Bank Business Case Management Process Study

Enterprise risk management (ERM) in business includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives. ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress. By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall.

ERM can also be described as a risk-based approach to managing an enterprise, integrating concepts of strategic planning, operations management, and internal control. ERM is evolving to address the needs of various stakeholders, who want to understand the broad spectrum of risks facing complex organizations to ensure they are appropriately managed. Regulators and debt rating agencies have increased their scrutiny on the risk management processes of companies.

ERM frameworks defined

There are various important ERM frameworks, each of which describe an approach for identifying, analyzing, responding to, and monitoring risks and opportunities, within the internal and external environment facing the enterprise. Management selects a risk response strategy for specific risks identified and analyzed, which may include:

1. Avoidance: exiting the activities giving rise to risk
2. Reduction: taking action to reduce the likelihood or impact related to the risk
3. Share or insure: transferring or sharing a portion of the risk, to reduce it
4. Accept: no action is taken, due to a cost/benefit decision

Monitoring is typically performed by management as part of its internal control activities, such as review of analytical reports or management committee meetings with relevant experts, to understand how the risk response strategy is working and whether the objectives are being achieved.

Casualty Actuarial Society framework

In 2003, the Casualty Actuarial Society (CAS) defined ERM as the discipline by which an organization in any industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose of increasing the organization's short- and long-term value to its stakeholders." The CAS conceptualized ERM as proceeding across the two dimensions of risk type and risk management processes. The risk types and examples include:

The risk management process involves:

1. Establishing Context: This includes an understanding of the current conditions in which the organization operates on an internal, external and risk management context.
2. Identifying Risks: This includes the documentation of the material threats to the organization’s achievement of its objectives and the representation of areas to the organization may exploit for competitive advantage.
3. Analyzing/Quantifying Risks: This includes the calibration and, if possible, creation of probability distributions of outcomes for each material risk.
4. Integrating Risks: This includes the aggregation of all risk distributions, reflecting correlations and portfolio effects, and the formulation of the results in terms of impact on the organization’s key performance metrics.
5. Assessing/Prioritizing Risks: This includes the determination of the contribution of each risk to the aggregate risk profile, and appropriate prioritization.
6. Treating/Exploiting Risks: This includes the development of strategies for controlling and exploiting the various risks.
7. Monitoring and Reviewing: This includes the continual measurement and monitoring of the risk environment and the performance of the risk management strategies.

COSO ERM framework

The COSO "Enterprise Risk Management-Integrated Framework" published in 2004 defines ERM as a "…process, effected by an entity's board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives."

The COSO ERM Framework has eight Components and four objectives categories. It is an expansion of the COSO Internal Control-Integrated Framework published in 1992 and amended in 1994. The eight components - additional components highlighted - are:

• Internal Environment
• Objective Setting
• Event Identification
• Risk Assessment
• Risk Response
• Control Activities
• Information and Communication
• Monitoring

The four objectives categories - additional components highlighted - are:

• Strategy - high-level goals, aligned with and supporting the organization's mission
• Operations - effective and efficient use of resources
• Financial Reporting - reliability of operational and financial reporting
• Compliance - compliance with applicable laws and regulations

Implementing an ERM program

Goals of an ERM program

Organizations by nature manage risks and have a variety of existing specialized departments or functions ("risk functions") that identify and manage particular risks. However, each risk function varies in capability and how it coordinates with other risk functions. A central goal and challenge of ERM is improving this capability and coordination, while integrating the output to provide a unified picture of risk for stakeholders and improving the organization's ability to manage the risks effectively.

Typical risk functions

The primary risk functions in large corporations that may participate in an ERM program typically include:

• Strategic planning - identifies external threats and competitive opportunities, along with strategic initiatives to address them
• Marketing - understands the target customer to ensure product/service alignment with customer requirements
• Compliance & Ethics - monitors compliance with code of conduct and directs fraud investigations
• Accounting / Financial compliance - directs the Sarbanes-Oxley Section 302 and 404 assessment, which identifies financial reporting risks
• Law Department - manages litigation and analyzes emerging legal trends that may impact the organization
• Insurance - ensures the proper insurance coverage for the organization
• Treasury - ensures cash is sufficient to meet business needs, while managing risk related to commodity pricing or foreign exchange
• Operational Quality Assurance - verifies operational output is within tolerances
• Operations management - ensures the business runs day-to-day and that related barriers are surfaced for resolution
• Credit - ensures any credit provided to customers is appropriate to their ability to pay
• Customer service - ensures customer complaints are handled promptly and root causes are reported to operations for resolution
• Internal audit - evaluates the effectiveness of each of the above risk functions and recommends improvements

Common challenges in ERM implementation

Various consulting firms offer suggestions for how to implement an ERM program. Common topics and challenges include:

• Identifying executive sponsors for ERM.
• Establishing a common risk language or glossary.
• Describing the entity's risk appetite (i.e., risks it will and will not take)
• Identifying and describing the risks in a "risk inventory".
• Implementing a risk-ranking methodology to prioritize risks within and across functions.
• Establishing a risk committee and or Chief Risk Officer (CRO) to coordinate certain activities of the risk functions.
• Establishing ownership for particular risks and responses.
• Demonstrating the cost-benefit of the risk management effort.
• Developing action plans to ensure the risks are appropriately managed.
• Developing consolidated reporting for various stakeholders.
• Monitoring the results of actions taken to mitigate risk.
• Ensuring efficient risk coverage by internal auditors, consulting teams, and other evaluating entities.
• Developing a technical ERM framework that enables secure participation by 3rd parties and remote employees.

Internal audit role

In addition to information technology audit, internal auditors play an important role in evaluating the risk management processes of an organization and advocating their continued improvement. However, to preserve its organizational independence and objective judgment, Internal Audit professional standards indicate the function should not take any direct responsibility for making risk management decisions for the enterprise or managing the risk management function.

Internal auditors typically perform an annual risk assessment of the enterprise, to develop a plan of audit engagements for the upcoming year. This plan is updated at various frequencies in practice. This typically involves review of the vari

Standard Bank Seeks to Reap Benefits of Integrated Asset Management ...

Standard Bank Seeks to Reap Benefits of Integrated Asset Management (Case Study) ... Cutting IT Costs and Improving Business ... to effectively and efficiently process ...

...

Virtusa Helps Leading Wall Street Firm Build Strategic Roadmap for ...

... Build Strategic Roadmap for Business Process Management ... Case Study ... financial clearing operations, comprising business process ...

...

Premium Technology Inc - Case U: Business Process Management

CASE STUDIES: IT STAFFING: SITE MAP: CONTACT US ... Business Process Management (BPM) solution was developed for a global bank.

...

SunTec Case Study: ICICI Bank Improves Business Performance and ...

SunTec Case Study: ICICI Bank Improves Business Performance and Customer ... Business Information Management Blueprinting. 8. Meet ... From Trust to Process: Closing the Risk Gap in ...

...

Degussa Bank: Embracing Business Process Management to Industrialize ...

INFINITY PROCESS PLATFORM Degussa Bank: Embracing Business Process Management to Industrialize Banking Production Processes Company With nearly 180 locations throughout Germany ...

...

SOA in Action Blog: Business Process Management Archives

No we're not talking about political ... Business Process Management, Case Study, Cloud computing, Data Management, ... automated decision making, Bank of America, ...

...

Union Bank of California | BPM case study | Business Process ...

The bank also offers investment and financial management, trust services, private banking, insurance ... What is BPM? | Process Modeling Software | Business Process Management ...

...

Bank of America | BPM case study | Business Process Management

Bank of America is one of the largest financial institutions in the world. Read how the bank became agile to changing regulations by using Savvion BPM Software.

...

Customers:TD Bank Financial Group » Business Process Management ...

TD Bank Financial Group. The Toronto-Dominion Bank and its subsidiaries are ... Press Release:: TD Bank Selects Pegasystems for Cross-Enterprise Business Process Management: Case Study: TD ...

...

Customers:Bank of Oklahoma » Business Process Management ...

... organizations that rely on our innovative business process management ... Bank of Oklahoma. BOK Financial is a regional ... Register to access whitepapers, case studies and more!

...