Agenda ERM Overview Operations Risk Framework Market Risk / Credit Risk / ALM Framework IT Risk Framework Insurance Risk Framework ERM – Way forward

1. Confidential Slide
Continuity and Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by our partners and
extended team of industry experts
Our Contact Details:
INDIA UAE
Continuity and Resilience
Level 15,Eros Corporate Tower
Nehru Place ,New Delhi-110019
Tel: +91 11 41055534/ +91 11 41613033
Fax: ++91 11 41055535
Email: neha@continuityandresilience.com
Continuity and Resilience
P. O. Box 127557
Abu Dhabi, United Arab Emirates
Mobile:+971 50 8460530
Tel: +971 2 8152831
Fax: +971 2 8152888
Email: info@continuityandresilience.com

2. Enterprise Risk Management

3. Confidential Slide
AgendaAgenda
3

4. Confidential Slide 444
Enterprise wide Risk Management – The Building BlocksEnterprise wide Risk Management – The Building Blocks
Identification Measurement MonitoringGovernance
Self Assessment
Capture of Losses
 Improve
Processes
 Improve
Controls
 Enhance
Technology /
BCP
 Enhance
Business
Controls
 Project
Quality
Assurance
 Project
Readiness
Assessment
 Committees
 Regulatory
Reporting
 Quality
Assurance of
GRC processes
 Consistency
across Group
 Group Risk
 Group Audit
 Independent
Review and
Audit Control
 Group Legal &
Compliance
framework
 Asset Liability
Management
Governance, Risk & Compliance (GRC)
Framework – people, process & technology
Key Risk Indicators
Process Mapping
Strategy /
Design
Implementation Mitigation
Mitigation
Governance: Establishment
of policies and the definition of
the framework to implement
these policies
Identification: Stipulation and
documentation of risk
exposure along process and
project lines
Measurement: Qualification
and quantification of risk and
loss in financial value and
quality
Monitoring: Identification,
tracking and control of risk
events and resolution thereof
Mitigation: Proactive
management of risk exposure
Source: Reliance Life

5. Confidential Slide 5
Enterprise Wide Risk Management Structure at RLICEnterprise Wide Risk Management Structure at RLIC

6. Confidential Slide 6
Corporate Governance PracticesCorporate Governance Practices

7. Confidential Slide
Section 1Section 1
7

8. Confidential Slide
Operations Risk FrameworkOperations Risk Framework

9. Confidential Slide
Risk & Control Self
Assessment

10. Confidential Slide
Key Risk Indicator
Dashboard

11. Confidential Slide
Loss Database

12. Confidential Slide
Risk Sensitization

13. Confidential Slide
Risk Reviews

14. Confidential Slide
Fraud prevention process
Fraud prevention
process
Fraud Prevention &
Investigation

15. Confidential Slide
Business Continuity Management

16. Confidential Slide
Actual Incidents
 Virus Attack in 2010 – systems were down for 2 - 3 days
 Short circuit and fire on Electrical box of the Andheri Corporate office building
leading to no electrical supply to the office building for 4-5 days in 2011.
 Fire at one of the floors at Corporate office in 2014 leading to office evacuation
 Fire at Kolkatta Branch Office in 2015 due to short circuit
 Nepal Earthquake – impacted few branches and they worked for alternate
locations

17. Confidential Slide
Key Issues or Challenges in Implementing Business
Continuity Projects
 Senior Management Commitment and involvement
 Lack of thorough understanding of data dynamics and dependencies involved in
data recovery by BCM practitioners
 Inappropriate approach in executing BCM processes
 Incorrect and / or inappropriate assumptions in formulating business continuity
and disaster recovery plans

18. Confidential Slide
Resolutions to implementation of Effective BCM
• Set up a cross functional steering committee of key stakeholders and meetings to
be held regularly
• Systematic planning and collaboration between business and IT
• Consistency in documentation and approach can be achieved by adopting an
international BCM standard / framwork across the enterprise
• Adoption of service / product based approach for risk assessment is more
effective and sustainable

19. Confidential Slide
Business Continuity Management System (BCMS) and Information
Security Management System (ISMS) – an integrated approach
ISO27001:2013 ISO22301:2012

20. Confidential Slide
Section 2Section 2
20

21. Confidential Slide 21
Market Risk FrameworkMarket Risk Framework

22. Confidential Slide 22
Credit Risk FrameworkCredit Risk Framework
• Evaluation done based on 4C’s of Credit
•Conduct review with the following
Issue reports with key action points to the Executive Investment committee

23. Confidential Slide
Section 3Section 3
23

24. Confidential Slide 24
Information Security Risk Management (ISRM)
Business
Strategy
Business
Strategy
Business
Process
IncidentIncident
RiskRisk
IT Systems &
Assets
ControlsControls
Policies
(Principles &
Objectives)
Policies
(Principles &
Objectives)
Laws &
Regulations
Laws &
Regulations
IT StrategyIT Strategy
achieved
through
guides
informs
informs
requires
protects
ThreatsThreats
VulnerabilityVulnerability
exposed
to
has
specific
affects
may
lead to
impacts

25. Confidential Slide 25
ISRM Framework
PHASE PROCESS OUTPUT
Define
Objective: Study current state enterprise IS View of the current
state of the basic
elements of
information security in
the considered
enterprise
Input: Collect information about enterprise basic elements
Assets Tangible/intangible/owner/location
Threats Deliberate/accidental/natural
Vulnerabilities Technical/organizational
Controls Existing/planned
Identify
Objective: Assess the current state of information security View of the critical
assets, associated
with the assessment
of the threats &
vulnerabilities they
are facing, and with
the security controls
used
Input: Define stage outputs/expert or owner view
Assets Valuation (direct/indirect), Identify key components
Manpower, information systems & facility
Threats/assets Possible damage it may cause.
Vulnerability/asset Weakness in the security measures and identify
risk
Controls / assets Identify control currently in use
Requirements Confidentiality/Availability/Integrity
Assess
Objective: Find the gap between the current state and the required state of
protection
View of the gap
between security
requirements and the
current state of
security, considering
all critical assets
Input: Assessment of enterprise current state from “measure” phase; and
“required security protection criteria
Identification Control gap analysis
Evaluation Evaluate impact of the current state of security
versus required one
Gap Determination of the security gap that needs to be
closed, so that the required improvement is
achieved

26. Confidential Slide 26
PHASE PROCESS OUTPUT
Plan
Objective: Specify required improvements to close the gap between the current
state and required state
View of a plan of
action of what
should be done to
close the gap and
achieve the
required security
Input: Required state and current state
Directions Development of directions to close the security
gap and achieve the required improvement.
Recommended controls.
Cost-benefit analysis and selection of controls
Plan Designing an action plan that follows the
directions.
Implementation & risk treatment
Implement,
Monitor & Control
Objective: Implement improvement, monitor and evaluate; repeat process.
Implementation of
the plan,
operation,
performance,
process activation
Input: Action plan for improvement
Implementing The action plan for improvement
Monitoring The changing state
Documentation Documenting the work
Re-initiating Continuous process
ISRM Framework

27. Confidential Slide
Section 4Section 4
27

28. Confidential Slide
Insurance Risk FrameworkInsurance Risk Framework

29. Confidential Slide 29

30. Confidential Slide 30
ERM Journey

31. Confidential Slide 31
 In view of the recent developments in the macro economic scenarios across the world,
it has become essential to find ways to improve capital efficiency of the insurance
companies without threatening solvency. Too much capital will reduce the capital
efficiency and too little capital may threaten the solvency. Economic capital is a way of
ensuring proper balance between capital adequacy and capital efficiency. Economic
capital is the amount of capital required to keep the balance sheet solvent on a going
concern basis under a stress event.
 “Sufficient surplus to cover potential losses at a given risk tolerance level over a
specified time horizon.”
Economic Capital- The journey ahead

32. Confidential Slide 32
Determining Economic Capital- The journey ahead
Determining Economic Capital
+
–
Selected risk
tolerance
Ranked distribution of present values of future profits from each simulation
Cumulative probability
0
$m
Economic Capital: At the enterprise level, EC is typically
defined as “Sufficient surplus capital to
cover potential losses at a given risk
tolerance level, over a specified time
horizon”
Source: Tillinghast
Types of Risks to be considered
Insurance Operational Market Credit Liquidity

33. Thank you