Nearly all companies today are living under the well-known Chinese curse:
May you live in interesting times. They face increasing demands for performance
from shareholders and other stakeholders. Their markets are globalizing while
their industries are consolidating.
New competitors, often riding the crest of a new technology, can arise from
unexpected quarters-whether from another part of the world or from what had
been an unrelated industry. Governments, regulators, and the courts can rewrite
the rules of anybody's game at almost any time.
All business is risky business. It's no wonder, then, that senior managers
are paying greater attention to risk management as a strategic function. But
our experience with clients suggests that they are not always certain about
what they should be doing to manage risks strategically or how to do it. This
uncertainty was reflected in the results of our recent survey of executives
in the insurance sector, Enterprise Risk Management in the Insurance Industry,
A Benchmarking Report, to be subsequently reported on in this space.
For instance, insurance company executives, like those in other sectors,
say they want to manage all risks in an integrated way. However, as our survey
discovered, most risk management activity in that industry focuses on financial
strategies to deal with financial risks.
Insurers desire, but lack, a clear conceptual framework that would include
both financial and operational strategies to deal with both financial and operational
risks. Insurance company executives also are dissatisfied with the tools currently
available to put such a conceptual framework into practice. They are not alone;
we observe a similar discontent among senior executives in many industries.
This series of articles on enterprise risk management will address both needs:
a clear, powerful conceptual framework to manage risk at the strategic level,
and a better understanding of the tools that managers can use to put that framework
to work. This article begins the series by describing a robust framework for
strategic or enterprise risk management (ERM) and the value of that framework
to managers.
Future articles will describe the ERM implementation process (including the
tools now available for this process), operational risk management for financial
institutions, and integrated risk financing approaches.
The What and Why of ERM
The place to begin is with a clear definition of, and statement of purpose
for, ERM. ERM is defined as a rigorous approach to assessing and addressing
risks from all sources that either threaten the achievement of an organization's
strategic objectives or represent opportunities to exploit for competitive advantage.
The purpose of ERM is to increase the value of the enterprise. For most organizations,
ERM achieves that goal by accomplishing the following.
- Improving capital efficiency by providing an objective basis for allocating
resources, reducing expenditures on immaterial risks, and exploiting natural
hedges
- Supporting informed decision-making by uncovering areas of high-potential
adverse impact on the drivers of share value and identifying and exploiting
areas of "risk-based advantage"
- Building investor confidence by establishing a process to stabilize
results by protecting them from disturbances and demonstrating proactive
risk stewardship.
The reasons organizations undertake ERM are both external and internal. External
motivation comes from corporate governance studies (such as the reports from
the Cadbury, Hampel, and Turnbull Committees in the United Kingdom, the Dey
Report in Canada, and the Peters Report in the Netherlands), mandatory bills
(such as the KonTraG in Germany), and pressure from institutional investors-all
of whom insist that risk management be a board-level responsibility and the
scope be all-encompassing.
We observe, however, that most organizations embarking on ERM are doing so
for internal "good business" reasons. That is, they seem motivated by the goals
outlined above: improving capital efficiency, making more risk-informed strategic
decisions, and building investor confidence.
On this last point, we have done empirical research on the value that investors
assign to organizations that display consistent earnings results. The research
results show that, across a wide range of industries, investors assign materially
higher value to those companies with lower earnings volatility than their peers,
even after the study sample is stratified to adjust for other value drivers,
such as growth and return. In short, there is demonstrable value in consistency-and
consistency is a clear outcome of effective ERM.
Overview of the ERM Process
The actual ERM process consists of the following four steps that usually
make use of existing company information and procedures.
- Assessing Risk. Risk assessment focuses
on risk as a threat as well as an opportunity. In the case of risk-as-threat,
assessment includes identifying, prioritizing, and classifying risk factors
for a subsequent "defensive" response. For risk-as-opportunity, this step
includes profiling risk-based opportunities for later "offensive" treatment.
- Shaping Risk. This "defensive track" includes
risk quantification/modeling, mitigation, and financing.
- Exploiting Risk. This "offensive track"
includes analysis, development, and execution of plans to exploit certain
risks for competitive advantage.
- Keeping Ahead. The nature of risk, the
environment in which it operates, and the organization itself change with
time. That situation requires continual monitoring and course corrections.
Each of the substeps within these four steps could be the subject of its
own article, if not an entire textbook. For purposes of this introductory article,
we'll stop here.
The Value of the Appropriate Framework
Properly understood, designed, and executed, ERM can be the effective decision-making
framework that executives say they are looking for. It accomplishes the following.
- Allows a determination of the necessary capital level for the enterprise,
and provides a means to efficiently deploy and improve return on capital
- Permits the proper allocation of capital to business segments, thereby
improving the performance tracking of those segments
- Helps executives evaluate alternative capital structures that leverage
returns
- Provides a method to ensure that enterprise owners receive proper compensation
for the risks they assume
- Helps stabilize earnings by identifying and addressing the risks that
create the most volatility
- Guides the development of an optimal risk financing strategy
- Provides better information, which increases negotiating leverage with
the enterprises' stakeholders, from shareholders to analysts to regulators
to capital markets to merger and acquisition targets
That's the overview and benefit of ERM. In our next article, we'll outline
our view on its application to the financial services industry.