|
Enterprise Risk Management Unlocking ERM’s potential Quantifiable approach relates ERM’s impact to shareholder value By Michael J. Moody, MBA, ARM The past 12 to 18 months have seen a steady flow of interest in the concept of enterprise risk management (ERM). And this interest has come from many industry segments and types of organizations. No longer is ERM simply viewed as a tool of the financial services industry. While financial services firms were among the early adopters and continue to provide strong support for the concept, most business segments have realized the benefits of adopting a global, 360-degree view of their risks. Without question, most of the current wave of interest has come in direct response to compliance-related issues such as the Sarbanes-Oxley Act (SOX) as well as newer regulatory requirements such as SEC and NYSE mandates. However, there are other factors that are contributing to this escalating interest in ERM on the part of corporate America. To be certain, few board members lose sight of the fact that they can now be held personal liable for their actions, up to 20% of their net worth. Concern for a company’s reputation has also contributed to an interest in ERM. Other factors leading to the renewed interest in this holistic approach towards risk management include the introduction of better tools and techniques (such as the COSO Framework), success stories from peers and competitors, increased focus on ERM by rating agencies as well as the heightened state of national risk awareness following 9/11 and the recent Gulf Coast hurricanes. Implementation roadblocks Despite the new interest, many companies continue to flounder in their efforts to establish and implement an ERM program. Unfortunately, they have found out that merely appointing a chief risk officer (CRO) is not always the answer. Though these companies are identifying, assessing and disclosing their key risks, most struggle to actually embed the ERM process into the organization’s decision-making process and culture. There are numerous reasons for this lack of progress. According to Sim Segal, a senior manager in the actuarial and insurance solutions group of Deloitte Consulting, the primary reason is a lack of quantitative rigor. “While many companies have started down the path of ERM implementation, a lack of rigorous quantification often causes serious roadblocks,” Segal says. This manifests itself primarily in an inability to make a quantifiable business case for ERM, which is the single, largest issue that has inhibited progress at many companies. Corporate executives are “justifiably uncomfortable making a deeper commitment to ERM without a clear and quantifiable business case,” Segal says. But sadly, this business case is not readily available for most ERM approaches. As a result, Segal states, “this inhibits the penetration of ERM into the organization, and significantly limits its potential.” But the failure to make a business case for ERM is only one of the issues causing ERM efforts to stall. According to Segal, a lack of quantitative rigor also leads to such shortcomings as: • Unclear concept of “risk appetite” Any of these roadblocks could derail a company’s ERM efforts. The next stage of evolution Deloitte, however, has developed an ERM approach known as “value-based enterprise risk management,” that they believe will finally make the business case for ERM and help resolve these other issues as well. According to Segal, “by synthesizing two well-known management concepts—enterprise risk management and value-based management—this approach makes the quantification of value central to all aspects of the ERM process.” The approach, he says, “helps companies develop a quantitative business case for ERM, clearly define risk appetite, quantify operational risk, align the various ERM processes and ultimately integrate ERM into decision-making processes.” When this occurs, companies can begin “increasing both short- and long-term value for stakeholders.” This approach employs a model used to measure risks in terms of their potential impact on shareholder value. The model quantifies the correlation-adjusted impact of key risks on the company’s risk and value drivers, ultimately quantifying the impact on shareholder value. Shareholder value is then used as a unifying theme and metric to connect ERM to key company processes and to make the business case for ERM. Numerous advantages Corporations gain significant advantages from adopting an ERM program that has this quantitative rigor in its framework. Obviously, it is far easier to demonstrate a business case for ERM when the quantitative aspects are present. A significant advantage of the value-based model is “the ability to quantify the business case, since it is automatically built into the framework.” Segal points out that their value-based ERM approach “quantifies the expected shareholder value as well as its variability, both before and after ERM activities.” And this is the most rigorous type of metric for a business case, since it explicitly reflects all assumptions and their likely ranges. An additional advantage to the value-based approach is the ability to formalize an organization’s risk appetite. If the value-based approach is used, the definition of risk appetite is rigorously quantified and becomes a central component of the ERM process. “Risk appetite can now be defined as management’s reaction to a quantitative expression of enterprise risk exposure,” says Segal. “Risk appetite is defined as the answer to the question: ‘Is the ERM committee comfortable with the current enterprise risk exposure, defined in terms of shareholder value volatility?’” If the answer is “no,” then management takes actions such as changing the business/product mix or engaging in ERM activities to change the risk exposure to a level more consistent with management’s risk appetite. Segal points out that “each such action changes the risk-value profile, resulting in a new calculation of expected ranges of shareholder value and enterprise risk exposure.” The beauty of the value-based approach is that the recalculation is performed prior to management action, to inform management of the risk-value trade offs and assist in identifying strategic alternatives. Operational risks (i.e., those risks that relate to strategy, public relations, information technology, etc.) have always been difficult for companies to assess quantitatively; however, value-based ERM can help here as well. A traditional ERM approach would typically have some type of quantitative risk assessment approach for financial risks, such as credit and market risks, but few are able to extend the assessment across operational risk areas. However, Segal says, “the value-based ERM model can extend to operational risk, thus facilitating the use of a single consistent approach.” The value-based technique also encourages a consistent approach by unifying ERM processes through the common language of value. This minimizes friction, aligns incentives and encourages value-enhancing decisions and behaviors. And this is extremely helpful, notes Segal, because every member of the enterprise is now “rowing in the same direction” towards value creation. While the benefits to adopting an ERM approach have become obvious to most organizations, lack of a cohesive program has continued to dampen its reception. However, the introduction of Deloitte’s value-based model may go far in resolving these shortcomings. The quantitative value-based rigor it provides may be just the element needed for companies to break through their ERM roadblocks. Is this a unique innovation? “Most ERM experts tout the need for a value-based focus,” says Segal. “However, we have not seen much evidence of other practical approaches for implementing a value-based ERM approach.” Certainly, value creation is important. “There is a lot of movement in this direction,” says Segal. “And we are now at a point where technology can support a robust value-based approach. If we had the computing capabilities 100 years ago that we have now, we never would have developed the financial reports now commonly in use, which are all proxies for shareholder value.” In addition, the technology can support the scenario analyses required for ERM. This, together with a value-based ERM framework, can provide companies with a powerful weapon with which to manage shareholder value. Does this represent a quantum leap in enterprise risk management? “Yes, I think so,” Segal responds. “This is the way to get the most out of ERM. We know that ERM is such a worthwhile effort if done correctly,” he says, “but you need to go down the correct path.” Value-based ERM is the right path according to Segal. * The author |
|