Month: November 2020

Schedule Rating Method

Insurance pricing methods also known as rate making provide baseline or standard rates that form the basis for pricing individual case scenarios. Different pricing methods may rely more heavily on baseline rates when other factors like risk and claims history are involved. The schedule rating method uses baseline rates as a starting point and then factors in other variables depending on the degree of risk they carry, according to ThisMatter, a financial planning resource site. Schedule rating methods are used within the commercial property insurance industry, where factors like location, size and business purpose provide baseline indicators for determining pricing rates. Baseline indicators rely on identified risk factors found within a group or class of policyholders that have similar characteristics such as age, sex and line of work. These indicators provide the starting points, or baseline rates, used to calculate a premium rate for individual policyholders.

Retrospective Rating Method

Some types of insurance provide protection against risks that are less predictable than the risks covered by other types of insurance. An example of this would be burglary insurance where the odds of predicting how often a business would be burglarized are more difficult than predicting health risks, such as heart disease or diabetes with health insurance ratings. According to ThisMatter, the retrospective rating method relies more on a policyholder’s actual claims experience when setting pricing rates as opposed to baselines, or standard pricing rates. In order to do this, a company may require premium payments be made in increments, with a portion due at the start of a policy term and the remainder due at the end of a policy term. In the case of burglary insurance, the amount of the remaining premium payment is based on whether a burglary occurred since the start of the policy period.

Experience Rating Method

Experience rating pricing methods rely more heavily on a policyholder’s past claim experience when determining what premium rates to charge. The types of insurance that use this method include automobile, workers compensation and general liability insurance. Price rates are determined according to a credibility factor, which uses a person’s past claim history as an indication of the level of risk involved and the likelihood that future claims will be filed. Once a risk level is determined, the credibility factor is measured against a baseline pricing rate that represents to average rate charged to a class of policyholders that have similar characteristics. Adjustments are then made to the baseline pricing rate based on each policyholder’s credibility rating.

Insurers must effectively adapt to new technological, market, and consumer complexities with better, more dynamic pricing if they want to maintain competitive advantage in the insurance industry. Here’s why:

• There is increased price and value transparency. A fast-growing collection of price and feature-comparison websites empowers consumers to compare and contrast hundreds of insurance products by price, value, and benefits. These sites are also educating consumers on how to more effectively match a product choice with their unique needs and willingness to pay, as are insurance brokers.
• Consumers are more informed and sophisticated. As prices have become more transparent, consumers are increasingly open to new propositions based on different variables such as security, mobility, and different types of coverage and these propositions require new, dynamic pricing structures.
• Regulations are putting pressure on profitability. New regulations, including Solvency II, require insurers to maintain higher capital levels without decreasing overall returns, and to do that, insurers must either reduce costs or increase pricing.
• New entrants are bringing focused, superior propositions. The insurance industry is diversifying, with e-commerce, automotive OEMs, retailers, and other nontraditional players offering new, innovative business models and products.
• New technology disruptors are enabling new pricing models. Big data, the Internet of Things, and predictive data analysis tools are giving insurance companies an advanced and broad ability to design usage based and other innovative pricing models; draw data from new, external sources and estimate risk or consumer willingness to pay, buy, or churn more accurately; and more accurately identify during the underwriting phase those applicants likely to commit fraud.

Reinsurance

Reinsurance is also known as insurance for insurers or stop-loss insurance. Reinsurance is the practice whereby insurers transfer portions of their risk portfolios to other parties by some form of agreement to reduce the likelihood of paying a large obligation resulting from an insurance claim.

The party that diversifies its insurance portfolio is known as the ceding party. The party that accepts a portion of the potential obligation in exchange for a share of the insurance premium is known as the reinsurer.

How Reinsurance Works

Reinsurance allows insurers to remain solvent by recovering some or all amounts paid to claimants. Reinsurance reduces the net liability on individual risks and catastrophe protection from large or multiple losses. The practice also provides ceding companies, those that seek reinsurance, the capacity to increase their underwriting capabilities in terms of the number and size of risks.

Benefits of Reinsurance

By covering the insurer against accumulated individual commitments, reinsurance gives the insurer more security for its equity and solvency by increasing its ability to withstand the financial burden when unusual and major events occur.

Through reinsurance, insurers may underwrite policies covering a larger quantity or volume of risk without excessively raising administrative costs to cover their solvency margins. In addition, reinsurance makes substantial liquid assets available to insurers in case of exceptional losses.

Reinsurance is insurance that an insurance company purchases from another insurance company to insulate itself (at least in part) from the risk of a major claims event. With reinsurance, the company passes on (“cedes”) some part of its own insurance liabilities to the other insurance company. The company that purchases the reinsurance policy is called a “ceding company” or “cedent” or “cedant” under most arrangements. The company issuing the reinsurance policy is referred simply as the “reinsurer”. In the classic case, reinsurance allows insurance companies to remain solvent after major claims events, such as major disasters like hurricanes and wildfires. In addition to its basic role in risk management, reinsurance is sometimes used to reduce the ceding company’s capital requirements, or for tax mitigation or other purposes.

A company that purchases reinsurance pays a premium to the reinsurance company, who in exchange would pay a share of the claims incurred by the purchasing company. The reinsurer may be either a specialist reinsurance company, which only undertakes reinsurance business, or another insurance company. Insurance companies that accept reinsurance refer to the business as ‘assumed reinsurance’.

There are two basic methods of reinsurance:

• Facultative Reinsurance, which is negotiated separately for each insurance policy that is reinsured. Facultative reinsurance is normally purchased by ceding companies for individual risks not covered, or insufficiently covered, by their reinsurance treaties, for amounts in excess of the monetary limits of their reinsurance treaties and for unusual risks. Underwriting expenses, and in particular personnel costs, are higher for such business because each risk is individually underwritten and administered. However, as they can separately evaluate each risk reinsured, the reinsurer’s underwriter can price the contract more accurately to reflect the risks involved. Ultimately, a facultative certificate is issued by the reinsurance company to the ceding company reinsuring that one policy.
• Treaty Reinsurance means that the ceding company and the reinsurer negotiate and execute a reinsurance contract under which the reinsurer covers the specified share of all the insurance policies issued by the ceding company which come within the scope of that contract. The reinsurance contract may obligate the reinsurer to accept reinsurance of all contracts within the scope (known as “obligatory” reinsurance), or it may allow the insurer to choose which risks it wants to cede, with the reinsurer obligated to accept such risks (known as “facultative-obligatory” or “fac oblig” reinsurance).

There are two main types of treaty reinsurance, proportional and non-proportional, which are detailed below. Under proportional reinsurance, the reinsurer’s share of the risk is defined for each separate policy, while under non-proportional reinsurance the reinsurer’s liability is based on the aggregate claims incurred by the ceding office. In the past 30 years there has been a major shift from proportional to non-proportional reinsurance in the property and casualty fields.

Functions

Almost all insurance companies have a reinsurance program. The ultimate goal of that program is to reduce their exposure to loss by passing part of the risk of loss to a reinsurer or a group of reinsurers.

Risk transfer

With reinsurance, the insurer can issue policies with higher limits than would otherwise be allowed, thus being able to take on more risk because some of that risk is now transferred to the re-insurer.

Income smoothing

Reinsurance can make an insurance company’s results more predictable by absorbing large losses. This is likely to reduce the amount of capital needed to provide coverage. The risks are spread, with the reinsurer or reinsurers bearing some of the loss incurred by the insurance company. The income smoothing arises because the losses of the cedant are limited. This fosters stability in claim payouts and caps indemnification costs.

Surplus relief

Proportional Treaties (or “pro-rata” treaties) provide the cedent with “surplus relief”; surplus relief being the capacity to write more business and/or at larger limits.

Arbitrage

The insurance company may be motivated by arbitrage in purchasing reinsurance coverage at a lower rate than they charge the insured for the underlying risk, whatever the class of insurance.

Bancassurance

Bancassurance is an arrangement between a bank and an insurance company allowing the insurance company to sell its products to the bank’s client base. This partnership arrangement can be profitable for both companies. Banks earn additional revenue by selling insurance products, and insurance companies expand their customer bases without increasing their sales force or paying agent and broker commissions.

This partnership arrangement can be profitable for both companies. Banks can earn additional revenue by selling the insurance products, while insurance companies are able to expand their customer base without having to expand their sales forces or pay commissions to insurance agents or brokers. Bancassurance has proved to be an effective distribution channel in a number of countries in Europe, Latin America, Asia, and Australia.

The Advantages and Disadvantages of Bancassurance

Bancassurance offers many benefits to customers, one of which is convenience. The bank is a one-stop-shop for all financial needs. For the banks and insurance companies, bancassurance increases revenue diversification for the bank and brings greater volume and profit for both players.

These factors are contributing to the growth of bancassurance across the world. The restraining factors of the global bancassurance market are the risks associated with the reputation of banks and the stringent rules and regulations enforced in some regions.

Bancassurance remains prohibited in some countries. However, the global trend is toward the liberalization of banking laws and the opening up of domestic markets to foreign firms.

Business models across the world

‘Integrated models’ is insurance activity deeply integrated with bank’s processes. Premium is usually collected by the bank, usually direct debit from customer’s account held in that bank. New business data entry is done in the bank branches and workflows between the bank and the insurance companies are automated. In most cases, asset management is done by the bank’s asset management subsidiary.

Insurance products are distributed by branch staff, which is sometimes supported by specialised insurance advisers for more sophisticated products or for certain types of clients. Life insurance products are fully integrated in the bank’s range of savings and investment products and the trend is for branch staff to sell a growing number of insurance products that are becoming farther removed from its core business, e.g., protection, health, or non-life products.

Products are mainly medium and long-term tax-advantaged investment products. They are designed specifically for bancassurance channels to meet the needs of branch advisers in terms of simplicity and similarity with banking products. In particular, these products often have a low-risk insurance component.

Bank branches receive commissions for the sale of life insurance products. Part of the commissions can be paid to branch staff as commissions or bonuses based on the achievement of sales targets.

‘Non-integrated Models’: The sale of life insurance products by branch staff has been limited by regulatory constraints since most investment-based products can only be sold by authorised financial advisers who have obtained a minimum qualification.

Banks have therefore set up networks of financial advisers authorised to sell regulated insurance products. They usually operate as tied agents and sell exclusively the products manufactured by the bank’s in-house insurance company or its third-party providers.

A proactive approach is used to generate leads for the financial advisers from the customer base, including through mailings and telesales. There is increasing focus on developing relationships with the large number of customers who rarely or never visit a bank branch.

Financial planners are typically employed by the bank or building society rather than the life company and usually receive a basic salary plus a bonus element based on a combination of factors including sales volumes, persistency, and product mix.

Following the reform of the polarisation regime, banks will have the possibility to become multi-tied distributors offering a range of products from different providers. This has the potential to strengthen the position of bancassurers by allowing them to meet their customers’ needs.

An actuary is a business professional who deals with the measurement and management of risk and uncertainty. The name of the corresponding field is actuarial science. These risks can affect both sides of the balance sheet and require asset management, liability management, and valuation skills. Actuaries provide assessments of financial security systems, with a focus on their complexity, their mathematics, and their mechanisms.

While the concept of insurance dates to antiquity, the concepts needed to scientifically measure and mitigate risks have their origins in the 17th century studies of probability and annuities. Actuaries of the 21st century require analytical skills, business knowledge, and an understanding of human behavior and information systems to design and manage programs that control risk.[6] The actual steps needed to become an actuary are usually country-specific; however, almost all processes share a rigorous schooling or examination structure and take many years to complete.

The profession has consistently been ranked as one of the most desirable.[8] In various studies, being an actuary was ranked number one or two multiple times since 2010 and in the top 20 for most of the past decade.

An actuary is a professional who specialises in the field of analysing financial risks by implementing statistical, financial and mathematical theories. In insurance, actuaries aid in assessing risks which help companies in the estimation of premiums for their policies.

Role of an Actuary in an Insurance Company

It is ideal for insurance companies to create policies that bear minimal risk and can generate stable returns. Estimating risk and return from each proposal also in turn aids in assuring policyholders that their claims will be settled.

With regards to insurance, actuarial practices involve analysing factors related to a customer’s life expectancy, construction of mortality tables that help one to have a measurement of predictability and offering insight to brokers.

Actuarial science mostly finds its application in the life insurance mortality analysis. However, they can also be applied in case of other general insurance fields like property and liability insurance.

Sometimes recommendations for the determination of premium for insurance policies made by actuaries can also have a positive impact on the behaviour of policyholders. For instance, premium payable by non-smokers for life insurance policies is often significantly lesser than that for smokers. This might push individuals to quit smoking to avail their life insurance policies at a lower premium.

Responsibilities

Actuaries use skills primarily in mathematics, particularly calculus-based probability and mathematical statistics, but also economics, computer science, finance, and business. For this reason, actuaries are essential to the insurance and reinsurance industries, either as staff employees or as consultants; to other businesses, including sponsors of pension plans; and to government agencies such as the Government Actuary’s Department in the United Kingdom or the Social Security Administration in the United States of America. Actuaries assemble and analyze data to estimate the probability and likely cost of the occurrence of an event such as death, sickness, injury, disability, or loss of property. Actuaries also address financial questions, including those involving the level of pension contributions required to produce a certain retirement income and the way in which a company should invest resources to maximize its return on investments in light of potential risk. Using their broad knowledge, actuaries help design and price insurance policies, pension plans, and other financial strategies in a manner that will help ensure that the plans are maintained on a sound financial basis.

Expected claim cost: Claim cost must be paid by the insurer for a contract or group of contracts. This cost represents the largest component of the fair premium for most types of insurance.

1. Homogeneous buyers: When a there is existed a large number or group of insurance buyers and each buyer has the same loss distribution then the buyers are said to be homogeneous. For example, among a group of buyer each buyers has a 0.15 probability of loss taka 1000 and 0.85 probability of having no loss. Here assume that is buyers each buyers loss is independent of the loss of other buyers. As we seen that a large number of homogeneous insurances can charge a premium equal to the expected claim cost and be able to cover to its claim costs. Thus a fundamental of insurance premiums is the expected claim cost. If the insurer charged less then the expected claim cost average claim cost would exceed average revenues. On the other hand, competitor keeps the insurer from charging the more than the expected claim cost.
2. Heterogeneous buyers: When there are existed two groups of consumers with different loss distribution then the groups are called heterogeneous buyers.

Risk classification the process by which insurers estimate the expected claim cost for different buyers and changed premiums that vary according to expected claim costs. Buyers in risk classes with higher expected claim costs are charged higher rates. Insurers have strong incentives to classify buyers based on all information that helps predict differences in claim costs across buyers provided that the information can be obtain at a sufficiently low cost.

2. Investment income: Given the ability of insurers to earn investment income on premiums prior to the payment of claims the fair premium reflects the discounted value of expected claims costs .As a result the fair premium is inversely related to the level of interest rates and to the length of the claims.
3. Administrative costs: The fair premium includes an expense loading to cover the insurer’s administrative costs including both underwriting expenses and loss adjustment expenses.
4. Fair profit loading: The fair premium includes a profit loading to compensate investors for the disadvantages like double taxation of investment returns of investing in an insurance company other thing being equal. The fair profit loading is higher for lines of insurance with more uncertainty concerning future claim costs because the insurer needs to hold more capital to achieve a given probability of insolvency.

The risk assessment matrix will help your organization identify and prioritize different risks, by estimating the probability of the risk occurring and how severe the impact would be if it were to happen.

A risk assessment matrix is a common tool used by organizations of all sizes for three major reasons:

• To measure the size and scope of risk
• To determine if they have the appropriate resources to minimize the risk
• To triage and prioritize the list of risks in a legible, easy-to-read matrix

The risk assessment matrix can help identify risks at a widespread scope of a company at the enterprise, business process, and individual process level.

The risk assessment process in 4 steps 

The risk assessment process may seem like an intimidating process. But I’d like to offer a simplified view without a bunch of mathematical computations. 

The process:

• Identify the risk universe
• Determine the risk criteria
• Assess the risks
• Prioritize the risks

Step 1: Identifying the risk universe 

The goal with this first step is to capture the full scope of the present risk.

To start off, you’ll want to make sure you cast as wide a net as possible. The most effective way to do this is with free-flow brainstorming sessions. These brainstorming sessions will generate a list of ideas that will serve as the foundation of the risk assessment matrix. 

Now, let’s get the creative juices flowing!

From my own personal experience, I like to start with high-level risk categories that align to business functions, and then drill down to specific processes within those functions. This helps me narrow the focus down after a broad brainstorming session.

Additionally, your risk universe will contain concerns specific to your industry, along with concerns unique to your company.

Here’s one way that I would organize my risks: 

• Strategic: Increased competition
• Operational: Lack of available resources
• Financial: Cost of capital
• Market: Social media presence
• Technology: Data security

Step 2: Determining the risk criteria

Before assessing each risk, you’ll want to develop a common set of factors to help evaluate your organization’s risk universe.

A typical risk assessment matrix uses two main criteria:

• Likelihood (the level of possibility)
• Consequence (the level of impact)

However, some organizations may add other factors such as vulnerability and speed of onset. This is a critical step, as these criteria will drive the discussions throughout the rest of the process.

Beware of underestimating the importance of reaching consensus on the criteria. After all, you can’t manage what you can’t measure.

Step 3: Assessing the risks

This next step is where things start to get fun. (Well, as fun as a risk assessment matrix can be.) We’re going to assess the risks based on the criteria we laid out in the previous steps. 

If the identification step was qualitative in nature, this step includes a quantitative analysis of the most important risks. 

Most organizations use a common, three-part “High, Medium, and Low” scale at this stage, but taking a more granular approach could be beneficial to your organization expanding the scale to “1–5,” for instance.

Step 4: Prioritizing the risks

In the last step, we’re going to compare the different levels of risk (from step three) to the target risk criteria (from step two). In other words, prioritizing risk accounts for the impact, possibility, and importance of the risk, and outputs a plan.

If these last two steps sound subjective that’s because they are. Expert judgment is involved in risk assessment and prioritization techniques to identify potential impacts, define inputs, and interpret the data. 

Step 1: Establish an Enterprise Risk Structure

ERM requires the whole organisation to identify, communicate and proactively manage risk, regardless of position or perspective. Everyone needs to follow a common approach, which includes a consistent policy and process, a single repository for their risks and a common reporting format. However, it is also important to retain existing working practices based on localised risk management perspectives as these reflect the focus of operational risk management.

The corporate risk register will look different from the operational risk register, with a more strategic emphasis on risks to business strategy, reputation and so on, rather than more tactical product, contract and project focused risks. The health and safety manager will identify different kinds of risks from the finance manager, while asset risk management and business continuity are disciplines in their own right. ERM brings together risk registers from different disciplines, allowing visibility, communication and central reporting, while maintaining distributed responsibility.

In addition to the usual vertical risk registers, such as corporate, business units, departments, programmes and projects, the enterprise also needs horizontal, or functional risk registers. These registers allow function and business managers, who are responsible for identifying risks to their own objectives, to identify risks arising from other areas of the organisation.

The enterprise risk structure should match the organisation’s structure: the hierarchy represents vertical (executive) as well as horizontal (functional and business) aspects of the organisation.

This challenges the conventional assumption that risks can be rolled up automatically, by placing horizontal structures side by side with vertical executive structures. Risks should be aggregated using a combination of vertical structure and horizontal intelligence. This is a key factor in establishing ERM.

Step 2: Assign responsibility

Once an appropriate enterprise risk structure is established, assigning responsibility and ownership should be straightforward. Selected nodes in the structure will have specified objectives; each will have an associated manager (executive, functional or business), who will be responsible for achieving those objectives and managing the associated risks. Each node containing a set of risks, along with its owner and leader, is a Risk Management Cluster. *

Vertical managers take executive responsibility not only for their cluster risk register, but also overall leadership responsibility for the Risk Management Clusters below. Responsibility takes two forms: ownership at the higher level and leadership at the lower level. For example, a programme manager will manage his programme risks, but also have responsibility for overseeing risk within each of the programme’s projects.

Budgetary authority (setting and using Management Reserve), approval of risk response actions, communication of risk appetite, management reporting and risk performance measures are defined as part of the Owner and Leader roles as illustrated in Figure 3. This structure is also used to escalate and delegate risks.

Horizontal managers take responsibility for their own functional or business Risk Management Clusters, but also for gathering risks from other areas of the Enterprise Risk Structure related to their discipline. For example, the HR functional manager will be responsible for identifying common skills shortfall risks to bring them under central management. Similarly, the business continuity manager will identify all local risks relating to use of a test facility and manage them under one site management plan.

Step 3: Create an enterprise risk map

Risk budgeting and common sense dictate that risks should reside at their local point of impact, because this is where attention is naturally focused. However, the risk cause, mitigation or exploitation strategy may come from elsewhere in the organisation and often common causes and actions can be identified. In this case, we take a systemic approach, where risks are managed more efficiently when brought together at a higher level. To achieve this, we need to be able to map risks to different parts of the risk management structure.

To create an enterprise risk map, you need:

• A set of global categories to communicate information to the right place
• The facility to define the relationships between risks (parent, child, sibling etc)
• Scoring systems with consistent common impact types

Global categories

Functional and business managers should use these global categories to map risks to common themes, such as strategic or business objectives, functional areas and so on. These categories then provide ways to search and filter on these themes and to bring common risks together under a parent risk.

Step 4: Decision making through enterprise risk reporting

The most important aspect of risk management is carrying out appropriate actions to manage the risks. However, you cannot manage every identified risk, so you need to prioritise and make decisions on where to focus management attention and resources. The decision making process is underpinned by establishing risk appetite against objectives and setting a baseline, both of which should be recorded against each Risk Management Cluster®.

Enterprise-wide reporting allows senior managers to review risk exposure and trends across the organisation. This is best achieved through metrics reports, such as the risk histogram. For example, you might want to review the risk to key business objectives by cluster. Or how exposed different contracts and projects are to various suppliers.

Furthermore, there is a need to use a common set of reports across the organisation, to avoid time wasted interpreting unfamiliar formats. Such common reports ensure the risk is communicated and well understood by all elements of the organisation, and hence provide timely information on the current risk position and trends, initially top-down, then drilling down to the root cause.

Step 5: Changing culture from local to enterprise

At all levels of an organisation, changing the emphasis from ‘risk management’ to ‘managing risks’ is a challenge; however, across the enterprise it is particularly difficult. It requires people to look ahead and take action to avert (or exploit) risk to the benefit of the organisation. It also requires the organisation to encourage and reward this change in emphasis.

Unfortunately, problem management (fire-fighting) deals with today’s problems at the expense of future ones. This is generally a far more expensive process as the available remedies are limited. However, if potential problems are identified (as risks) before they arise, you have far more options available to affect a ‘Left Shift: from a costly and overly long process to one better matching the original objectives set!

Most organisations have pockets of good risk management, many have a mechanism to report ‘top N’ risks vertically, but very few have started to implement horizontal, functional or business risk management. Both a bottom up and top down approach is required. An ERM initiative should allow good local practices to continue, provided they are in line with enterprise policy and process (establishing each pocket of good risk management as a Risk Management Cluster will provide continuity).

From a top-down perspective, functional and business focused risk management needs to be kick started. A risk steering group comprising functional heads and business managers is a good place to start. The benefits of such a group getting together to understand inter-discipline risk helps break down stove-piped processes. This can trigger increasingly relaxed cross-discipline discussions and focus on aligning business and personal objectives that leads to rapid progress on understanding and managing risk.

Finally, to ensure that an organisational culture shift is affected, the senior management must be engaged. This engagement is not only aimed at encouraging them to see the benefits of managing risk, but to also help the organisation as a whole see that proactive management of risk (the Left Shift principle) is valued by all.

Enterprise risk management (ERM) is a plan-based business strategy that aims to identify, assess, and prepare for any dangers, hazards, and other potentials for disaster both physical and figurative that may interfere with an organization’s operations and objectives.

Enterprise risk management (ERM) in business includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives. ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization’s objectives (threats and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring process. By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall.

ERM can also be described as a risk-based approach to managing an enterprise, integrating concepts of internal control, the Sarbanes–Oxley Act, data protection and strategic planning. ERM is evolving to address the needs of various stakeholders, who want to understand the broad spectrum of risks facing complex organizations to ensure they are appropriately managed. Regulators and debt rating agencies have increased their scrutiny on the risk management processes of companies.

According to Thomas Stanton of Johns Hopkins University, the point of enterprise risk management is not to create more bureaucracy, but to facilitate discussion on what the really big risks are.

The discipline not only calls for corporations to identify all the risks they face and to decide which risks to manage actively, but it also involves making that plan of action available to all stakeholders, shareholders and potential investors, as part of their annual reports. Industries as varied as aviation, construction, public health, international development, energy, finance, and insurance all utilize ERM.

Companies have been managing risk for years. Historically, they’ve done this by buying insurance: property insurance for literal, detrimental losses due to fires, thefts, and natural disasters; and liability insurance and malpractice insurance to deal with lawsuits and claims of damage, loss, or injury. But another key element in ERM is a business risk that is, obstacles associated with technology (particularly technological failures), company supply chains, and expansion and the costs and financing of the same.

More recently, companies have managed such risks through the capital markets with derivative instruments that help them manage the ups and downs of moment-to-moment movements in currencies, interest rates, commodity prices, and equities. From a mathematical point of view, all of these risks or “exposures” have been reasonably easy to measure, with resulting profits and losses going straight to the bottom line.

Modern businesses, however, face a much more diverse collection of obstacles and potential dangers. How companies manage the risks that defy easy measurements or a framework for management also falls under the ERM umbrella. These potentials for exposure include crucial risks such as reputation, day-to-day operational procedures, legal and human resources management, financial, the risk of failure of internal controls systems related to the Sarbanes-Oxley Act of 2002 (SOX), and overall governance.

ERM frameworks defined

There are various important ERM frameworks, each of which describes an approach for identifying, analyzing, responding to, and monitoring risks and opportunities, within the internal and external environment facing the enterprise. Management selects a risk response strategy for specific risks identified and analyzed, which may include:

• Avoidance: exiting the activities giving rise to risk
• Reduction: taking action to reduce the likelihood or impact related to the risk
• Alternative Actions: deciding and considering other feasible steps to minimize risks
• Share or Insure: transferring or sharing a portion of the risk, to finance it
• Accept: no action is taken, due to a cost/benefit decision

Monitoring is typically performed by management as part of its internal control activities, such as review of analytical reports or management committee meetings with relevant experts, to understand how the risk response strategy is working and whether the objectives are being achieved.

In 2003, the Casualty Actuarial Society (CAS) defined ERM as the discipline by which an organization in any industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose of increasing the organization’s short- and long-term value to its stakeholders.” The CAS conceptualized ERM as proceeding across the two dimensions of risk type and risk management processes. The risk types and examples include:

Hazard risk

Liability torts, Property damage, Natural catastrophe

Financial risk

Pricing risk, Asset risk, Currency risk, Liquidity risk

Operational risk

Customer satisfaction, Product failure, Integrity, Reputational risk; Internal Poaching; Knowledge drain

Strategic risks

Competition, Social trend, Capital availability

The risk management process involves:

• Establishing Context: This includes an understanding of the current conditions in which the organization operates on an internal, external and risk management context.
• Identifying Risks: This includes the documentation of the material threats to the organization’s achievement of its objectives and the representation of areas that the organization may exploit for competitive advantage.
• Analyzing/Quantifying Risks: This includes the calibration and, if possible, creation of probability distributions of outcomes for each material risk.
• Integrating Risks: This includes the aggregation of all risk distributions, reflecting correlations and portfolio effects, and the formulation of the results in terms of impact on the organization’s key performance metrics.
• Assessing/Prioritizing Risks: This includes the determination of the contribution of each risk to the aggregate risk profile, and appropriate prioritization.
• Treating/Exploiting Risks: This includes the development of strategies for controlling and exploiting the various risks.
• Monitoring and Reviewing: This includes the continual measurement and monitoring of the risk environment and the performance of the risk management strategies.

The COSO ERM Framework has eight Components and four objectives categories. It is an expansion of the COSO Internal Control-Integrated Framework published in 1992 and amended in 1994. The eight components – additional components highlighted – are:

• Authority and pledge to the ERM
• RISK Management policy
• Mixer of ERM in the institution
• Risk Assessment
• Risk Response
• communication and reporting
• Information and Communication
• Monitoring

The four objectives categories, additional components highlighted are:

• Strategy: high-level goals, aligned with and supporting the organization’s mission
• Operations: effective and efficient use of resources
• Financial Reporting: Reliability of operational and financial reporting
• Compliance: Compliance with applicable laws and regulations

Differences and Solutions

Enterprise risk management is an extension of traditional risk management, and differs in the following ways.

• Strategic application. An ERM approach is integrated into an organizations business decision. Because the effort is enterprise-wide, it supersedes any departmental or functional autonomy to encourage continuous review and support of the organizations most value-based objectives.
• Risks considered. ERM involves managing all of the risks affecting an organization’s ability to meet its goals, regardless of the types of risks being considered. This carefully reviewed and benchmarked approach allows organizations the ability to stay focused on key areas of prosperity and survival.
• Performance metrics. ERM emphasizes results-based performance measurement throughout the organization. Results indicate whether a risk management technique helped to achieve a business goal, such as return on investment or return on assets. All forms of risk management, including ERM, are intended to help minimize the adverse effects of missed opportunities and losses.The specific benefits of ERM include maximizing the possible opportunities for growth, minimizing the expected organizational losses and therefore increasing the expected income and asset value, and reducing the residual uncertainty in all areas of the enterprise.