Riggin, Donald J
Enterprise Risk Management (ERM) is an approach designed to provide an understanding of how risk affects every facet of an organization. Its primary assumption is this: Risks managed together produce different outcomes than risks managed separately. The goals of ERM are straightforward: (1) reduce the volatility inherent in all risks, and (2) protect shareholder value. Almost everyone agrees on these goals.
One of the problems with ERM, however, is its inherent lack of form. In much the same way that some viruses are able to mutate into new vaccine-resistant strains, it has proven extremely difficult to package ERM into a recognizable form. Every major insurance broker, several large multiline insurers, and each of the remaining "Big 5" accounting firms offer versions (and definition) of ERM. The problem with this is that it's impossible to determine who's got it right. We've not yet established any baseline or standard understanding of what ERM is and how to implement it. Not that we haven't tried; not a month goes by without at least one article on ERM appearing in one or more insurance trade publications. But since no obviously superior ERM model has emerged, we're left to our own devices to figure it all out.
For the moment, let's assume that we can agree on a definition of ERM. According to Tillinghast Towers Perrin, the actuarial and consulting firm:
"ERM is a rigorous approach to assessing and addressing the risks from all sources that threaten the achievement of an organization's strategic objectives."
When it is parsed out, this definition can reveal much about what ERM really is and offers clues to what ERM can do.
"A rigorous approach to assessing and addressing risks from all sources"
This expression is intentionally vague. However, it suggests a wide range of activities designed to accomplish the goal of protecting the organization's strategic objectives. Risk identification techniques, such as risk mapping (for an example of risk mapping, see the ERM column in the November 2001 issue of Rough Notes), and stochastic modeling exercises are examples of analytical tools used to reveal efficiencies inherent in managing risks together (as opposed to separately). Note that we are talking about risks from all sources. This means not just traditionally insurable risk, but all of the risks associated with managing a business. These include financial risks such as foreign exchange and interest rates, operational and event risks of all types, including that which can be insured, and strategic risks.
Modern portfolio theory suggests that the volatility associated with a diverse portfolio of risks is lower than that associated with the same risks managed separately. Volatility is the term used to describe the degree of uncertainty inherent in any risk. Retained risk has a certain amount of volatility, but insured risk has none-- its volatility is reduced to zero (for the insured). In a diversified portfolio, the costs of managing higher-risk activities can be offset (hedged) by the costs associated with managing lowerrisk activities.
Another function of portfolio theory is non-correlation. Risks that do not correlate, i.e., are triggered by entirely different loss-producing events. also hedge one another. For example, the risks associated with employee safety workers compensation) and fluctuations in commodity prices do not correlate. If both risks were managed within the same risk financing portfolio, the combined volatility would theoretically be lower than that associated with each risk separately. Less volatility means greater predictability. When losses are more predictable, they can be managed and financed with greater efficiency and at less cost. It is important to understand that these applications do not lower loss expectancy. Actuarially expected losses remain unchanged. What is affected is the volatility of the expected losses, i.e., the likelihood that the loss projections will prove correct.
Managing risks together can produce another benefit beyond those provided by the portfolio effect described above. The occurrence of two or more loss-- producing events within a relatively short time frame can result in a loss greater than the apparent sum of each event. In the past, this additional loss effect was considered just another cost of doing business.
For example, ABC Manufacturing's major assembly plant burned to the ground (an event/operational risk), and the Federal Reserve raised short-term interest rates during the same month (a financial risk). The plant's damage and business interruption costs were insured subject to significant deductibles (funds that would have to be paid from already meager cash reserves). ABC hedged its interest rate position using a standard options contract. The company would be effectively out of business for at least six months while the plant was being rebuilt. Even though the physical damage and continuing expenses were insured, ABC's banks decided to lower its credit rating in part because of its impaired cash position, thus sharply raising its cost of shortterm borrowing. The interest rate hedge responded to the Fed's shortterm rate increase, but it was insufficient to cover the increased borrowing costs. The final result was a charge against earnings, causing ABC to miss its next quarterly earnings projection.
"Achievement of an organization's strategic objectives"
Of all the things that can depress a company's shareholder value, missing the quarterly earnings target is by far the most prevalent. ERM can identify and neutralize many of the underlying causes of EPS shortfalls. In the above example, if ABC Manufacturing had recognized and planned for the dramatic increase in its short-term cost of money, it would have avoided having to make the charge against earnings, thus hitting its quarterly EPS target, and preserving shareholder value.
While the ultimate goal of enterprise risk management is the protection of shareholder value, shareholder value can be expressed in a variety of ways. For public companies, the most common expression of shareholder value is the stock price. For private companies, shareholder value is based on whatever is the shareholders) value, e.g., earnings growth, etc. While ERM is equally applicable regardless of the ownership structure of the firm, its greatest impact is on public companies. This is because public companies' performance is constantly being evaluated-by the shareholding public, Wall Street analysts, and often by the mass media. If a publicly traded company's quarterly earnings-pershare (EPS) does not meet analysts' expectations, shareholders invariably bail out, causing a reduction in the stock price.
Summary
Enterprise risk management is not a panacea, guaranteed to fix everything that's wrong, nor is it an incomprehensible fad that will soon fade from view. It is, however, a powerful new way of defining and managing risk for those companies willing to devote time and resources towards understanding it. But this is the tricky part-it's different for each firm that undertakes it. No two ERM initiatives are alike, just as no two companies are alike. The preservation of shareholder value may be the overarching goal, but each company has a different way of accomplishing it.
A large national retail chain, for example, might interpret ERM as a way to ensure that every person in the company who comes into contact with a customer is professional, efficient and courteous, because disaffected customers quickly become ex-customers. On the other hand, a bank's version of ERM might be more focused on financial and operational risks because they relate directly to financial performance and shareholder value. Enterprise risk management is a new phenomenon that clearly has tremendous potential to improve the performance of all companies, both public and private. In the wake of the mounting corporate scandals, e.g., Enron, WorldCom, et al., some view ERM as an ideal tool of enhanced corporate governance. If this is the case, ERM has a bright future indeed.
By Donald J. Riggin, CPCU, ARM
The author
Donald J Riggin, CPCU, ARM, is a risk management and insurance consultant with Schiff, Kreidler-Shell, Inc. in Cincinnati, Ohio. He also created, edits and writes the monthly journal, Financing Risk & Reinsurance, published by International Risk Management Institute, Inc. (IRMI). Don can be reached at (513) 977-3153. His e-mail address is driggin@sksins.com
Copyright Rough Notes Co., Inc. Oct 2002
Provided by ProQuest Information and Learning Company. All rights Reserved
No comments:
Post a Comment