Enterprise Risk Management

I am looking for definitions of operational risk management. We are a financial services company and have structured approaches to market, credit and insurance (product) risk. In order to work on our operational risk framework (which includes hazard risks), we are reviewing our current "people, processes" type definition. Does anyone have any suggestions? ------------------------------- Susan Meltzer Sun Life Financial Asst. VP, Insurance and Risk Mgmt. -------------------------------

In case you didn't have ours Susan, here it is in its latest revised form: "the risk of loss due to physical catastrophes, technical failure, or a system or process breakdwon that has a direct impact on prouducts, services or the conduct of operations." As distinguihed from business risk which is: "the risk that there will be a shift in the business environment or typically external influences that could indirectly impact an organization's ability to achieve its goals." Always good to get these straight. As an asisde, do you think the paucity of postings on this e-group is the proof that most of our colleagues have no real interest in real risk management? ------------------------------- Christopher Mandel USAA Enterprise Risk Management AVP, Enterprise Risk Mgmt. -------------------------------
Original Message----- Sent: July 20, 2004 16:54 Subject: Operational Risk Management I am looking for definitions of operational risk management. We are a financial services company and have structured approaches to market, credit and insurance (product) risk. In order to work on our operational risk framework (which includes hazard risks), we are reviewing our current "people, processes" type definition. Does anyone have any suggestions? ------------------------------- Susan Meltzer Sun Life Financial Asst. VP, Insurance and Risk Mgmt. -------------------------------

Your final comment while provocative is not true. ------------------------------- Christopher Triggs JM Family Enterprises, Inc. Director, Risk Management -------------------------------
Original Message----- Sent: July 21, 2004 11:14 Subject: RE: Operational Risk Management In case you didn't have ours Susan, here it is in its latest revised form: "the risk of loss due to physical catastrophes, technical failure, or a system or process breakdwon that has a direct impact on prouducts, services or the conduct of operations." As distinguihed from business risk which is: "the risk that there will be a shift in the business environment or typically external influences that could indirectly impact an organization's ability to achieve its goals." Always good to get these straight. As an asisde, do you think the paucity of postings on this e-group is the proof that most of our colleagues have no real interest in real risk management? ------------------------------- Christopher Mandel USAA Enterprise Risk Management AVP, Enterprise Risk Mgmt. -------------------------------

First, I would like to thank everyone who has responded so far to my query - both the publicly posted and the one-on-one responses. It certainly helps us a lot and shows the power of the egroup. Chris' message referenced the paucity of activity on this egroup. I certainly am disappointed that we have not generated more discussion on ERM issues. From the attendance at the roundtable in San Diego, I thought that there were a number of members who are working on these initiatives and as indicated by my experience, there are lots of us that are willing to share. The availability of benchmarking in ERM is limited. It is mostly consultants referencing best practices and largely based on the banking experience which isn't always relevant. I think that this is the best forum to get information and encourage everyone to use this tool. ------------------------------- Susan Meltzer Sun Life Financial Asst. VP, Insurance and Risk Mgmt. -------------------------------
Original Message----- Sent: July 21, 2004 11:14 Subject: RE: Operational Risk Management In case you didn't have ours Susan, here it is in its latest revised form: "the risk of loss due to physical catastrophes, technical failure, or a system or process breakdwon that has a direct impact on prouducts, services or the conduct of operations." As distinguihed from business risk which is: "the risk that there will be a shift in the business environment or typically external influences that could indirectly impact an organization's ability to achieve its goals." Always good to get these straight. As an asisde, do you think the paucity of postings on this e-group is the proof that most of our colleagues have no real interest in real risk management? ------------------------------- Christopher Mandel USAA Enterprise Risk Management AVP, Enterprise Risk Mgmt. -------------------------------

------------------------------------------ This message has been cross-posted to both the Enterprise Risk Management and the Financial Services E-Groups. ------------------------------------------ We, at Allianz Life, use the following definition for ORM: "Risk of a loss resulting from inadequacies or failures in operational processes or controls due to technical resources, people, organization or external factors." Another quality source of risk management model definitions for not only ORM but credit, legal, liquidity, market, pricing and reputational risks is the Minnesota Department of Commerce’s web site. The MNDOC has recently developed a new model for the examination function of insurance companies. For the last three years, the MNDOC have been meeting with other regulators (in particular the FDIC and NAIC) on a process to bring the examination process into the 21st century, consistent with the standards being developed through the implementation of the Sarbanes-Oxley Act of 2002. In some respects, the insurance regulators have been in “catch-up mode” on the evolution of risk-based examination processes, but Minnesota intends to be on the cutting edge of such development. (We’re not all lumberjacks up here in da Nordland, ya’know) They believe that it is more appropriate to assess how a company manages its inherent risks by activity or business function, rather than balance sheet item. The desired intent is that examination activities focus on insurer functional activities that pose the greatest risk exposure, thereby increasing the effectiveness of the examination process without requiring increased resources. Under this new model, the focus of the examination and surveillance processes assess an insurer’s risk by evaluating its ability to identify, measure, evaluate, and control risk. (Hummmm… Where have I heard that before???) The intent of the new processes is to strike a balance between evaluating the condition of an insurer at a certain point in time and evaluating the quality of the insurer’s processes for managing risk. Intended outcomes of this new model for the examination function of insurance companies include a reduction in activities that duplicate the activities of the external auditors and management review functions. As a result, they intend to achieve the following goals with this new approach: • Improve the state based system of regulation to be more effective and efficient by shifting resources to riskier companies; • Identify troubled companies earlier; • Foster industry best practices (sound governance and risk management); • More effective and efficient regulation of insurers, especially those with a lower degree of regulatory concern, resulting in less distraction and disruption, compared to the current “audit” approach; and • Develop a process consistent with those of other regulators of financial services, both in the U.S. and internationally. Sounds “ERMish” to me. Anyway, back to Susan’s ORM inquiry. MNDOC’s categorical definition of ORM is as follows: “Operational Risk- The potential that inadequate information systems, operational problems, breaches in internal controls, fraud or unforeseen catastrophes will result in unexpected losses.” They further define operational risk as an element of insurance company risk: “Risk that substantial unexpected losses will result from ineffective/inadequate internal control policies (including those of the internal audit function), inadequate practices/procedures, inadequate information or management reporting systems, or reliance on third parties or vendors. Such risk could also result from failure to design appropriate financial reporting and accounting systems.” Their web site can be found at: http://www.state.mn.us/cgi-bin/portal/mn/jsp/home.do?agency=Commerce&agency=Commerce Then click on: Businesses we Regulate --> Insurance --> Company Financials --> Risk Questionnaire I hope that helps. -E ------------------------------- Eric Benson Allianz Life Insurance Company of NA Enterprise Risk Mgr -------------------------------
Original Message----- Sent: July 20, 2004 16:54 Subject: Operational Risk Management I am looking for definitions of operational risk management. We are a financial services company and have structured approaches to market, credit and insurance (product) risk. In order to work on our operational risk framework (which includes hazard risks), we are reviewing our current "people, processes" type definition. Does anyone have any suggestions? ------------------------------- Susan Meltzer Sun Life Financial Asst. VP, Insurance and Risk Mgmt. -------------------------------

Perhaps most real risk management questions are already being answered in other RIMS e-groups, and only those directed at non-traditional risk management are posted here. Every new forum has growth and recognition issues. I found your comment to be an insult.
Original Message----- Sent: July 21, 2004 11:14 Subject: RE: Operational Risk Management In case you didn't have ours Susan, here it is in its latest revised form: "the risk of loss due to physical catastrophes, technical failure, or a system or process breakdwon that has a direct impact on prouducts, services or the conduct of operations." As distinguihed from business risk which is: "the risk that there will be a shift in the business environment or typically external influences that could indirectly impact an organization's ability to achieve its goals." Always good to get these straight. As an asisde, do you think the paucity of postings on this e-group is the proof that most of our colleagues have no real interest in real risk management? ------------------------------- Christopher Mandel USAA Enterprise Risk Management AVP, Enterprise Risk Mgmt. -------------------------------

Susan, Chris and others: I have to chime in on the suject of what level of interest there is in ERM and in this e-group. There are many such as myself that continue to have a great deal of interest in this subject matter. Personally I like to monitor the postings in this e-group while I continue work toward educating my company an ERM approach to RM. The sharing of ERM information at ed sessions in this e-group from those such as yourself that have experience in ERM, is appreciated and does have an audience. Thank you. ------------------------------- Robert Ness American Family Mutual Insurance Corp. Risk Manager -------------------------------
Original Message----- Sent: July 22, 2004 13:40 Subject: RE: Operational Risk Management First, I would like to thank everyone who has responded so far to my query - both the publicly posted and the one-on-one responses. It certainly helps us a lot and shows the power of the egroup. Chris' message referenced the paucity of activity on this egroup. I certainly am disappointed that we have not generated more discussion on ERM issues. From the attendance at the roundtable in San Diego, I thought that there were a number of members who are working on these initiatives and as indicated by my experience, there are lots of us that are willing to share. The availability of benchmarking in ERM is limited. It is mostly consultants referencing best practices and largely based on the banking experience which isn't always relevant. I think that this is the best forum to get information and encourage everyone to use this tool. ------------------------------- Susan Meltzer Sun Life Financial Asst. VP, Insurance and Risk Mgmt. -------------------------------