logotype

 

Enterprise Risk Strategies

What is ERM? Enterprise risk management (ERM) is the new catchphrase for a methodical, disciplined and holistic approach to all-things-risk within a financial institution. This emerging and evolving discipline still lacks much in the way of formal regulatory guidance, even though ERM has been identified as a key focus of the regulatory agencies.

The Navis Group is one of the early pioneers in this area, having worked with many institutions on a myriad of ERM issues and approaches. Our work aims to help clients to make ERM an efficient value-adding effort.

The Navis Group has developed an Excel-based approach to manage and capture the breadth of enterprise risk management. Based on a process centricity, we have assisted SOX, FDICIA, and "best-practicers" with coordinating their risk efforts toward the goal of Efficient Risk Management.

Projects have included organizational architecture decisions; i.e. risk’s “place” in the orgchart. We have also assisted with risk committee charters, committee composition and meeting content, as well as board and management education. In one instance, we served as interim CRO while the Risk Department built out, and in many instances, we are a regular contributor to client risk committee meetings.

The CRO's Role

As banks consider the formalization of the risk role within the institution, a common consideration is the assignment (or not) of a Risk Manager or Chief Risk Officer (CRO). The answer is many times asset-size-based, as smaller institutions rely on the nimbleness of their compact size; while larger institutions find a need to formally assign a risk role and/or department. Regardless of the structure, the enterprise risk issues exist, and to a large degree do not “scale”, as each institution must deal with the traditional risk silos; Interest Rate Risk, Vendor Risk, Compliance Risk, BSA Risk, Information Security, Technology Risk, Business Continuity, Disaster Planning, Operational Risks, Investment Risks, and of course, our core banking risk, Credit Risk.

 

Financial Reporting Controls

Banks with assets in excess of $1 billion as well as SEC-registered banks reaching a certain market capitalization level are subject to FDICIA and/or SOX financial reporting controls rules. Best-practice methodology is guided by COSO (Committee of Sponsoring Organizations).

Over the past years, The Navis Group has assisted institutions that are either reaching the relevant compliance threshold(s) or those institutions that are moving “old-school” approaches forward to best-practice compliance. Interestingly, in the latter case, we have found that banks had largely over scoped and therefore over tested the old FDICIA matrices, adding unnecessarily to the audit department’s schedule or budget.

We have developed an Excel-based approach, meeting the process-centric, financial statement component synchronization recommended as part of the COSO methodology. In some instances, we have project-managed the implementation of WolfPAC’s Financial Reporting Control module.