CIOReview
CIOREVIEW >> Risk Analytics >>

A Deep Dive Into ERM Framework

Joseph Iraci, Managing Director Financial Risk Management and CRO for the Broker Dealers and FCM, TD Ameritrade
Joseph Iraci, Managing Director Financial Risk Management and CRO for the Broker Dealers and FCM, TD Ameritrade

Joseph Iraci, Managing Director Financial Risk Management and CRO for the Broker Dealers and FCM, TD Ameritrade

Enterprise Risk Management (ERM) was introduced in 2004 when the Committee of Sponsored Organizations (COSO) issued its Enterprise Risk Management – Integrated Framework (www.coso.org). COSO defined ERM as a process performed by the Board, management and other personnel, and applied in a strategy setting across the firm. It is intended to identify potential risks that could impact the firm. ERM allows the firm to manage risk to be within its accepted risk appetite and provides reasonable assurance regarding the achievement of firm objectives.

The Integrated Framework organizes firm objectives into four categories:
1. Strategic
2. Operations
3. Reporting
4. Compliance

Strategic objectives are part of the ERM framework and COSO defines strategic objectives as high-level goals that are aligned with and support the goals of an organization. Strategic objectives are core to the overall strategy of the firm. Strategic risk management is a critical part of a firm’s overall ERM program.

Even though ERM was introduced in 2004 many firms have been slow to adopt it because of the various challenges that need to be overcome. Historically risk has been managed in silos, and while firms have been migrating to a more integrated and enterprise wide approach progress has been slow. Some of the challenges for ERM teams include:

• Data Management Skills: Risk management teams need not just analysts but also people with technology backgrounds, especially in the discipline of data science. Data is an element that drives risk management and it is our ability to harness data that provides the valuable information needed for impactful analysis.

• Risk Taxonomy: There should be a consistent definition of risk throughout the firm so everybody is speaking the same language.

• Consistent Analysis: Analysis is a disciplined and formal process that associates need to be trained for in order to get a base level of skill that is required.

• Portfolio Reporting: Information resides in pockets throughout firms but it is critical for ERM to link these pockets of information and provide horizontal and vertical integration of information across the firm.

The same as strategy requires a plan for execution ERM must include the underlying market, credit, and operational risk disciplines to be effective. Otherwise ERM runs the risk of being isolated from the running of the business and could become an ivory tower.

What ERM Means For Risk Managers

ERM is a process in which each of the risk disciplines works within a dynamic process of gathering internal and external data that feeds into their respective risk systems, but these separate data streams become aggregated, taking into account intra-risk relationships. The output of this exercise is management information that can be used at the appropriate level to ensure each management level has sufficient information to deal with uncertainty and has sufficient information to support decision-making.

ERM represents a portfolio view of risk that provides a holistic view of the organization and seeks to understand how all risks, internal and external, faced by the organization can ultimately impact the organization. The objective for the risk disciplines is to understand how the various pieces of risk management fit together within an accepted framework and determine how this framework can best support strategic and tactical decision-making with the goal of supporting firm strategy. 

 

Read Also

The New Bridges and Barriers to an Integrated World view

The New Bridges and Barriers to an Integrated World view

Brandon Beals, Director of Data & Analytics, Dot Foods
Data Literacy –What is it and Why Should Your Company Care?

Data Literacy –What is it and Why Should Your Company Care?

Lisa M. Mayo, Director of Data Management, Ballard Spahr LLP
Importance of Customer Relationship Management Implementation

Importance of Customer Relationship Management Implementation

Drew Fredrick, Vice President, Home Building Technology, Clayton Homes
Creating Momentum Along Your Customer Relationship Management Journey

Creating Momentum Along Your Customer Relationship Management Journey

Anissa Benich, Sr. Director, Enterprise Strategy and Marketing, OneAmerica
CRM and Customer Experience

CRM and Customer Experience

Ashok Dhiman, Director, Enterprise Customer Experience and Data Integration, The Hartford [NYSE: HIG]
Go Big Data or Go Home – Data Analytics-Enabled Compliance Programs

Go Big Data or Go Home – Data Analytics-Enabled Compliance Programs

Kevin Gleason, Senior Vice President, Voya Investment Management and Chief Compliance Officer, The Voya Funds & Matthew Gleason, an undergraduate computer science major, The University of Arizona