the bigger picture: enterprise risk management in ... - eiugraphics.eiu.com/upload/sas_erm.pdf ·...
TRANSCRIPT
Which of the following best describes your company’s approach to ERM? (% respondents)
We have an ERM strategy that is well-formulated across the business and fully implemented18
We have an ERM strategy that is well-formulated across the business, with a clear timetable for implementation22
We have an ERM strategy in place but not well communicated across the business or between departments28
We have an ERM strategy in place but it is not a fully developed concept and there is no clear timetable for implementation21
We don’t have an ERM strategy in place but we plan to introduce one in the short-term8
We have no plans to introduce an ERM strategy3
Which of the following stakeholders are currently exerting pressure on your organisation to implement or refine an ERM strategy? (% respondents)
Regulators
Executive management
Investors
Non-executive directors
Employees
Other, please specify
72
62
42
23
7
8
Which of the following do you believe are the most important potential benefits of an ERM strategy? (% respondents)
Protection against loss and damage to reputation
Optimised allocation of economic capital
Reduction in losses
Improved performance management
Improved selection of clients according to risk profile
Greater levels of compliance
Improved pricing of products
Other, please specify
None of the above
62
56
46
41
24
24
17
2
To what extent do you agree or disagree with the following statements? (% respondents)
Strongly agree Agree Neither agree nor disagree Disagree Strongly disagree
9 32 44 12 3Credit scorecards were not able to adapt to market requirements
9 50 30 8 3We will be increasing the amount of time we invest in our stress testing methods
6 21 45 22 5We currently lack confidence in our stress testing methods
17 46 31 4 2In the wake of the credit crisis, we will be paying particular attention to our stress testing methods
31 54 12 2Financial services providers need to improve current stress testing methods
13 46 27 10 3The credit crisis has forced us to scrutinise our risk management practices in greater detail
6 34 35 21 5The credit crisis has prompted my organisation to allocate more budget to risk management at the expense of other areas
33 37 17 11 2Failures to address risk management were largely to blame for the credit crisis
Which of the following statements best describes your company’s use of economic capital? (% respondents)
It is used throughout the organisation
It is used in certain business units within the organisation
It is used, but in limited ways
It is used on an ad hoc basis
We don’t calculate economic capital
28
22
22
12
16
How important do you believe each of the following would be in the implementation of a successful enterprise riskmanagement (ERM) strategy? Rate on a scale of 1 to 5, where 1=Essential and 5=Not important. (% respondents)
1 Essential 2 3 4 5 Not important
56 34 9 1Having an enterprise risk data infrastructure in place
76 21 2 1Policy is supported at board of director or executive level
38 1150Adequate employee training
40 121345Hiring qualified staff
42 221540Documented records
44 37 1117Ability for organisation to adapt to changes in business environment
32 46 19 3Implementation of technology
What are the three main challenges of adopting an ERM strategy? (% respondents)
Embedding risk management within company culture
Difficulty in quantlfying risks
Timeliness and quality of information
Difficulty integrating risk management with other business processes
Lack of necessary knowledge and skills within the organisation
Corporate priorities are often conflicting
Availability of information
It’s not clear who is responsible for managing risk
Other, please specify
47
45
44
39
37
33
33
13
1
Strongly agree
To what extent do you agree or disagree with the following statements? (% respondents)
Agree Neither agree nor disagree Disagree Strongly disagree
We have the necessary information to manage risk at an enterprise-wide level10 49 20 16 4
Company objectives, policies and tolerance for risk are clearly communicated through the organisation10 42 26 19 4
We have a common terminology, methodology and set of standards for managing risk11 45 25 17 3
Our risk management process is fully integrated within the business planning process11 25 37 22 4
Enterprise risk management is used to support our business decisions11 37 32 16 4
Everyone in our organistation understands the role they play and their level of accountability with regards to managing risk4 31 34 26 4
Risk management is fully integrated across all functions and business units9 26 33 28 5
There is a formal structure in place for monitoring risk and response5318 18 10 2
Risk is the responsibility of a firm’s board of directors and senior management
Financial services firms need to consider an extensive range of possible scenarios when it comes to managing risk
Risk management is too often treated as a stand-alone function
To what extent do you agree or disagree with the following statements about risk management? (% respondents)
66
65
26
23 4 5 2
32 2
53 12 8 1
Strongly agree Agree Neither agree nor disagree Disagree Strongly disagree
How important do you believe each of the following would be in the implementation of a successful enterprise riskmanagement (ERM) strategy? Rate on a scale of 1 to 5, where 1=Essential and 5=Not important. (% respondents)
1 Essential 2 3 4 5 Not important
56 34 9 1Having an enterprise risk data infrastructure in place
76 21 2 1Policy is supported at board of director or executive level
38 1150Adequate employee training
40 121345Hiring qualified staff
42 221540Documented records
44 37 1117Ability for organisation to adapt to changes in business environment
32 46 19 3Implementation of technology
Who in your organisation has primary responsibility for overseeing risk management activities? (% respondents)
CRO
ERM/Risk management committee
CEO
CFO
Audit committee
Heads of business units
Line manager
Regional directors
Other, please specify
36
19
15
14
8
3
3
1
2
Which of the following best describes the level of understanding of risk management within your business? Please select the answer that most closely corresponds with the situation in your company (% respondents)
The importance of risk management is widely understood throughoutthe company
There is limited understanding but we are providing training to allemployees to improve this
There is little understanding of risk management among employees otherthan those whose primary function is risk management
39
32
28
In your opinion, what are the three main challenges of adopting an enterprise risk management (ERM) strategy? Select up to three (% respondents)
Embedding risk management within company culture
Difficulty in quantifying risks
Timeliness and quality of information
Difficulty integrating risk management with other business processes
Lack of necessary knowledge and skills within the organisation
Corporate priorities are often conflicting
Availability of information
It’s not clear who is responsible for managing risk
Other, please specify
47
45
44
39
37
33
33
13
1
Which of the following stakeholders are currently exerting pressure on your organisation to implement or refine an enterprise risk management (ERM) strategy?Select all that apply (% respondents)
Regulators
Executive management
Investors
Non-executive directors
Employees
Other, please specify
72
62
42
23
7
8
Which of the following best describes your company’s approach to ERM? (% respondents)
We have an ERM strategy that is well-formulated across the business and fully implemented18
We have an ERM strategy that is well-formulated across the business, with a clear timetable for implementation22
We have an ERM strategy in place but not well communicated across the business or between departments28
We have an ERM strategy in place but it is not a fully developed concept and there is no clear timetable for implementation21
We don’t have an ERM strategy in place but we plan to introduce one in the short-term8
We have no plans to introduce an ERM strategy3
What resources have you used to improve your business’ understanding and implementation of ERM?Select all that apply (% respondents)
Formal training programme for employees
External consultancies
Enterprise risk management committee
Industry forums
Industry reports
Analysts
None of the above
48
44
43
33
33
24
9
Which of the following do you believe are the most important potential benefits of an ERM strategy? (% respondents)
Protection against loss and damage to reputation
Optimised allocation of economic capital
Reduction in losses
Improved performance management
Improved selection of clients according to risk profile
Greater levels of compliance
Improved pricing of products
Other, please specify
None of the above
62
56
46
41
24
24
17
2
0
To what extent do you believe an ERM strategy could help your business address these issues? Rate on a scale from 1 to 5, where 1=Great extent and 5=Not at all (% respondents)
1 Great extent 2 3 4 5 Not at all
17 29 30 14 11Solvency risk
22 29 29 15 5Fraud
23 34 25 12 5Liquidity risk
27 33 27 10 3Economic capital
26 32 28 9 5Regulatory risk
25 32 26 14 3Business continuity/disaster recovery
25 31 31 11 3IT risk
35 34 21 8 1Reputational risk
46 34 16 3 1Operational risk
39 37 18 4 3Market risk
45 31 15 5 4Credit risk
Please rate the following issues in terms of the challenge they pose to your business. Rate on a scale from 1 to 5, where 1=Significant challenge and 5=Not a significant challenge (% respondents)
1 Significant challenge 2 3 4 5 Not a significant challenge
8 20 29 25 18Solvency risk
13 32 30 17 6Fraud
17 35 29 13 6Economic capital
23 30 31 12 4Regulatory risk
14 26 37 19 4Business continuity/disaster recovery
16 41 29 12 2IT risk
31 35 22 10 2Reputational risk
30 43 22 5 1Operational risk
38 36 18 6 1Market risk
44 28 17 7 5Credit risk
23 32 27 13 5Liquidity risk
Which of the following best describes the way risk management is reported within your organisation?Please select the answer that most closely corresponds with the situation in your company (% respondents)
Risk reporting takes place on a regular, formal basis
There is continuous management reporting which includes risk
Risk issues are reported on an ad hoc basis
Risk issues are not reported at all
51
28
20
0
In which one area of risk has your business invested the most over the last 12 months? (% respondents)
Credit risk management
Internal risk management, methodology, processes, policy and organisation
Operational risk management
Risk data infrastructure
Market risk management
Anti-money laundering
Asset and liability management
Risk management solutions
29
19
16
9
9
8
5
4
In which one area of risk will your business invest the most in the next twelve months? (% resondents)
Internal risk management, methodology, processes, policy and organisation
Operational risk management
Credit risk management
Risk data infrastructure
Risk management solutions
Market risk management
Asset and liability management
Anti-money laundering
20
17
16
13
12
11
6
5
Strongly agree
To what extent do you agree or disagree with the following statements? (% respondents)
Agree Neither agree nor disagree Disagree Strongly disagree
We have the necessary information to manage risk at an enterprise-wide level10 49 20 16 4
Company objectives, policies and tolerance for risk are clearly communicated through the organisation10 42 26 19 4
We have a common terminology, methodology and set of standards for managing risk11 45 25 17 3
Our risk management process is fully integrated within the business planning process11 25 37 22 4
Enterprise risk management is used to support our business decisions11 37 32 16 4
Everyone in our organistation understands the role they play and their level of accountability with regards to managing risk4 31 34 26 4
Risk management is fully integrated across all functions and business units9 26 33 28 5
There is a formal structure in place for monitoring risk and response5318 18 10 2
To what extent do you agree or disagree with the following statements? (% respondents)
Strongly agree Agree Neither agree nor disagree Disagree Strongly disagree
9 32 44 12 3Credit scorecards were not able to adapt to market requirements
9 50 30 8 3We will be increasing the amount of time we invest in our stress testing methods
6 21 45 22 5We currently lack confidence in our stress testing methods
17 46 31 4 2In the wake of the credit crisis, we will be paying particular attention to our stress testing methods
31 54 12 2Financial services providers need to improve current stress testing methods
13 46 27 10 3The credit crisis has forced us to scrutinise our risk management practices in greater detail
6 34 35 21 5The credit crisis has prompted my organisation to allocate more budget to risk management at the expense of other areas
33 37 17 11 2Failures to address risk management were largely to blame for the credit crisis
Last 12 months Next 12 months
Which approaches to stress testing have you have used in the last 12 months? And which approaches will you use in thenext 12 months? Select all that apply(% respondents)
28 43Incorporation of market liquidity into our market risk stress analysis
25 39Construction of scenarios using econometric models
60 44Historical and hypothetical scenarios
42 42Integration of risk exposures across different business lines
Which approaches to credit scoring does your business use? Select all that apply (% respondents)
40We develop credit scorecards in-house for retail
46
We develop credit scorecards in-house for small and medium enterprises(SMEs)
43We develop credit scorecards in-house for corporate lending
20We don’t have credit scorecards in-house and we don’t plan to
11
We don’t have credit scorecards in-house but we are planning to introducethis function
16We use an external supplier for credit scorecards
In your opinion, what factors make it difficult to build credit scoring internally? Select all that apply (% respondents)
Lack of necessary data
Lack of appropriate skills
It is too specialist a function
Too many costs involved
Lack of support within organisation
63
40
24
22
19
Which of the following statements best describes your use of economic capital? Please select the answer that most closely corresponds with the situation in your company (% respondents)
It is used throughout the organisation
It is used in certain business units within the organisation
It is used, but in limited ways
It is used on an ad hoc basis
We don’t calculate economic capital
28
22
22
12
16
In which three areas of your business would you expect enterprise risk management to have the greatest impact? Select up to three (% respondents)
Improvement in decision-making
Ability to balance risks
Capital allocation
Ability to increase company value
Performance management
As a business planning tool
Ability to comply with regulatory changes
Operational efficiency
Other, please specify
59
51
46
27
27
26
24
18
1
29
28
26
6
6
4
North America
Western Europe
Asia-Pacific
eastern Europe
Middle East and Africa
Latin America
In which region are you personally based? (% respondents)
What is your main functional role? (% respondents)
Group risk management
Finance
Credit risk management
Operational risk management
Business line
Market risk management
Compliance
Treasury
Internal audit
Other, please specify
21
17
13
13
9
7
6
4
3
6
Which of the following best describes your title? (% respondents)
Board member6
CEO/President/Managing director13
CFO/Treasurer/Comptroller12
CIO/Technology director2
Other C-level executive12
SVP/VP/Director24
Head of Business Unit5
Head of Department10
Manager12
Other4
25
16
12
6
10
7
3
3
19
Under $1bn
$1bn to $9.9bn
$10bn to $24.9bn
$25bn to $49.9bn
$50bn to $99.9bn
$100bn to $149.9bn
$150bn to $199.9bn
$200bn to $249.9bn
Over $250bn
What are your organisation’s global assets in US dollars?(% respondents)
In which sub sector of financial services does your organisationoperate? Select all that apply (% respondents)
Retail banking
Corporate banking
Asset management/custodian
Investment banking
Capital markets
Trading
Private banking/wealth management
Broker/dealer
Private equity/venture capital
Real estate/leasing
Investment consulting
Non-life insurance
Life insurance
Mutual fund
Hedge fund
Stock exchange/trading system
Property and casualty insurance
Pension fund trustee
Reinsurance
Other, please specify
34
33
29
29
24
22
20
16
14
11
11
9
9
8
8
6
6
5
10
4