Skip Navigation Links.
Collapse IRMI OnlineIRMI Online
Expand How To Use IRMI OnlineHow To Use IRMI Online
My Paid Publications
Expand What's NewWhat's New
Expand DashboardsDashboards
Expand Commercial Liability InformationCommercial Liability Information
Expand Commercial Property InformationCommercial Property Information
Expand Commercial Auto InformationCommercial Auto Information
Expand D&O, PL, E&O, EPLI InformationD&O, PL, E&O, EPLI Information
Expand Workers Compensation InformationWorkers Compensation Information
Classifications and Cross-References
Collapse Risk Mgt. and Multiline InformationRisk Mgt. and Multiline Information
Expand Risk Management -- Why and HowRisk Management -- Why and How
Collapse Free Risk Management and Multiline CommentaryFree Risk Management and Multiline Commentary
Expand Brand Equity and Product RecallBrand Equity and Product Recall
Expand Catastrophe Risk ManagementCatastrophe Risk Management
Expand Corporate AviationCorporate Aviation
Expand Corporate Fraud PreventionCorporate Fraud Prevention
Expand Cyber and Privacy Risk and InsuranceCyber and Privacy Risk and Insurance
Expand Drafting and Interpreting Insurance PoliciesDrafting and Interpreting Insurance Policies
Collapse Enterprise Risk ManagementEnterprise Risk Management
Add Spreadsheets to Your Risk Inventory (July 2009)
The Role of the CIO in the Risk Intelligent Enterprise (February 2009)
Where Was Enterprise Risk Management? (November 2008)
Critical Role for the Chief Audit Executive: Aligning Risk Assessment (October 2008)
Chief Audit Executives and Risk Management Silos (March 2008)
Risk Management's Chief Audit Executive (December 2007)
Prescribing Risk Intelligence for the Life Sciences Sector (December 2007)
Enterprise Risk Management in Uncertain Times (October 2007)
Taking Risks To Create Value—It's What Capitalism's All About! (September 2007)
Risk Management Practices Cannot Be "Bolted On" (July 2007)
When Risks Marry and Multiply (June 2007)
Balancing Risk Probability and Vulnerability (May 2007)
Addressing the Full Spectrum of Risks (May 2007)
Bridging the "Silos" (April 2007)
Traditional Risk Management Inadequate To Deal with Today's Threats (March 2007)
The Alchemy of Enterprise Risk Management: Examples from the Investment World (December 2003)
Practical ERM Applications: Risk Integration (September 2003)
Implementing Enterprise Risk Management: Getting the Fundamentals Right (June 2003)
ERM Lessons Across Industries (March 2003)
Practical ERM Applications: Capital Allocation (November 2002)
Practical ERM Applications: Assessing Capital Adequacy (September 2002)
The Language of Enterprise Risk Management: A Practical Glossary and Discussion of Relevant Terms, Concepts, Models, and Measures (May 2002)
Implementing Enterprise Risk Management: The Emerging Role of the Chief Risk Officer (January 2002)
ERM and September 11 (November 2001)
Modeling the Reality of Risk: The Cornerstone of Enterprise Risk Management (July 2001)
Enterprise Risk Management in the Financial Services Industry: From Concept to Management Process (November 2000)
Enterprise Risk Management in the Financial Services Industry: Still a Long Way To Go (August 2000)
Enterprise Risk Management: What's Beyond the Talk? (May 2000)
Expand Internal ControlsInternal Controls
Expand NanotechnologyNanotechnology
Expand Political RiskPolitical Risk
Expand Risk Management TechnologyRisk Management Technology
Expand SecuritySecurity
Expand Terrorism Risk Management & InsuranceTerrorism Risk Management & Insurance
Expand IRMI InsightsIRMI Insights
Expand IRMI Update Newsletter ArchivesIRMI Update Newsletter Archives
Expand Risk Finance InformationRisk Finance Information
Expand Construction InformationConstruction Information
Expand Personal Lines InformationPersonal Lines Information
Expand Claims, Caselaw, LegalClaims, Caselaw, Legal
Expand Insurance IndustryInsurance Industry
Expand Glossary of Insurance & Risk Management TermsGlossary of Insurance & Risk Management Terms
Expand SearchSearch
Terms of Use
Privacy Statement
System Requirements
Support

Enterprise Risk Management: What's Beyond the Talk?

May 2000

ERM is defined as a rigorous approach to addressing risks from all sources that threaten an organization's strategic objectives or represent opportunities for competitive advantage. The purpose of ERM is to increase the value of the enterprise. Properly understood, designed, and executed, ERM can be the effective decision-making framework.

by Jerry Miccolis
Tillinghast-Towers Perrin

Nearly all companies today are living under the well-known Chinese curse: May you live in interesting times. They face increasing demands for performance from shareholders and other stakeholders. Their markets are globalizing while their industries are consolidating.

New competitors, often riding the crest of a new technology, can arise from unexpected quarters-whether from another part of the world or from what had been an unrelated industry. Governments, regulators, and the courts can rewrite the rules of anybody's game at almost any time.

All business is risky business. It's no wonder, then, that senior managers are paying greater attention to risk management as a strategic function. But our experience with clients suggests that they are not always certain about what they should be doing to manage risks strategically or how to do it. This uncertainty was reflected in the results of our recent survey of executives in the insurance sector, Enterprise Risk Management in the Insurance Industry, A Benchmarking Report, to be subsequently reported on in this space.

For instance, insurance company executives, like those in other sectors, say they want to manage all risks in an integrated way. However, as our survey discovered, most risk management activity in that industry focuses on financial strategies to deal with financial risks.

Insurers desire, but lack, a clear conceptual framework that would include both financial and operational strategies to deal with both financial and operational risks. Insurance company executives also are dissatisfied with the tools currently available to put such a conceptual framework into practice. They are not alone; we observe a similar discontent among senior executives in many industries.

This series of articles on enterprise risk management will address both needs: a clear, powerful conceptual framework to manage risk at the strategic level, and a better understanding of the tools that managers can use to put that framework to work. This article begins the series by describing a robust framework for strategic or enterprise risk management (ERM) and the value of that framework to managers.

Future articles will describe the ERM implementation process (including the tools now available for this process), operational risk management for financial institutions, and integrated risk financing approaches.

The What and Why of ERM

The place to begin is with a clear definition of, and statement of purpose for, ERM. ERM is defined as a rigorous approach to assessing and addressing risks from all sources that either threaten the achievement of an organization's strategic objectives or represent opportunities to exploit for competitive advantage. The purpose of ERM is to increase the value of the enterprise. For most organizations, ERM achieves that goal by accomplishing the following.

  • Improving capital efficiency by providing an objective basis for allocating resources, reducing expenditures on immaterial risks, and exploiting natural hedges
  • Supporting informed decision-making by uncovering areas of high-potential adverse impact on the drivers of share value and identifying and exploiting areas of "risk-based advantage"
  • Building investor confidence by establishing a process to stabilize results by protecting them from disturbances and demonstrating proactive risk stewardship.

The reasons organizations undertake ERM are both external and internal. External motivation comes from corporate governance studies (such as the reports from the Cadbury, Hampel, and Turnbull Committees in the United Kingdom, the Dey Report in Canada, and the Peters Report in the Netherlands), mandatory bills (such as the KonTraG in Germany), and pressure from institutional investors-all of whom insist that risk management be a board-level responsibility and the scope be all-encompassing.

We observe, however, that most organizations embarking on ERM are doing so for internal "good business" reasons. That is, they seem motivated by the goals outlined above: improving capital efficiency, making more risk-informed strategic decisions, and building investor confidence.

On this last point, we have done empirical research on the value that investors assign to organizations that display consistent earnings results. The research results show that, across a wide range of industries, investors assign materially higher value to those companies with lower earnings volatility than their peers, even after the study sample is stratified to adjust for other value drivers, such as growth and return. In short, there is demonstrable value in consistency-and consistency is a clear outcome of effective ERM.

Overview of the ERM Process

The actual ERM process consists of the following four steps that usually make use of existing company information and procedures.

  • Assessing Risk. Risk assessment focuses on risk as a threat as well as an opportunity. In the case of risk-as-threat, assessment includes identifying, prioritizing, and classifying risk factors for a subsequent "defensive" response. For risk-as-opportunity, this step includes profiling risk-based opportunities for later "offensive" treatment.
  • Shaping Risk. This "defensive track" includes risk quantification/modeling, mitigation, and financing.
  • Exploiting Risk. This "offensive track" includes analysis, development, and execution of plans to exploit certain risks for competitive advantage.
  • Keeping Ahead. The nature of risk, the environment in which it operates, and the organization itself change with time. That situation requires continual monitoring and course corrections.

Each of the substeps within these four steps could be the subject of its own article, if not an entire textbook. For purposes of this introductory article, we'll stop here.

The Value of the Appropriate Framework

Properly understood, designed, and executed, ERM can be the effective decision-making framework that executives say they are looking for. It accomplishes the following.

  • Allows a determination of the necessary capital level for the enterprise, and provides a means to efficiently deploy and improve return on capital
  • Permits the proper allocation of capital to business segments, thereby improving the performance tracking of those segments
  • Helps executives evaluate alternative capital structures that leverage returns
  • Provides a method to ensure that enterprise owners receive proper compensation for the risks they assume
  • Helps stabilize earnings by identifying and addressing the risks that create the most volatility
  • Guides the development of an optimal risk financing strategy
  • Provides better information, which increases negotiating leverage with the enterprises' stakeholders, from shareholders to analysts to regulators to capital markets to merger and acquisition targets

That's the overview and benefit of ERM. In our next article, we'll outline our view on its application to the financial services industry.

Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.
Advertisements
    
 
© 2000-2012 International Risk Management Institute, Inc. (IRMI). All rights reserved.