Enterprise risk management--a fading fad?
Moody, Michael J
Behind-the-scenes work is setting the stage for a surge in activity
ERM is now poised to earn its place in the future of risk management; and unlike the past 12 months, the next 12 months will see accelerated growth.
Over the past couple of years, enterprise risk management (ERM) had been touted as the cure for everything from balance sheet volatility to shareholder value. Consultants, brokers, and other risk management experts actively promoted it as the future of risk strategy and analysis for the 21st century. And then it appeared to drop off the face of the earth.
Companies that market ERM products have noticed a recent decline in interest. As John Ormerod, senior vice president and director of marketing-corporate customer, Zurich North America notes, "ERM has been a hot topic for the past couple of years; however, less so in the past 12 months." Having attended several risk management conferences over the past few months, I have observed firsthand the lack of ERM topics on the agenda.
So what has happened to this highly touted, holistic approach to risk management? Was it just an idea that consultants, brokers and others were promoting? Has today's hardening insurance market left it in the dust? Hardly! If anything, ERM is now poised to earn its place in the future of risk management; and unlike the past 12 months, the next 12 months will see accelerated growth.
Ormerod notes, "I think that the ERM concept was developed in anticipation of market demand and the demand has not emerged as quickly as was anticipated." He also adds that he believes "the demand still exists and will continue to increase over time."
Slow to spread
The ERM process got its start in the United States in financial institutions and quickly moved to insurance companies and other financial businesses. And then it appeared to plateau instead of spreading to other industry segments. There are several reasons why at this point, it has not spread to other industries.
In the ERM approach, risk identification and quantification take on a heightened role. It is vitally important that the key risks to which a corporation is exposed be identified and quantified. Risk mapping is critical to the success of the overall ERM approach. While sophisticated actuarial models have been developed for use with banks, insurance companies and other financial institutions, development of models that are appropriate to other corporate entities are just beginning to be introduced. And for many corporations, it is this lack of good risk assessment and quantification tools that has caused their hesitation.
Further, some large corporations that are interested in the concept have grappled with the issue of who should oversee the program. Jerry Miccolis, Tillinghast-Towers Perrin's ERM guru, commented on these organizational challenges in a recent article titled "Implementing Enterprise Risk Management: The Emerging Role of the Chief Risk Officer." Miccolis notes that corporate executives have tolerated a segmented approach to risk management, even knowing that it created barriers to exploiting natural hedges and sub-optimized the treatment of total risks. They continued this approach because they did not know what the appropriate organizational structure should be for implementing an ERM system. But competitive pressures and the emergence of a new top-level position have changed that perspective.
One of the organizational structures that has emerged over the past few years is to staff a single function, the chief risk officer (CRO), to oversee the company's ERM efforts. The position is an evolving one. Only half of the CROs worldwide have held their positions for more than a year. One significant barrier has been a lack of viable candidates for the job. Adding to this problem is the fact that many corporations have not even decided what the job should entail. Miccolis suggests that the CRO needs to be a facilitator, who is able to be involved in such matters as creating a risk-aware culture, bringing risk into strategic decision-making, communicating with stakeholders and advising corporate executives and managers.
There are many who would like to fill the CRO position, but few have taken steps to develop the skills needed to do the job. Two notable exceptions have begun to move to the front of the CRO candidate lists. These are members of the Institute of Internal Auditors (IIA) and the Casualty Actuary Society (CAS). Both of these groups have spent considerable intellectual capital on developing specific ERM educational programs for their members. A visit to either the IIA or the CAS Web sites will quickly show that both groups are offering ERM sessions or specific ERM tracks at their national educational events. This is in sharp contrast to some associations that have not made the needed commitment to the ERM movement. The Risk & Insurance Management Society (RIMS), for example, did not have a single ERM session at its recently completed national conference in New Orleans. Movement of well-trained IIA and/or CAS members will soon start to filter into the job market. This will ultimately raise the bar for professional credentials for the CRO position and effectively limit others from consideration.
So in the future, both the tools and the trained professionals will be available to corporations to effectively implement proactive ERM programs. But this does mean there will be a time lag for implementation, particularly at the large Fortune 500 companies. However, smaller and mid-sized companies are ready now. Most of these companies already have just one person who is responsible for risk, normally the CFO who, in effect, is acting as the CRO.
Smaller companies offer a strong opportunity
Smaller corporations clearly represent the best opportunity to institute an ERM program, and agents should be helping them with this effort. The CFO, who is probably reeling from the bad news being delivered on the premium side, would welcome an opportunity to look at the value creation aspects of ERM. And they enjoy the significant advantage over larger corporations of not having to fight the turf battles that siloed risk management at larger corporations will produce.
Events of the past 12 months also speak quite loudly for an ERM approach to risk management. While the consequences of 9/11 have brought a sharper focus to our view of ultimate loss potential, it will be the events surrounding the Enron bankruptcy that will propel the ERM concept. In that regard, the National Association of Corporate Directors (NACD) already sees the handwriting on the wall. They noted in a recent issue of Director's Monthly Extra that the wave of proposed legislative reforms from the Bush Administration, as well as from Congress, will force boards to confront risk issues head on. Unfortunately, a recent survey of NACD members found that only 37% said their organizations had a formal risk management process.
However, boards across the country are currently working towards cleaning their financial houses, and have taken the following actions subsequent to Enron:
* Understanding the risks and disclosing the details of derivative deals, off-balance sheet liabilities and other complex financial transactions; transparency has become a top priority,
* Developing enterprise-wide risk management policies and procedures, and
* Assuring the independence of the external auditor.
The NACD notes that "directors should ask frank questions about how their organizations are managing risks." They also point out that the Treadway Commission has a study underway on risk management and it anticipates a release in 2003. This study is certain to put further emphasis on the development and implementation of ERM programs.
Summary
The current hardening insurance market, coupled with recent events, has left both insureds and insurers shell-shocked. Most insurers have headed back to their core competencies, while risk managers are planning how to survive the latest rounds of price increases. However, once the dust settles, both groups will begin to consider strategic responses to this marketplace. ERM is a natural selection for corporations that are concerned about strengthening the risk management program on a costeffective basis. And given the board's new interest in providing oversight to risk management issues, ERM should begin to make significant advancements.
As we have said before, ERM is the future of risk management. Once proper analytical tools have been developed and trained individuals are available to staff the function, ERM will begin to fulfill its promise. Until that time, it may be the mid-sized accounts that offer the best potential for successful ERM implementation.
By Michael J. Moody, MBA, ARM
The author
Michael J. Moody, MBA, ARM, is managing director of Strategic Risk Financing, Inc., (SuRF). SuRF is an independent consulting firm that has been established to advance the practice of enterprise risk management. The primary goal of SuRF is to actively promote the concept of enterprise risk management by providing current, objective information about the concept, the structures being used, and the players involved.
Copyright Rough Notes Co., Inc. May 2002
Provided by ProQuest Information and Learning Company. All rights Reserved
No comments:
Post a Comment