Enterprise Risk Management: Operational Risk and COSO Prepared and Presented by: Group 1 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi 06/06/2022 1 Link to Glossary
Nov 02, 2014
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
1
Enterprise Risk Management: Operational Risk and COSO
Prepared and Presented by:Group 1
Link to Glossary
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
2
ERM INTEGRATED FRAMEWORKCOSO Framework for Operational Risk Management
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
3
COSO
• Acronym for Committee for Sponsoring Organizations
• Enterprise Risk Management- Integrated Framework by COSO: Aims to provide for the need for an enterprise risk management framework, providing key principles and concepts, a common language, and clear direction and guidance
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
4
Operational Risk-COSO re-examined
• Written by Peyman Mestchian, Mikhail Makarov and Bahram Mirzai
• An analytical build-up as an answer to the criticisms given by Ali Samad-Khan (President, OpRisk Adisory) against the application of COSO framework to operational risk
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
5
Criticisms offered by Ali Samad-Khan
• The definition of risk used by COSO is flawed• Likelihood-Impact Risk Assessment is flawed• Methods prescribed by COSO are highly
subjective, and only risk assessment based on historic losses is valid
• Risk assessment using COSO approach is too complex and resource intense
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
6
Justifications or Counter-Criticisms!
• The criticism about Operational Risk’s definition (criticisms 1 and 2) is based on:
Risk=Likelihood x Impact• There is no reference in COSO for using this
formula to measure risk• COSO uses Value at Risk or Capital at Risk
concepts as measures of risk:Cost of Risk=Expected Loss + Cost of Capital
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
7
Importance of Evaluated CoR
• Crucial to perform cost-benefit analysis within an integrated operational risk management framework
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
8
Likelihood-Impact Based Risk Assessment• Introduced in MIL-STD-882A Military safety standard, by US Department of Defense
• According to this approach, for each risk the frequency of occurrence (likelihood) & the worst credible outcome(impact) are assessed & captured into a likelihood- impact matrix. Allows an entity to understand the extent to which potential events might impact objectives
• Integrating qualitative and quantitative approaches.
• E.g.- CRISIL Ratings provides the most reliable opinions on risk by combining its understanding of risk and the science of building risk frameworks, with a contextual understanding of business. It follows the Basel II guidelines to guard against the types of financial and operational risks banks face.
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
9
• Control It
• Share or• Transfer It
• Diversify or• Avoid It
• Risk• Management
• Process• Level
• Activity• Level
• Entity Level
• Risk• Monitoring
• Identification
• Measurement
• Prioritization
• Risk• Assessment
Risk Analysis
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
10
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
11
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
12
Example: Call Center Risk Assessment
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
13
Causes of Operational Risk
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
14
Operational Risk Failures
• On February 6, 2002, Allied Irish Banks (read more) reported a fraud in its Baltimore-based subsidiary Allfirst. According to the report, around 1997 John Rusnak, one of their internal traders, lost a large amount of money. For five years, Mr. Rusnak covered his tracks by writing non-existent options and booking their equally non-existent profits as income. Compound interest being what it is, Mr. Rusnak’s problems and, hence, the bank’s, eventually grew to $700 million dollars. One Monday morning, Mr. Rusnak failed to show up for work and the entire fraud collapsed.
• Barings Bank (read more) had collapsed ten years previously and Allied Irish Bank was, at that time, Ireland’s second largest. The story of the Barings is one of a rogue trader that alone caused the bankruptcy of a supposed solid bank.
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
15
ERM AT ALLSTATE
Enterprise Risk Management: Managing Risk to better exploit risk opportunities
Case-Study
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
16
Brief Company Profile
• Allstate was founded in 1931 as part of Sears, Roebuck & Co., and became a publicly traded company in 1993
• It is the nation’s largest publicly held personal lines insurer
• A Fortune 100 company, with $130 billion in total assets, Allstate sells 13 major lines of insurance, including auto, property, life and commercial
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
17
A Novel Approach in the Industry
• Allstate combined its scholastic modeling and operational governance to produce an ERM for the organization
• Over time, Allstate worked to align its analytics with corporate governance and decision making activities
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
18
Allstate’s ERM Framework: Culture/Code of Ethics
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
19
Allstate’s ERM Approach: Advantages
1. It allows the company to set a quantitatively based risk/reward threshold across its businesses
2. Management can evaluate how lines of business compare to each other vis-à-vis capital consumption
3. Provides solid new measurements to inform business decision making
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
20
Allstate’s Successful ERM: Benefits• Helps managers take risk- and capital- related
decisions, such as reinsurance purchasing, asset/liability management, risk limit setting and monitoring, and capital allocation and pricing
• Starts small, focuses on key issues first and consistently build value
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
21
ERM Process
1. Identify top risks2. Build a consensus between risk “owners” and
management on the risk limit for the quantifiable risks
• Allstate uses its own metrics, rather than relying solely on rating agencies to determine overall capital needs as well as capital allocations and levels within the various businesses
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
22
Growing with ERM
• Initially, ERM was used only for Allstate Protection, its property/casualty business
• Now implemented in Allstate Investment and others
• Allstate now operates a Risk Opportunity Forum-members analyze suggestions for greatest potential
• Repeats risk assessment every 2 years
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
23
References
• COSO Executive Summary: http://www.coso.org/Publications/ERM/COSO_ERM_ExecutiveSummary.pdf
• Basel Standards: http://www.bis.org/publ/bcbsca.htm
• Case Study: http://www.towersperrin.com/tp/getwebcachedoc?webc=TILL/USA/2006/200608/Allstate.pdf
• Allstate website: http://www.allstatenewsroom.com• CRISIL Rating: www.crisil.com• Other references: www.wikipedia.org
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
24
Thank You!Questions?
08/04/2023 Group Members: Manu Prakaash, Rashi Saxena, Saurabh Saha, Urvi Gulati TERI University, New Delhi
25
Glossary
1. Operational Risk: The risk of loss resulting from inadequate or failed business, people and systems or from external events (As defined by the
Basel Committee)
2. Risk Tolerance: A measure of the degree of uncertainty that an investor is willing to accept in respect of the negative changes to its business or assets