Actuarial Standard of Practice No. 46

Risk Evaluation in Enterprise Risk Management 

STANDARD OF PRACTICE

TRANSMITTAL MEMORANDUM

September 2012

TO: Members of Actuarial Organizations Governed by the Standards of Practice of the Actuarial Standards Board and Other Persons Interested in Risk Evaluation in Enterprise Risk Management 

FROM: Actuarial Standards Board (ASB)

SUBJ: Actuarial Standard of Practice (ASOP) No. 46

This document contains the final version of ASOP No. 46, Risk Evaluation in Enterprise Risk Management.

Background

Enterprise Risk Management (ERM) has been defined by the Casualty Actuarial Society in 2003 as follows:

The discipline by which an organization in any industry assesses, controls, exploits, finances and monitors risks from all sources for the purpose of increasing the organization’s short- and long-term value to its stakeholders.

This definition was also adopted by the Society of Actuaries in 2005.

Enterprise Risk Management is a rapidly emerging specialty within the actuarial community and, with the new CERA risk management educational certification, could well become an area of practice for actuaries with no tie to traditional actuarial work. The CERA is a globally-recognized ERM designation supported by actuarial organizations in 12 countries with rigorous educational programs.

The ERM Task Force was formed in the fall of 2009 to revisit the need for ERM standards that was previously addressed by an earlier task force in 2007. In June 2010, the Task Force presented findings to the ASB and was then asked to go forward with the development of standards for two broad topics relating to ERM, Risk Evaluation and Risk Treatment.

In March of 2011, two discussion drafts on risk evaluation and risk treatment were posted to the ASB website. The ERM Task Force reviewed the comments received and based on those comments, began work on the development of exposure drafts of standards on risk evaluation and risk treatment for presentation to the ASB.

This ASOP considers the topic of risk evaluation. The process of risk evaluation is a fundamental part of risk management systems that are found in organizations. In this context, risk is intended to mean the potential of future losses or shortfalls from expectations due to deviation of actual results from expected results. Evaluation of expected losses and provisions for expected losses is a common actuarial task that is not considered directly by this standard.

This standard applies to enterprise risk evaluation performed by actuaries. Some organizations will face requirements and requests for assessment of the risk evaluation part of the risk management system, in order to evaluate whether their risk management systems are operating at a level that meets or exceeds professional standards. Regulators in some industries may want similar evaluations.

As described above, the ERM Task Force has also been actively working on a second proposed ASOP, Risk Treatment in Enterprise Risk Management. The second proposed ASOP considers the topic of risk treatment, which is the process of selecting and implementing actions to modify risks. Risk treatment is found in insurers, pension plans, other financial service organizations, and most businesses or organizations, and is typically a part of a risk management system. This second proposed ASOP was exposed with a comment deadline of September 10, 2012. The Task Force plans to present the proposed final standard on risk treatment to the ASB at its December 2012 meeting. Once the proposed ASOP, Risk Treatment in Enterprise Risk Management is adopted, the reference in section 1.2 of this ASOP No. 46 to proposed ASOP Risk Treatment in Enterprise Risk Management will be updated to reflect its adoption as final.

These two standards cover the risk evaluation and risk treatment activities within risk management work but do not cover other ERM practices that are performed by insurers, pension plans, other financial service firms, and other businesses or organizations. In the future, other standards may provide guidance for other aspects of actuarial professional services in ERM. These two topics were chosen because they cover the most common actuarial services performed within risk management systems of organizations.

These standards, as with all actuarial standards of practice, apply to the actions of individual actuaries, and not to their organizations, employers or clients.

Exposure Draft

The exposure draft of this ASOP was approved for exposure in April 2012 with a comment deadline of June 30, 2012. Twenty-five comment letters were received and considered in developing modifications that were reflected in this final ASOP. For a summary of the issues contained in these comment letters, please see Appendix 2. In general, the suggestions helped improve the clarity of the standard and did not result in substantive changes to the standard.

The ASB thanks everyone who took the time to contribute comments and suggestions on the exposure draft.

The ASB voted in September 2012 to adopt this standard.

 

Enterprise Risk Management Task Force

David N. Ingram, Chairperson

                      Maryellen J. Coggins                                          David Y. Rogers

                      Eugene C. Connell                                             Max J. Rudolph

                      Wayne H. Fisher                                               David K. Sandberg

                      Kevin M. Madigan                                              John W.C. Stark

                      Claus S. Metzner

 

Actuarial Standards Board

Robert G. Meilander, Chairperson

                      Albert J. Beer                                                    Thomas D. Levy

                      Alan D. Ford                                                      Patricia E. Matson

                      Patrick J. Grannan                                             James J. Murphy

                     Stephen G. Kellison                                            James F. Verlautz

The ASB establishes and improves standards of actuarial practice. These ASOPs identify what the actuary should consider, document, and disclose when performing an actuarial assignment. The ASB’s goal is to set standards for appropriate practice for the U.S.

 

Section 1. Purpose, Scope, Cross References, and Effective Date

1.1 Purpose

This actuarial standard of practice (ASOP) provides guidance to actuaries when performing professional services with respect to risk evaluation systems, including designing, developing, implementing, using, maintaining, and reviewing those systems.

1.2 Scope

This standard applies to actuaries when performing risk evaluation professional services for the purposes of enterprise risk management (ERM).

Risk evaluation is often performed as one part of an ERM control cycle. Within a typical ERM control cycle, risks are identified, risk are evaluated, risk appetites are chosen, risk limits are set, risks are accepted or avoided, risk mitigation activities are performed, and actions are taken when risk limits are breached. Risks are monitored and reported as they are taken and as long as they remain an exposure to the organization.

This standard focuses on five aspects of risk evaluation: risk evaluation models, economic capital, stress testing, emerging risks, and other risk evaluations. Guidance for activities related to risk treatment is addressed in proposed ASOP, Risk Treatment in Enterprise Risk Management.

This standard does not apply to actuaries when performing risk evaluation professional services that are not for the purposes of ERM. Examples of risk evaluation services that may be performed for purposes other than ERM include pricing of insurance products, and the evaluation of liabilities of insurers and pension plans.

If the actuary departs from the guidance set forth in this standard in order to comply with applicable law (statutes, regulations, and other legally binding authority), or for any other reason the actuary deems appropriate, the actuary should refer to section 4.

1.3 Cross References

When this standard refers to the provisions of other documents, the reference includes the referenced documents as they may be amended or restated in the future, and any successor to them, by whatever name called. If any amended or restated document differs materially from the originally referenced document, the actuary should consider the guidance in this standard to the extent it is applicable and appropriate.

1.4 Effective Date

This standard is effective for any professional services with respect to risk evaluation in enterprise risk management performed on or after May 1, 2013.

Section 2. Definitions

The terms below are defined for use in this actuarial standard of practice .

2.1 Economic Capital

The amount of capital an organization requires to survive or to meet a business objective for a specified period of time and risk metric , given its risk profile.

2.2 Emerging Risk

New or evolving risks that may be difficult to manage since their likelihood, impact, timing or interdependency with other risks are highly uncertain.

2.3 Enterprise Risk Management

The discipline by which an organization in any industry assesses, controls, exploits, finances and monitors risks from all sources for the purpose of increasing the organization’s short- and long-term value to its stakeholders.

2.4 Enterprise Risk Management Control Cycle

The continuing process by which risks are identified, risks are evaluated, risk appetites are chosen, risk limits are set, risks are accepted or avoided, risk mitigation activities are performed, and actions are taken when risk limits are breached.

2.5 Organization

The entity for which ERM is being performed. Examples include public or private companies, government entities, and associations, whether for profit or not for profit.

2.6 Risk

The potential of future losses or shortfalls from expectations due to deviation of actual results from expected results.

2.7 Risk Appetite

The level of aggregate risk that an organization chooses to take in pursuit of its objectives.

2.8 Risk Evaluation System

A combination of practices, tools, and methodologies within a risk management system used to measure the potential impacts of risk events on the performance metrics of an organization.

2.9 Risk Limit

A threshold used to monitor the actual risk exposure of a specific unit or units of the organization to ensure that the level of aggregate risk remains within the risk tolerance .

2.10 Risk Management System

A combination of practices, tools and methodologies that an organization uses to identify, assess, measure, mitigate, and manage the risks it faces during the course of conducting its business.

2.11 Risk Metric

A measure of risk. Examples include value at risk, expected policyholders deficit, and conditional tail expectation.

2.12 Risk Mitigation

Action that reduces the frequency or severity of a risk.

2.13 Risk Profile

The risks to which an organization is exposed over a specified period of time.

2.14 Risk Tolerance

The aggregate risk-taking capacity of an organization.

2.15 Scenario Test

A process for assessing the impact of one possible event or several simultaneously or sequentially occurring possible events on an organization’s financial position.

2.16 Stress Test

A process for measuring the impact of adverse changes in one or relatively few factors affecting an organization’s financial position.

Section 3. Analysis of Issues and Recommended Practices

3.1 Risk Evaluation

An actuary may be called upon to evaluate risk in many contexts, using various tools such as economic capital models and stress and scenario tests. In performing services related to risk evaluation, the actuary should consider, or may rely on others who have considered, the following:

a. information about the financial strength, risk profile, and risk environment of the organization that is appropriate to the assignment. Such information may include the following:

1. the financial flexibility of the organization;

2. the nature, scale, and complexity of the risks faced by the organization;

3. the potential differences between the current and long-term risk environments;

4. the organization’s strategic goals, including goals for the level and volatility of profits, both short term and long term;

5. the interests, including the risk/reward expectations, of relevant stakeholders. These stakeholders may include some or all of the following: owners, boards of directors, management, customers, partners, employees, regulators and others potentially impacted by the organization’s management of risk;

6. regulatory or rating agency criteria for risk levels and the implications of potential risk levels on the continuation of business operations as reflected in ratings or other external measures of security;

7. the degree to which the organization’s different risks interact with one another; actual and perceived diversification benefits; and dependencies or correlations of the different risks;

8. limitations to the fungibility of capital across the organization; and

9. the extent to which the organization’s exposure to risks may differ from the exposures of its competitors.

The actuary may rely on management’s opinions of the risk environment, may form an independent opinion of the risk environment, may rely on a third party’s evaluation of the risk environment, or may infer a risk environment from current conditions (such as market prices and political climate, among others).

b. information about the organization’s own risk management system as appropriate to the assignment. Such information may include the following:

1. the risk tolerance of the organization;

2. the risk appetite of the organization. This may be explicit or inferred from objectives of the organization including those related to solvency, market confidence, earnings expectations, or other objectives;

3. the components of the organization’s enterprise risk management control cycle;

4. the knowledge and experience of the management and the board of directors regarding risk assessment and risk management; and

5. the actual execution of the organization’s enterprise risk management control cycle including how unexpected outcomes are acted upon.

c. the relationship between the organization’s financial strength, risk profile, and risk environment as identified in (a) above, and the organization’s risk management system as identified in (b) above. If in the actuary’s professional judgment, as appropriate to the assignment, a significant inconsistency exists, then that inconsistency should be reflected in the risk evaluation.

d. the intended purpose and uses of the actuarial work product.

3.2 Considerations Related to Risk Evaluation Models

In developing, reviewing, or maintaining models used in risk evaluation, the actuary should consider, or may rely on others who have considered, the following:

a. whether the models are fit for the purpose. In making that determination, the actuary may review the following:

1. the degree to which the models need to be reproducible and adaptable to new risks;

2. the sophistication of the models in proportion to the materiality of the risks they cover;

3. the practical considerations for the models, including usability, reliability, timeliness, process effectiveness, technological capabilities, and cost efficiency;

4. the inherent statistical and theoretical limitations of the models;

5. the quality, accuracy, appropriateness, timeliness, and completeness of data underlying the models;

6. the appropriateness of the methodologies used for model verification and validation, calibration, and sensitivity testing;

7. the appropriateness of the methodologies used for modeling dependencies among risks; and

8. the appropriateness of the cash flow and discounting methodologies used in the models.

b. whether the model assumptions are appropriate. In making that determination, the actuary should consider the following:

1. whether the assumptions are supportable, appropriately documented, and allow for deviations from the expected;

2. whether the assumptions are regularly revisited to determine their appropriateness; and

3. whether the assumptions that explicitly reflect anticipated management actions in response to future events are supportable and appropriately documented.

3.3 Economic Capital

Within ERM programs, actuaries are often called upon for assistance in determining the economic capital of the organization.

3.3.1 Considerations Relating to an Economic Capital Model

In performing actuarial tasks relating to designing, developing, and reviewing an economic capital model, the actuary should consider the following, if appropriate to the assignment:

a. the appropriateness of the selected time frame, basis of measuring loss (for example, solvency, regulatory standards, earnings loss, reputation damage), and risk metric underlying the organization’s definition of economic capital relative to how it is used to support strategic decisions;

b. the degree to which the economic capital model reflects the significant risks of the organization and the interdependencies of those risks in a consistent and comprehensive manner; and

c. the appropriateness of the method used to model each risk. Some risks are more appropriately modeled stochastically while others may be more appropriately modeled using stress tests.

3.3.2 Reliance on Accounting Framework

The actuary’s references to and reliance on accounting frameworks in an economic capital model should be consistent throughout the model and appropriate for the model’s intended use.

3.3.3 Methods

In determining economic capital, the actuary should select a method or combination of methods where the input(s) to the method(s) and the results of the method(s) are consistent with the tasks and considerations listed in sections 3.1, 3.2, and 3.3.1. Examples of methods include the following:

a. Stress Tests—A specific degree of adversity is assumed and the financial impact of that adverse experience upon the organization is estimated by the actuary.

b. Stochastic Models—A distribution of possible future outcomes is determined either directly or through a model that calculates the impact of a risk assumption on the financial outcomes. Using stochastic models for economic capital requires the specification of a confidence interval.

c. Reference to Standard Measures—Regulatory and rating agency capital models produce standard risk metrics. Definitions of economic capital sometimes make reference to required regulatory and rating agency capital.

3.3.4 Assumptions

The actuary should use professional judgment in the selection of assumptions, recognizing that economic capital models often focus on perceived remote, highly unlikely conditions or losses that might be experienced by an organization. In forming that judgment, the actuary should consider the following, if appropriate:

1. historical data available;

2. prices in the marketplace;

3. opinions of other experts;

4. the fit of the assumed distribution to available data;

5. the ability of the assumed distribution to reflect possible extreme values;

6. sensitivity of results to changes in assumptions;

7. internal consistency of the assumptions; and

8. consistency in the application of assumptions.

3.3.5 Validation of the Economic Capital Model

Economic capital is often determined based on the results of stochastic models that produce a large number of outcomes. The actuary should devise appropriate tests of the distribution of outcomes calculated by the model (for example, in comparison to the range of results in similar models or to historical outcomes over time) and the sensitivity of those distributions to changes in the assumptions and parameters. The actuary should also perform validation tests to determine whether the model results are reasonably consistent with relevant items of the underlying balance sheet and income statements of the organization.

3.3.6 Disclosure

The actuary should comply with the disclosure requirements outlined in section 4.1.1.

3.4 Stress and Scenario Testing

Stress and scenario tests are used for many risk management and regulatory purposes.

3.4.1 Considerations Relating to Stress and Scenario Tests

The actuary should consider the following, if appropriate to the assignment:

a. the extent to which various stress tests reflect similar or different degrees of adversity. Using different degrees of adversity may affect the comparability of stress tests;

b. any items in the organization’s business plan that describe how the organization will function during an extreme event(s) as well as any historical organizational examples;

c. that an extreme event scenario may be a single event or a series of events that, taken together, have catastrophic results;

d. how actions and reactions of various stakeholders and markets during extreme events may differ from those during “normal” times;

e. whether the assumed interdependencies are appropriate under the stress or scenario testing assumptions due to the possibility of unanticipated consequences when risks interact in ways not seen historically;

f. how to define situations that result in a non-quantifiable risk and how to show plausible financial effects on the organization; and

g. that some stress and scenario tests will be hypothetical situations for which the actuary will not need to validate the degree to which the scenario is realistic.

3.4.2 Methods

A basic requirement for a stress or scenario test is a forecasting process or system. The actuary should consider whether the objectives of the stress or scenario test will be accomplished based on the forecasting process or system used. Approaches that may be used for stress and scenario testing include the following:

a. Models of Single Subsystems of the Organization—Some very simple stress tests can be performed by modifying a single element that is being stressed. However, in most cases, even the simplest stress test requires the consideration of interdependencies throughout the organization. The results from various sub-models may be consolidated.

b. Fully Integrated and Automated Forecasting Model—Economic capital models or business forecasting models may already be designed to reflect the interdependency of various elements or assumptions.

3.4.3 Assumptions for Stress Tests

The type and degree of stress for the stress test may be specified by others. Alternatively, the actuary may be called upon to identify the stresses that are important to the organization and to set assumptions regarding the type and degree of stress to be tested. In either case, the actuary should form a perspective regarding the ways that the defined stress impacts upon various elements of the organization, including consideration of the following:

a. Effect on Other Assumptions—Many assumptions may differ significantly from their baseline values because of the defined stress.

b. Management Responses—During an extreme event, management may delay decisions or make quick decisions that are inconsistent with business plans or prior practice.

c. Regulatory and Legislative Reactions—Regulatory capital limits may be changed and organizations may have an immediate need for additional capital.

d. Risk Mitigation— Risk mitigation alternatives and mechanisms to utilize those alternatives may or may not be present or fully effective.

e. Time Element—Some secondary effects under a scenario might occur in a later time period than the stress itself.

3.4.4 Constructing Scenarios

Many different types of scenario tests are possible. In some cases, the broad outline of a scenario might be specified by others and the actuary would make assumptions for many details. In other cases, the actuary is responsible for determining appropriate scenarios to be tested.

a. The actuary should consider whether the scenarios need to be developed with consideration of the many different elements of the broad environment that might change from the baseline simultaneous with the main event under consideration.

b. In addition, the actuary should consider the other effects upon the organization as described in items (a) through (e) of section 3.4.3.

3.4.5 Disclosure

The actuary should comply with the disclosure requirements outlined in section 4.1.2.

3.5 Emerging Risks

In performing actuarial professional services regarding the evaluation of emerging risks, the actuary should consider the following:

a. the potential impact of emerging risks across various time horizons; and

b. the potential secondary effects from an organization’s assumed actions in light of the onset of an emerging risk. These secondary effects may also arise from actions taken by individuals or entities not affiliated with the organization whose risk are being evaluated.

The actuary should comply with the disclosure requirements outlined in section 4.1.3.

3.6 Other Risk Evaluations

In the course of managing risks in an ERM program, there are many situations where specific risk evaluations are performed to facilitate the monitoring and mitigation of key risks. These evaluations are used in risk treatment programs such as hedging, asset liability management, or reinsurance. The actuary should apply the guidance in sections 3.1 and 3.2 to these evaluations.

3.7 Specific Circumstances

Certain risk evaluations may be performed under significant time constraints and for use over a limited period of time. The actuary should use judgment as to the appropriate level of detail and the frequency of evaluation in consideration of this guidance.

3.8 Reliance on Data or Other Information Supplied by Others

When relying on data or other information supplied by others, the actuary should refer to ASOP No. 23, Data Quality, and ASOP No. 41, Actuarial Communications, for guidance.

3.9 Documentation

The actuary should prepare and retain documentation in compliance with the requirements of ASOP No. 41. The actuary should also prepare and retain documentation to demonstrate compliance with the disclosure requirements of section 4.

Section 4. Communications and Disclosures:

4.1 Actuarial Communication

When issuing an actuarial communication subject to this standard, the actuary should consider the intended purpose or use of the risk evaluation and refer to ASOP Nos. 23 and 41, and if applicable, ASOP No. 38, Using Models Outside the Actuary’s Area of Expertise (Property and Casualty). In particular, consistent with the intended use or purpose, the actuary should disclose the following, as appropriate:

4.1.1 Economic Capital and Economic Capital Models

The actuary should document and communicate the results of the economic capital model and their intended use, as described in section 3.3. The actuary should also disclose any known limitations of the economic capital model including an assessment of the potential impact of these limitations on model results and their use. The actuary should also disclose the time frame, the basis of measuring loss, and the risk metric.

4.1.2 Stress and Scenario Tests

The actuary should document and communicate the results of the stress and scenario tests and their intended use, as described in section 3.4. The actuary should also disclose any known limitations of the stress and scenario tests including an assessment of the potential impact of these limitations on results. The actuary should also disclose the time frame and the basis of measuring loss.

4.1.3 Emerging Risks

The actuary should disclose the methodologies and sources of information for identifying and evaluating emerging risks, as described in section 3.5. The actuary should also disclose the time frame and the basis of measuring loss.

4.1.4 Changes in System/Process

The actuary should disclose any material changes in the system, process, methodology, or assumptions from those previously used for the same type of measurement. The general effects of any such changes should be disclosed in words or by numerical data, as appropriate.

4.1.5 Assumptions

The actuary should disclose the significant assumptions used in the risk evaluation such as accounting constructs, economic values, stand-alone or portfolio views of risk. The actuary should disclose the interdependencies among risks and statistical distributions used in the evaluation. The actuary should disclose any other significant assumptions used in the analysis, including anticipated future actions by management to manage or mitigate risks identified by the actuary.

4.1.6 Risks Included

The actuary should disclose the risks included in the risk evaluation and their relative significance. The actuary should also disclose known material risks not included and the rationale for not including those risks in the risk evaluation.

4.1.7 Model Validation

The actuary should disclose whether and how the modeled future economic conditions have been reviewed and tested for reasonableness. Items such as the sensitivity of the results to significant changes in the assumptions, time frame, basis of measuring loss, and risk metric may be disclosed.

4.1.8 Deviation from Guidance in the Standard

If the actuary departs from the guidance set forth in this standard, the actuary should include the following where applicable:

a. the disclosure in ASOP No. 41, section 4.2, if any material assumption or method was prescribed by applicable law (statutes, regulations, and other legally binding authority);

b. the disclosure in ASOP No. 41, section 4.3, if the actuary disclaims responsibility for any material assumption or method in any situation not covered under section 4.2.1 above; and

c. the disclosure in ASOP No. 41, section 4.4, if the actuary otherwise deviated materially from the guidance of this ASOP.

Appendix 1 – Background and Current Practices

Note: This appendix is provided for informational purposes, but is not part of the standard of practice.

Background

Enterprise Risk Management (ERM) has been a developing area of practice for actuaries for over 10 years. In 2001, the Casualty Actuarial Society (CAS) Advisory Committee on Enterprise Risk Management produced a report that recommended areas of research and education that were needed by actuaries entering this emerging field. In 2002, the Society of Actuaries (SOA) formed a Risk Management Task Force that wrote guides to Economic Capital and Enterprise Risk Management practice as well as initiating several research projects. In 2004, the task force evolved into a new Risk Management Section of the Society of Actuaries and became the first and largest joint activity in 2005 when it became the Joint Risk Management Section co- sponsored by the SOA, CAS, and the Canadian Institute of Actuaries (CIA). The Joint Risk Management Section has been tightly linked with an annual ERM Symposium event that started as a joint activity of the SOA, CAS, and the Professional Risk Managers’ International Association (PRMIA), a non-actuarial risk management organization.

Enterprise Risk Management is also becoming a standard practice of many organizations that employ actuaries and its use has been steadily spreading. Poor ERM practice has been blamed by many for some or all of the ills of the 2008-2009 Global Financial Crisis. The G20 heads of state have called for significant improvements to risk management practices in the financial sector and have charged the Financial Stability Board and the International Monetary Fund to take steps to promote and sometimes require better risk management practices from financial sector firms.

The International Association of Insurance Supervisors has responded to that by promulgating an Insurance Core Principle paper on Enterprise Risk Management requiring insurance regulators to promote ERM practice and self assessment of solvency needs by insurers globally. The National Association of Insurance Commissioners has developed a new requirement for an Own Risk and Solvency Assessment (ORSA) process that includes an assessment of risk management practices for larger insurers and the New York State Insurance Department has recently (December 2011) published a requirement that all insurers domiciled in the state must adopt an Enterprise Risk Management regime.

At the most fundamental level Enterprise Risk Management can be understood as a control cycle. Within a typical risk management control cycle, risks are identified, risks are evaluated, risk appetites are chosen, risk limits are set, risks are accepted or avoided, risk mitigation activities are performed, and actions are taken when risk limits are breached. Risks are monitored and reported as they are taken and as long as they remain an exposure to the organization. This cycle can be applied to specific risks within a part of an organization or to an aggregation of all risks at the enterprise level.

Risk evaluation has long been a part of actuarial practice. Actuarial risk evaluations were long used by insurers to assess their capital needs and pricing for risks. Actuarial risk evaluations have also long been used and continue to be the objective functions in risk mitigation activities such as reinsurance, asset liability management and hedging within risk treatment programs. Risk evaluation is a key activity of the new ERM practice. An economic capital model has become a new standard tool for ERM programs. Stress tests are another risk evaluation process that has long been used by actuaries that has recently reemerged as a primary tool for ERM. The risk evaluation activities of actuaries in all of these situations are the subject of this standard.

Actuarial services relating to risk treatment activities, specifically risk appetites, tolerances and limits as well as risk mitigation activities are considered in another standard on risk treatment in ERM.

Current Practices

Actuaries build, operate and maintain complex internal models for determination of economic risk capital using stochastic techniques to analyze long-term contingent liabilities and the associated value at risk or conditional tail expectation and develop and implement schemes to allocate the capital in a way that supports corporate goals for risk adjusted return. Actuaries have a central role and in many cases are the sole professionals involved in the preparation of these risk evaluations. Actuaries are also called upon to review economic capital models prepared by actuaries or by others professionals, to provide or review the assumptions underlying an economic capital model, document an organization’s economic capital model; analyze the impact of a strategic decision on an organization’s economic capital; recommend allocations of economic capital to units within an organization; and opine on the appropriateness of an organization’s economic capital model relative to the organization’s risk profile, risk tolerance, risk appetite or risk limits.

Actuaries also perform stress tests and other risk assessments for financial and other entities for the purposes of assessing the resiliency of the entity, for determining the effectiveness of risk mitigation activities and for reporting to regulators. Stress tests are increasingly important to prudential supervision of insurers as regulators find them to be a good way to ensure some consistency in risk evaluation and to better communicate a very complex topic. Actuaries may be asked to give opinions about the appropriateness of an organization’s actual level of capital based upon stress tests.

Stress tests performed by actuaries are also used by organizations as a component of or to validate economic capital models, to set risk limits and as an aid in forming and communicating organization strategy.

Emerging risks are an important focus of the risk management programs of some organizations. Actuaries assist with the processes that organizations employ to assess their exposure to emerging risks. The actuary may be called upon to help with or perform tasks relating to identification and monitoring of emerging risks, propose or execute actions to be taken in the event of the onset of such risks and to analyze the impact of emerging risks on the stakeholders of the organization.

Actuaries also perform risk evaluation for a variety of other purposes. The actuary may be called upon to do the following:

  • perform or review a risk evaluation of an entity prepared as part of merger and acquisition activity;
  • perform or review a risk evaluation of a portion of an organization’s business (for example, business unit or block of business) as part of a decision to buy/sell this portion of the business;
  • perform or review a risk evaluation by a regulatory agency as part of an audit or an investigation;
  • perform or review a risk evaluation by a rating agency as part of its rating process;
  • perform or review a risk evaluation for a public entity’s obligations; and
  • perform or review a risk evaluation of an organization’s strategic plans and goals.

Appendix 2 – Comments on the Exposure Draft and Responses

The first exposure draft of this ASOP, Risk Evaluation in Enterprise Risk Management, was issued in April 2012 with a comment deadline of June 30, 2012. Twenty-five comment letters were received, some of which were submitted on behalf of multiple commentators, such as by firms or committees. For purposes of this Appendix, the term “commentator” may refer to more than one person associated with a particular comment letter. The ERM Task Force carefully considered all comments received and the ASB reviewed (and modified, where appropriate) the proposed changes.

Click here to view Appendix 2 in its entirety.

Print Friendly, PDF & Email
LinkedInTwitterFacebookMore...