the bigger picture: enterprise risk management in ... - eiugraphics.eiu.com/upload/sas_erm.pdf ·...

Which of the following best describes your company’s approach to ERM? (% respondents)

We have an ERM strategy that is well-formulated across the business and fully implemented18

We have an ERM strategy that is well-formulated across the business, with a clear timetable for implementation22

We have an ERM strategy in place but not well communicated across the business or between departments28

We have an ERM strategy in place but it is not a fully developed concept and there is no clear timetable for implementation21

We don’t have an ERM strategy in place but we plan to introduce one in the short-term8

We have no plans to introduce an ERM strategy3

Which of the following stakeholders are currently exerting pressure on your organisation to implement or refine an ERM strategy? (% respondents)

Regulators

Executive management

Investors

Non-executive directors

Employees

Other, please specify

72

62

42

23

7

8

Which of the following do you believe are the most important potential benefits of an ERM strategy? (% respondents)

Protection against loss and damage to reputation

Optimised allocation of economic capital

Reduction in losses

Improved performance management

Improved selection of clients according to risk profile

Greater levels of compliance

Improved pricing of products


None of the above

62

56

46

41

24

24

17

2

To what extent do you agree or disagree with the following statements? (% respondents)

Strongly agree Agree Neither agree nor disagree Disagree Strongly disagree

9 32 44 12 3Credit scorecards were not able to adapt to market requirements

9 50 30 8 3We will be increasing the amount of time we invest in our stress testing methods

6 21 45 22 5We currently lack confidence in our stress testing methods

17 46 31 4 2In the wake of the credit crisis, we will be paying particular attention to our stress testing methods

31 54 12 2Financial services providers need to improve current stress testing methods

13 46 27 10 3The credit crisis has forced us to scrutinise our risk management practices in greater detail

6 34 35 21 5The credit crisis has prompted my organisation to allocate more budget to risk management at the expense of other areas

33 37 17 11 2Failures to address risk management were largely to blame for the credit crisis

Which of the following statements best describes your company’s use of economic capital? (% respondents)

It is used throughout the organisation

It is used in certain business units within the organisation

It is used, but in limited ways

It is used on an ad hoc basis

We don’t calculate economic capital

28

22

22

12

16

How important do you believe each of the following would be in the implementation of a successful enterprise riskmanagement (ERM) strategy? Rate on a scale of 1 to 5, where 1=Essential and 5=Not important. (% respondents)

1 Essential 2 3 4 5 Not important

56 34 9 1Having an enterprise risk data infrastructure in place

76 21 2 1Policy is supported at board of director or executive level

38 1150Adequate employee training

40 121345Hiring qualified staff

42 221540Documented records

44 37 1117Ability for organisation to adapt to changes in business environment

32 46 19 3Implementation of technology

What are the three main challenges of adopting an ERM strategy? (% respondents)

Embedding risk management within company culture

Difficulty in quantlfying risks

Timeliness and quality of information

Difficulty integrating risk management with other business processes

Lack of necessary knowledge and skills within the organisation

Corporate priorities are often conflicting

Availability of information

It’s not clear who is responsible for managing risk


47

45

44

39

37

33

33

13

1

Strongly agree


Agree Neither agree nor disagree Disagree Strongly disagree

We have the necessary information to manage risk at an enterprise-wide level10 49 20 16 4

Company objectives, policies and tolerance for risk are clearly communicated through the organisation10 42 26 19 4

We have a common terminology, methodology and set of standards for managing risk11 45 25 17 3

Our risk management process is fully integrated within the business planning process11 25 37 22 4

Enterprise risk management is used to support our business decisions11 37 32 16 4

Everyone in our organistation understands the role they play and their level of accountability with regards to managing risk4 31 34 26 4

Risk management is fully integrated across all functions and business units9 26 33 28 5

There is a formal structure in place for monitoring risk and response5318 18 10 2

Risk is the responsibility of a firm’s board of directors and senior management

Financial services firms need to consider an extensive range of possible scenarios when it comes to managing risk

Risk management is too often treated as a stand-alone function

To what extent do you agree or disagree with the following statements about risk management? (% respondents)

66

65

26

23 4 5 2

32 2

53 12 8 1


How important do you believe each of the following would be in the implementation of a successful enterprise riskmanagement (ERM) strategy? Rate on a scale of 1 to 5, where 1=Essential and 5=Not important. (% respondents)

1 Essential 2 3 4 5 Not important

56 34 9 1Having an enterprise risk data infrastructure in place

76 21 2 1Policy is supported at board of director or executive level

38 1150Adequate employee training

40 121345Hiring qualified staff

42 221540Documented records

44 37 1117Ability for organisation to adapt to changes in business environment

32 46 19 3Implementation of technology

Who in your organisation has primary responsibility for overseeing risk management activities? (% respondents)

CRO

ERM/Risk management committee

CEO

CFO

Audit committee

Heads of business units

Line manager

Regional directors


36

19

15

14

8

3

3

1

2

Which of the following best describes the level of understanding of risk management within your business? Please select the answer that most closely corresponds with the situation in your company (% respondents)

The importance of risk management is widely understood throughoutthe company

There is limited understanding but we are providing training to allemployees to improve this

There is little understanding of risk management among employees otherthan those whose primary function is risk management

39

32

28

In your opinion, what are the three main challenges of adopting an enterprise risk management (ERM) strategy? Select up to three (% respondents)

Embedding risk management within company culture

Difficulty in quantifying risks

Timeliness and quality of information

Difficulty integrating risk management with other business processes

Lack of necessary knowledge and skills within the organisation

Corporate priorities are often conflicting

Availability of information

It’s not clear who is responsible for managing risk


47

45

44

39

37

33

33

13

1

Which of the following stakeholders are currently exerting pressure on your organisation to implement or refine an enterprise risk management (ERM) strategy?Select all that apply (% respondents)

Regulators

Executive management

Investors

Non-executive directors

Employees


72

62

42

23

7

8

Which of the following best describes your company’s approach to ERM? (% respondents)

We have an ERM strategy that is well-formulated across the business and fully implemented18

We have an ERM strategy that is well-formulated across the business, with a clear timetable for implementation22

We have an ERM strategy in place but not well communicated across the business or between departments28

We have an ERM strategy in place but it is not a fully developed concept and there is no clear timetable for implementation21

We don’t have an ERM strategy in place but we plan to introduce one in the short-term8

We have no plans to introduce an ERM strategy3

What resources have you used to improve your business’ understanding and implementation of ERM?Select all that apply (% respondents)

Formal training programme for employees

External consultancies

Enterprise risk management committee

Industry forums

Industry reports

Analysts

None of the above

48

44

43

33

33

24

9

Which of the following do you believe are the most important potential benefits of an ERM strategy? (% respondents)

Protection against loss and damage to reputation

Optimised allocation of economic capital

Reduction in losses

Improved performance management

Improved selection of clients according to risk profile

Greater levels of compliance

Improved pricing of products


None of the above

62

56

46

41

24

24

17

2

0

To what extent do you believe an ERM strategy could help your business address these issues? Rate on a scale from 1 to 5, where 1=Great extent and 5=Not at all (% respondents)

1 Great extent 2 3 4 5 Not at all

17 29 30 14 11Solvency risk

22 29 29 15 5Fraud

23 34 25 12 5Liquidity risk

27 33 27 10 3Economic capital

26 32 28 9 5Regulatory risk

25 32 26 14 3Business continuity/disaster recovery

25 31 31 11 3IT risk

35 34 21 8 1Reputational risk

46 34 16 3 1Operational risk

39 37 18 4 3Market risk

45 31 15 5 4Credit risk

Please rate the following issues in terms of the challenge they pose to your business. Rate on a scale from 1 to 5, where 1=Significant challenge and 5=Not a significant challenge (% respondents)

1 Significant challenge 2 3 4 5 Not a significant challenge

8 20 29 25 18Solvency risk

13 32 30 17 6Fraud

17 35 29 13 6Economic capital

23 30 31 12 4Regulatory risk

14 26 37 19 4Business continuity/disaster recovery

16 41 29 12 2IT risk

31 35 22 10 2Reputational risk

30 43 22 5 1Operational risk

38 36 18 6 1Market risk

44 28 17 7 5Credit risk

23 32 27 13 5Liquidity risk

Which of the following best describes the way risk management is reported within your organisation?Please select the answer that most closely corresponds with the situation in your company (% respondents)

Risk reporting takes place on a regular, formal basis

There is continuous management reporting which includes risk

Risk issues are reported on an ad hoc basis

Risk issues are not reported at all

51

28

20

0

In which one area of risk has your business invested the most over the last 12 months? (% respondents)

Credit risk management

Internal risk management, methodology, processes, policy and organisation

Operational risk management

Risk data infrastructure

Market risk management

Anti-money laundering

Asset and liability management

Risk management solutions

29

19

16

9

9

8

5

4

In which one area of risk will your business invest the most in the next twelve months? (% resondents)

Internal risk management, methodology, processes, policy and organisation



Risk data infrastructure

Risk management solutions


Asset and liability management

Anti-money laundering

20

17

16

13

12

11

6

5

Strongly agree


Agree Neither agree nor disagree Disagree Strongly disagree

We have the necessary information to manage risk at an enterprise-wide level10 49 20 16 4

Company objectives, policies and tolerance for risk are clearly communicated through the organisation10 42 26 19 4

We have a common terminology, methodology and set of standards for managing risk11 45 25 17 3

Our risk management process is fully integrated within the business planning process11 25 37 22 4

Enterprise risk management is used to support our business decisions11 37 32 16 4

Everyone in our organistation understands the role they play and their level of accountability with regards to managing risk4 31 34 26 4

Risk management is fully integrated across all functions and business units9 26 33 28 5

There is a formal structure in place for monitoring risk and response5318 18 10 2



9 32 44 12 3Credit scorecards were not able to adapt to market requirements

9 50 30 8 3We will be increasing the amount of time we invest in our stress testing methods

6 21 45 22 5We currently lack confidence in our stress testing methods

17 46 31 4 2In the wake of the credit crisis, we will be paying particular attention to our stress testing methods

31 54 12 2Financial services providers need to improve current stress testing methods

13 46 27 10 3The credit crisis has forced us to scrutinise our risk management practices in greater detail

6 34 35 21 5The credit crisis has prompted my organisation to allocate more budget to risk management at the expense of other areas

33 37 17 11 2Failures to address risk management were largely to blame for the credit crisis

Last 12 months Next 12 months

Which approaches to stress testing have you have used in the last 12 months? And which approaches will you use in thenext 12 months? Select all that apply(% respondents)

28 43Incorporation of market liquidity into our market risk stress analysis

25 39Construction of scenarios using econometric models

60 44Historical and hypothetical scenarios

42 42Integration of risk exposures across different business lines

Which approaches to credit scoring does your business use? Select all that apply (% respondents)

40We develop credit scorecards in-house for retail

46

We develop credit scorecards in-house for small and medium enterprises(SMEs)

43We develop credit scorecards in-house for corporate lending

20We don’t have credit scorecards in-house and we don’t plan to

11

We don’t have credit scorecards in-house but we are planning to introducethis function

16We use an external supplier for credit scorecards

In your opinion, what factors make it difficult to build credit scoring internally? Select all that apply (% respondents)

Lack of necessary data

Lack of appropriate skills

It is too specialist a function

Too many costs involved

Lack of support within organisation

63

40

24

22

19

Which of the following statements best describes your use of economic capital? Please select the answer that most closely corresponds with the situation in your company (% respondents)

It is used throughout the organisation

It is used in certain business units within the organisation

It is used, but in limited ways

It is used on an ad hoc basis

We don’t calculate economic capital

28

22

22

12

16

In which three areas of your business would you expect enterprise risk management to have the greatest impact? Select up to three (% respondents)

Improvement in decision-making

Ability to balance risks

Capital allocation

Ability to increase company value

Performance management

As a business planning tool

Ability to comply with regulatory changes

Operational efficiency


59

51

46

27

27

26

24

18

1

29

28

26

6

6

4

North America

Western Europe

Asia-Pacific

eastern Europe

Middle East and Africa

Latin America

In which region are you personally based? (% respondents)

What is your main functional role? (% respondents)

Group risk management

Finance



Business line


Compliance

Treasury

Internal audit


21

17

13

13

9

7

6

4

3

6

Which of the following best describes your title? (% respondents)

Board member6

CEO/President/Managing director13

CFO/Treasurer/Comptroller12

CIO/Technology director2

Other C-level executive12

SVP/VP/Director24

Head of Business Unit5

Head of Department10

Manager12

Other4

25

16

12

6

10

7

3

3

19

Under $1bn

$1bn to $9.9bn

$10bn to $24.9bn

$25bn to $49.9bn

$50bn to $99.9bn

$100bn to $149.9bn

$150bn to $199.9bn

$200bn to $249.9bn

Over $250bn

What are your organisation’s global assets in US dollars?(% respondents)

In which sub sector of financial services does your organisationoperate? Select all that apply (% respondents)

Retail banking

Corporate banking

Asset management/custodian

Investment banking

Capital markets

Trading

Private banking/wealth management

Broker/dealer

Private equity/venture capital

Real estate/leasing

Investment consulting

Non-life insurance

Life insurance

Mutual fund

Hedge fund

Stock exchange/trading system

Property and casualty insurance

Pension fund trustee

Reinsurance


34

33

29

29

24

22

20

16

14

11

11

9

9

8

8

6

6

5

10

4

the bigger picture: enterprise risk management in ... - eiugraphics.eiu.com/upload/sas_erm.pdf ·...

Documents