This presentation was given in International Management Institute (IMI), New Delhi on 19th May 2017. This was given to the One year Executive management students.

1. International Management Institute (IMI)
New Delhi
SONJAI KUMAR,
Vice President- Business Risk
Aviva India Life Insurance
1
Disclaimer: Views expressed in this presentation are mine and not necessarily of
my employer

2. Contact Details
Name: Sonjai Kumar
Mobile: 9810389622
Email: sonjai_kumar@hotmail.com
https://www.linkedin.com/in/sonjaikumar/
Website: www.risk-management.in
2

3. Question
 An European insurance Company looking to diversify
their risks and increase in profit for further expansion
in Asia, looking to enter into the Indian Insurance
market.
 The Company believes that they have technical
expertise and historic experience of running
insurance business which they can leverage.
 You are a Chief Risk Officer of the above insurance
Company; CEO is asking you to prepare a risk report
on the India entry proposal. What points you will
cover in your report?
3

4. Agriculture
4

5. Goals
1. What is risk
2. What is Risk Management
3. What is ERM
4. Process of Risk Management
5. Use of risk management in Decision making
5

6. 6

7. What is Risk?
1.Effcet of uncertainties on objective.
2. Uncertainty- leads to
 Adverse outcome
 Always adverse- Hazard Risk-Earthquake, Natural calamities
 Sometimes adverse- Control Risk-Stock market movement
 Favorable outcome- Opportunities
3. Objective: Goal is set by the business entity or individual
to make a progression in life or business or anything.
7

8. Examples of Risks
1. Risk of IT guys losing jobs
2. Whether the country would achieve the
target GDP
3. What will be the impact of GST
4. Risk of ill-health
5. Risk of accident
6. Risk of bank losing money
7. Theft
8

9. Why Risk Management?
“Risk management is to help
organizations to identify,
understand and manage their
risks and opportunities, and
thereby increase the likelihood of
achieving their objective by
reducing uncertainty “
9

10. Example of risk management
10
In the late 1990s, Swedish-owned Ericsson was one of the big international players in the mobile phone industry, together
with the Finnish company Nokia
On March 17, 2000, a small fire hit a microchip plant owned by Philips, the Dutch company. The plant supplied chips to
both Ericsson and Nokia, and the smoke and water damage from the small and easily contained fire contaminated millions
of chips — almost the plant’s entire stock.
Risk management actions (protection) should be evaluated against risk costs (impact and consequences), to avoid over /
under - action or over / under - insurance against incidents.
Risk exposure always has a price, and as a company one should think through what price (or rather cost, as in disruption
cost) that is acceptable or not.
Synopsis
What
happened
Conclusion
One of the most famous (or rather infamous) cases is the fire at the Philips microchip plant in Albuquerque, New Mexico,
in 2000, which simultaneously affected both Nokia and Ericsson. However, both companies took a very different approach
toward the incident
The incident turned disaster cost the Swedish company $400 million in lost sales, and it had to quit the mobile-phone
business, leaving Nokia to cement its position as the European market leader
Nokia acted swiftly and moved to tie up spare capacity at other Philips plants and every other supplier they could find. They
even re-engineered some of their phones so they could take chips from other Japanese and American suppliers. Ericsson,
meanwhile, had accepted early assurances that the fire was unlikely to cause a big problem, and settled down to wait it
out. When they realized their mistake it was too late: Since Ericsson a few years earlier had decided to buy key components
from a single source to simplify its supply chain, Ericsson now had to face the bitter realization that it had no other source
of supply. Nokia had already taken it all. Single sourcing may have its benefits, but it has its costs, too. Ericsson lost many
months of production, and hence many sales in a booming market that could now be dominated by Nokia. Bummer.
Eventually Ericsson merged with Sony in order to survive, and eventually I too had to switch back to Nokia.

11. 11

12. 12

13. What is ERM
1. ERM is risk management applied across
the Company
2. Only Risk Management team is not
responsible for management of risk, why?
3. Who sets the objectives?
4. Who owns the objectives?
5. Whose responsibilities is to achieve the
objectives and reward?
6. Who will understand the risk?
13

14. ERM
1. ERM is integration of Risk strategies and risk management
across the Company.
2. Ownership of risk- Board-CEO-CRO
3. Risk Policies owned by the Board
4. Each department have risk objectives to meet their business
objectives
5. Implementation of risk policies-CRO
6. Instead of defensive control oriented approach of downside
risk and earning volatility, the idea of ERM is to optimize
business performance by optimally allocation of resources
through risk based decision making to make risk
management as an offensive tool.
14

15. How ERM makes a Difference
1. Diversification effect through correlation of risks
2. Minimize losses and unpleasant surprises
3. Better risk transfer arrangement
4. Understand the link between business growth, risk
and return
5. Better allocation of Capital
6. Impact on valuation of the Company
7. Regulatory requirement
8. Reduce earning volatility- Stable flow of income
9. Shareholder’s value addition
15

16. Corporate Governance
16

17. Three Line of Defence Model
17

18. Role of Risk Management Team
1. Not subject matter experts
2. Review and Challenge on all risks, decisions
3. Help in Risk Based decision making
4. Provide Oversight risk management
5. Implement Risk policies
6. Help set risk appetite
7. Review overall risks
8. Take matter to Risk Committees/Board
9. Highlight any burst in risk appetite and what
actions to take
18

19. 19

20. 20

21. Risk Identification
1. First step in the direction of risk management
2. I know what I Know
3. I know what I don’t know
4. I don’t know what I know
5. I don’t know what I don’t know
6. Issues versus Risk
1. Cause and Effect
7. Look at the sources of the risks
8. Methods: Brainstorming, SWOT analysis, SST,
Workshop, questionnaire etc
9. Identified risks are placed in the risk register for further
action
21

22. Example of Risk Identification
1. What are the risk, if a person aged 55 looking for
retirement corpus investing all his savings in
booming stock market?
2. What is the risk to this person from movement in
the exchange rate?
3. What is the risk to this person, if urbanization
increases?
22

23. Risk Measurement
1. How would you prioritize the risk for management to take
action ?
2. Assess the likelihood/Probability- Chance of happening of
event
3. Assess the impact- Financial Impact on the Company due to
happening of risk event
4. Overall Quantification= Probability * Impact
5. Qualitative and Quantitative approach
6. Qualitative- Low/Medium/High
7. Quantitative- Statistical Distribution
8. Methods: Standard deviation; Value at Risk; Sensitivity
Analysis; Stress and Scenario Testing
23

24. Example of Risk Measurement
1. How would you measure the risk in the
previous page of person aged 55?
2. How to measure the impact on GDP of
the country missing the targets?
3. How to measure the operational risk?
24

25. Risk Management
1. How to address the risk which is identified and measured in
a quest to meet objectives?
2. Need some management actions
1. Avoid the risk
2. Manage the risk
3. Transfer the risk
4. Accept the risk
1. The balance of the risk is the residual risk which should be
within the risk appetite of the Company.
2. If the risk is out of the appetite; may have to re-work on
the objectives or persuade shareholders pump more
money or drop the objective.
25

26. Example of Risk Management
26
Accept
Manage/
Mitigate
Transfer
Avoid

27. Risk Monitoring
1. Why to monitor this risk?
2. To test the effectiveness of the risk management
plan
3. To see the actual performance against the expected
4. To find Early warning signals
5. To take any remediation course
6. Change in assumption made at the time of risk
identification if the risk treatment is not
working
27

28. Examples Risk Monitoring
1. Mid year assessment of GDP progress
2. Progress of profit against the target
3. In insurance companies, actual claims experience is
observed against the expected
4. What is the current rate of interest against the one
used in the pricing
5. Dose the attrition rate as assumed in the plan
6. How is brand value is doing?
7. If there is a deviation against the expected line,
what action is required?
28

29. Risk Reporting
1. The previous steps are reported in different forms
depending on the level of reporting to assess the
risk management performance
2. Management information
3. Committee information and action
4. Board information and action
5. Press information
6. Regulatory disclosures
7. Public disclosures on Company website
8. Press disclosure
9. Requirements of Risk Based capital
29

30. Decision Making
1. What is decision making: Art of making choice,
given the risk information on IMMMR
2. Decision on what? Risk or Objective
30

31. Question
 An European insurance Company looking to diversify
their risks and increase in profit for further expansion
in Asia, looking to enter into the Indian Insurance
market.
 The Company believes that they have technical
expertise and historic experience of running
insurance business which they can leverage.
 You are a Chief Risk Officer of the above insurance
Company; CEO is asking you to prepare a risk report
on the India entry proposal. What points you will
cover in your report?
31

32. How we are placed on this?
1. What is risk
2. What is Risk Management
3. What is ERM
4. Process of Risk Management
5. Use of risk management in Decision making
32