 9
Risk Quadrants
Page 10
Risk quadrants differ from risk classifications. While risk
classifications focus on specific characteristics of the
risk itself, risk quadrants focus on
A: pure and subjective risks.
B: subjective and objective risks.
C: risk diversification.
D: sources of risk.
Page 11
Assignment 2
Enterprise Risk Management

in an Organization
Page 12
Purpose and Types of Maturity Models
The purpose of a maturity model is to evaluate

or improve a business process.
Two types of particular interest are:
Capability Maturity Model
RIMS Risk Maturity Model
Page 13
Capability Maturity Model (CMM) and Capability
Maturity Model Integration
Has five levels:
Ad hoc
Initial
Defined
Managed
Optimizing
Page 14
Based on the Capability Maturity Model (CMM)
developed by Carnegie Mellon, an organization that has
basic risk management processes with no attempt at
enterprise-wide risk management is at which one of
the maturity levels?
A: Managed
B: Initial
C: Ad hoc
D: Defined
Page 15
RIMS Risk Maturity Model
Uses 5 maturity levels based on CMM applied
to 7 attributes:
Adoption of ERM-based approach
ERM process management
Risk appetite management
Root cause discipline
Uncovering risks
Performance management
Business resiliency and sustainability
Page 16
A risk maturity model that uses five maturity levels
based on the Capability Maturity Model, determining
the maturity level for each of seven attributes by
evaluating the degree to which key drivers are present,
is known as the
A: Capability Maturity Model
B: Standard and Poors (S&P) Risk Maturity Model
C: RIMS Risk Maturity Model
D: Aon Risk Maturity Index
Page 17
Organizational Functions Related to ERM
Page 18
Assignment 3
Enterprise Risk Management

Framework and Process
Page 19
Framework and Process
Page 20
ISO 31000 Framework and Process
Source: ISO
31000:2009
Page 21
COSO ERM
Source: COSO Enterprise Risk Management Integrated Framework

Page 22
Applying Risk Management Framework
The main purpose of the framework is to

integrate risk management throughout the
organization. The framework has 4 components
1. Lead and establish creditability
2. Align and integrate
3. Allocate resources
4. Communicate and report
Page 23
Assignment 4
Risk Oversight
Page 24
Page 25
The European Corporate Law Directive on Auditing has
produced a recommended framework that defines the
corporate governance roles. Under this framework,
which one of the following is responsible for converting
strategy into operational objectives?
A: Board of directors
B: Chief executive officer
C: Operational management
D: Senior management
Page 26
Page 27
Which statement describes one of the responsibilities
of an executive-level risk committee?
A: Assist the board in establishing risk appetite and
risk tolerance levels
B: Monitor the organizations compliance with
established risk limits
C: Approve the organizations risk management
strategies, including their design and implementation
D: Oversee exposures of the organizations critical
risks and advise the board on risk strategy
Page 28
Assignment 5
Strategic Planning and Enterprise

Risk Management
Page 29
Strategy Implementation
Some organizations apply a balanced scorecard

approach to implement strategy and to provide a
foundation for strategy evaluation. The balanced
scorecard approach translates an organizations
strategy into specific goals and actions assigned to
each department within the organization.
Page 30
SWOT Analysis Table
Page 31
Organizational Levels
Page 32
Which one of the following types of strategy
determines how individual departments within an
organization direct their activities?
A: Functional strategy
B: Business strategy
C: Corporate strategy
D: Operational strategy
Page 33
Assignment 6
Risk-Based Performance and Process

Management
Page 34
Key Performance Indicators
A key performance indicator (KPI) measures progress

toward an organizations goals, provides an
attainable standard for a specific activity, and gives
the focus or direction the activity is to take.
Page 35
Successful organizations have goals and objectives. A
financial or nonfinancial measurement that defines
how successfully an organization is progressing toward
its long-term goals is referred to as
A: an operating standard (OS).
B: a critical success factor (CSF).
C: a key performance indicator (KPI).
D: an objective gauge (OG).
Page 36
Purpose of Key Risk Indicators (KRIs)
Effective KRIs provide objective, quantifiable

information about emerging risks and trends in existing
risks that can affect an organizations success. A KRI can
reveal an upward trend in the level of a risk that, if it
continues, will exceed the designated risk threshold for
that risk.
Page 37
Which one of the following is an example of an external
key risk indicator (KRI) that a manufacturer might
monitor?
A: Number of employee injuries
B: Age of accounts payable
C: Amount of budget variances
D: Cost of raw materials
Page 38
Assignment 7
Internal Audit and Control
Page 39
Internal Control and Risk Management
Internal control a system or process that an

organization uses to achieve its operational goals,
internal and external financial reporting goals, or
legal and regulatory compliance goals.
Page 40
COSO Internal Control Framework
Source: COSO Internal Control Integrated Framework
Page 41
Three Lines of Defense Model
Source: FERMA/ECIIA
Page 42
According to the Three Lines of Defense Model,
internal audits role in risk assessment techniques
is to
A: design them.
B: implement them.
C: provide assurance on their effectiveness.
D: perform a control risk self-assessment (CRSA).
Page 43
Evolution of Internal Audit
Transaction Assurance of Risk-based

Approvals Internal Controls Approach
Page 44
Risk-Based Auditing
Aligns audit resources with the areas that

pose the greatest organizational risk.
Page 45
The modern approach to internal auditing differs
from the traditional approach by focusing on
A: the effectiveness of internal controls.
B: the relative riskiness of various activities.
C: transaction approvals.
D: systems-based compliance.
Page 46
Assignment 8
Regulation and Compliance
Page 47
Regulation
Rules-Based Principles-Based
More certainty and More flexible and focuses
predictability on outcomes
Less responsive to change Responds more quickly in a
Inflexible changing environment
Often circumvented Requires more
communication between
the regulator and the
regulated
Page 48
NAIC ORSA
Risk Prospective
Assessment of
Management Solvency
Risk Exposure
Framework Assessment
Principles-based (guidelines)
Applies ERM to insurance companies
Page 49
The NAIC Own Risk and Solvency Assessment
(ORSA) model law represents a change from past
NAIC directives because it is
A: specific in terms of reporting.
B: retrospective.
C: voluntary.
D: principles-based.
Page 50
Assignment 9
Risk Assessment and Treatment
Page 51
Risk Identification Tools
Facilitated workshops
Delphi technique
Scenario analysis
HAZOP
SWOT
Page 52
Which one of the following team approaches to
risk identification involves a select group of experts
in question-and-response cycles until a consensus
is achieved?
A: HAZOP
B: Scenario analysis
C: Delphi technique
D: SWOT
Page 53
Risk Treatment Techniques
Page 54
Assignment 10
Risk Modeling
Page 55
Influence Diagrams and Probabilities
GEV Industries hires inexperienced and experienced
workers to operate simple and complex machines.
Accident rates vary by worker experience and
complexity of machine.
GEV would like to estimate accident rates if it (a)

assigns workers randomly to machines or (b) assigns
workers to machines based on experience.
Page 56
Influence Diagram
Worker assignment to machines
Worker ? Machine
Experience Complexity
Accident
Rate
Cost of
Risk
Page 57
Machine and Worker Data
Simple Complex Inexperienced Experienced
machines machines workers workers
40 160 60 140
Random Worker Assignments Probabilities

Inexp. worker (30%) Exp. Worker (70%)
Simple machine (20%) 6% 14%
Complex machine (80%) 24% 56%
Accident Conditional Probability

Inexperienced Experienced
Simple Machine 5% 0%
Complex Machine 40% 10%
Page 58
Random Worker Assignments Probabilities

Accident Probability
Inexp. worker Exp. worker
Simple machine .3% 0.0%
Complex machine 9.6% 5.6%
Total accident probability = 15.5%
Page 59
Worker Assignments by Experience

Accident Probability
Inexp. worker Exp. worker
Simple machine 1% 0%
Complex machine 4% 7%
Total accident probability = 12%
Page 60
Twenty percent of PDQ Transports trucks have advanced
safety equipment and 80% do not. Thirty of PDQs drivers are
inexperienced and 90 are experienced. Assuming drivers are
assigned randomly to trucks, what is the probability that an
inexperienced driver is assigned to a truck without advanced
safety equipment?
A: 18%
B: 20%
C: 24%
D: 60%
Page 61
Correlation
Relationship between two variables

Number between +1 and -1
0 means no correlation
Page 62
Two variables are perfectly positively correlated.
If one of the variables increases, the other will
A: increase in direct proportion.
B: decrease in direct proportion.
C: increase at half the rate.
D: decrease at half the rate.
Page 63
Value at Risk (VaR)
Page 64
A $500,000, 2 percent VaR means losses are
expected to be
A: $10,000.
B: less than $500,000 2 percent of the time.
C: $490,000.
D: greater than $500,000 2 percent of the time.
Page 65
Assignment 11
Risk-Based Capital Allocation
Page 66
Cost of Equity
KE = rf + (rm rf )
Where:
= Beta of security
rm = Expected return on the market
rf = Risk-free rate
Page 67
Cost of Debt Equation
Cost of debt KD = (risk free rate of return rf +

risk premium) (1 tax rate)
Page 68
Polytech Company
Tax rate 40%

Risk-free rate 4%
Current Debt $10 million

Polytech credit spread 2.10%
Curent Equity $100 million

Expected market return 10%
Market risk premium 6%
Polytech Beta 1.20
69
Page 69
Polytech Company
Estimate the cost of debt

Estimate the cost of equity
Optimal capital structure = weighted average of the
cost of debt and the cost of equity
70
Page 70
Polytech Company Cost of Debt
(Risk-free rate of return + credit spread) X (1 tax

rate)
(4% + 2.10%) X (1-.40)

3.66%
71
Page 71
Polytech Company Cost of Equity
Risk-free rate of return + Beta X (Market rate of return risk-free

rate of return)
4% + 1.20 (10% - 4%)

11.20%
72
Page 72
Polytech Company Weighted Average Cost of Capital
$10 mil. debt divided by $110 mil. (debt + equity) = .091

.091 weight of debt; .909 weight of equity
(3.66% X .091) + (11.20% X .909)

.333% + 10.181%
10.514%
73
Page 73
Market Value Surplus (MVS)
Page 74
Economic Capital
Page 75
Market Value Surplus Example
Autumn Assurance Group has assets at fair value of $100
million. The present value of Autumns liabilities is $85
million. The market value margin is $5 million. Using
probability models, Autumn determines that its VaR is $8
million because it expects to incur an $8 million or greater
loss of capital at a .5 percent probability over a one-year
period.
1. What is Autumns MVS?
2. What is Autumns economic capital?
3. Does Autumn have excess capital or a deficiency in
capital?
Page 76
Questions?
Page 77
Evolution of Risk Management
Insurance Risk Enterprise Risk

Management Management Management
Page 78
ERM Value Proposition
Identify key risks

Employ risk-based decision making
Improve internal control
Improve risk governance
Comply with legal and regulatory
requirements
Page 79
Solvency I and II (Insurance Cos)
Solvency I Solvency II
Early 1970s 3 pillars
Focused on capital 1 Risk-based capital
adequacy 2 Risk management and
governance
3 Transparent reporting
Includes an own risk and
solvency assessment (ORSA)
Page 80
Basel II and III (Banks)
Basel II Basel III
Issued in 2004 Response to the Great
Minimum capital Recession
requirements using weights Operational risk added
for different types of credit Risk management
risk framework
Board of directors role
(approve framework, risk
appetite, governance)
Page 81
ERM Process Model
Page 82
Risk Identification Tools Risk Register
Public University
Event Risk Scenario Likelihood Impact Risk Level Risk Treatment Proposed Next Review
ID (present) improvement Date
action
Loss of personal 3 1 None None Remove from
1 computer list
Damage to 2 4 Review policy Implement 2 months

2 reputation
Loss of state 3 5 None Increase lobbying 1 month

3 funding Step up giving
campaign
Page 83
Risk IdenficationTools - Risk Map
Public University
3 1 Loss of a personal computer
2 Damage to reputation
2
3 Loss of state funding
Page 84
Inherent and Residual Risk
Inherent
Treat
Residual
Treat
Optimum
Page 85
A risk map showing a large difference between
inherent and residual risk indicates that the
A: current risk treatment is ineffective.
B: risk does not need to be treated.
C: current risk treatment is effective.
D: risk exceeds the organizations risk tolerance.
Page 86
Decision Tree
Page 87
ERM Tools - Modern Portfolio Theory
Expected Value of the Return
X X
Risk Appetite
X
Risk standard deviation (variability)
Page 88
The efficient frontier consists of portfolios that
A: are riskless.
B: provide the average market return.
C: provide the highest return at different risk
levels.
D: return the risk-free rate of return.
Page 89
Earnings at Risk
Page 90
Earnings at risk of $200,000 with 90 percent
confidence are projected to be
A: $180,000.
B: less than $200,000 10 percent of the time.
C: $200,000 90 percent of the time.
D: greater than $200,000 10 percent of the
time.
Page 91
Assignment 12
Risk Management Environment and Culture
Page 92
Risk Centers and Owners
Risk center unit within an organization at

which level a risk (or risks) is most effectively
managed
Risk owner individual accountable for
identification, assessment, treatment, and
monitoring of risks in a specific environment
Page 93
Advantages of Risk Centers
Reduces the scope of risk analysis

Allows for the involvement of operational
managers
Helps focus on the organizations strategic goals
and operational objectives
Ensures that risks are managed at the most
appropriate level in the organization
Page 94
Risk Attitude
Risk
Risk Avoiding Risk Seeking
Optimizing
Page 95

ERM 004 ERM 57 Exam Review Enterprise Risk Management

Cargado por

Información del documento

Título original

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

ERM 004 ERM 57 Exam Review Enterprise Risk Management

Cargado por

Copyright:

Formatos disponibles

ERM 57 Review

Mike Elliott, CPCU, AIAF, MBA

Recording of this session via any media type is strictly prohibited.

Exam Basics What to Expect

Recording of this session via any media type is strictly prohibited.

Recording of this session via any media type is strictly prohibited.

Get the easy ones

Recording of this session via any media type is strictly prohibited.

Introduction to Enterprise Risk Management

Recording of this session via any media type is strictly prohibited.

Recording of this session via any media type is strictly prohibited.

Recording of this session via any media type is strictly prohibited.

Recording of this session via any media type is strictly prohibited.

Recording of this session via any media type is strictly prohibited.

Recording of this session via any media type is strictly prohibited.

Recording of this session via any media type is strictly prohibited.

Enterprise Risk Management

Recording of this session via any media type is strictly prohibited.

The purpose of a maturity model is to evaluate

Recording of this session via any media type is strictly prohibited.

Recording of this session via any media type is strictly prohibited.

Recording of this session via any media type is strictly prohibited.

Enterprise Risk Management

Recording of this session via any media type is strictly prohibited.

Recording of this session via any media type is strictly prohibited.

Recording of this session via any media type is strictly prohibited.

Source: COSO Enterprise Risk Management Integrated Framework

The main purpose of the framework is to

Recording of this session via any media type is strictly prohibited.

Recording of this session via any media type is strictly prohibited.

Strategic Planning and Enterprise

Recording of this session via any media type is strictly prohibited.

Some organizations apply a balanced scorecard

Recording of this session via any media type is strictly prohibited.

Recording of this session via any media type is strictly prohibited.

Recording of this session via any media type is strictly prohibited.

Recording of this session via any media type is strictly prohibited.

Risk-Based Performance and Process

Recording of this session via any media type is strictly prohibited.

A key performance indicator (KPI) measures progress

Recording of this session via any media type is strictly prohibited.

Effective KRIs provide objective, quantifiable

Recording of this session via any media type is strictly prohibited.

Recording of this session via any media type is strictly prohibited.

Internal Audit and Control

Recording of this session via any media type is strictly prohibited.

Internal control a system or process that an

Recording of this session via any media type is strictly prohibited.

Source: COSO Internal Control Integrated Framework

Recording of this session via any media type is strictly prohibited.

Recording of this session via any media type is strictly prohibited.

Recording of this session via any media type is strictly prohibited.

Transaction Assurance of Risk-based

Recording of this session via any media type is strictly prohibited.

Aligns audit resources with the areas that

Recording of this session via any media type is strictly prohibited.

Recording of this session via any media type is strictly prohibited.

Regulation and Compliance

Recording of this session via any media type is strictly prohibited.

Recording of this session via any media type is strictly prohibited.

Recording of this session via any media type is strictly prohibited.

Recording of this session via any media type is strictly prohibited.

Risk Assessment and Treatment