Enterprise Risk Management
ERM's increasing influence
Study of large public companies indicates how they rank their risks
By Michael J. Moody, MBA, ARM
Over the past two to three years, we have watched enterprise risk management (ERM) grow from a simple concept into a strategic imperative at companies across the globe. And while, for the most part, U.S. businesses have historically trailed other countries in ERM implementation, there is evidence that this is changing. One of the primary reasons that U.S. corporations are taking more interest in ERM is the rapidly changing landscape associated with risks here.
Many of the changes that are occurring in the risk landscape have been documented in a new study from Towers Perrin, “A Changing Risk Landscape: A Study of Corporate ERM in the U.S.” Among other things, the study documents the increasingly strategic role risk and risk management are playing as corporations struggle to optimize the risk/return relationship, while enhancing corporate decision-making. More and more, corporate management is realizing that the traditional risk groups such as operational risks, financial risks and insurance-based risks are ever expanding. As a result, advanced risk management techniques and tools have been developed, and this has accounted for the increasing popularity of ERM.
Just the facts
In the past, Towers Perrin has periodically surveyed leading corporations to identify the critical issues that are shaping their views with regards to risk management. In addition, they have frequently tried to gain an insight into the drivers of risk management so as to further the development of ERM solutions. The 2006 survey polled 75 senior financial and risk management executives through a series of comprehensive online surveys and in-depth interviews. The survey group was limited to U.S.-based, publicly traded companies with revenues greater that $1 billion. Additionally, all respondents were chosen from non-financial industry segments.
The vast majority of organizations acknowledged the increasing importance of risk management to their business strategies. However, most believed that further developments still are coming. In that regard, over 85% believe that their firm’s emphasis on ERM will increase over the next five years. Much of this change will come from various changes in the risk landscape as corporations try to cope with expanding global risks. They also believe that risk management will gain additional emphasis due in large part to the changing expectations of investors, regulators and other stakeholders.
The study identified what respondents felt were the drivers responsible for the increasing emphasis in risk management. Some respondents indicated that traditional drivers are still responsible for this movement. In this group were corporate governance issues (55%) and government regulation issues (37%). Doubtless, these were due in large part to continuing efforts for Sarbanes-Oxley compliance. Both of these drivers have been towards the top of the list for the past few years. However, the study also noted several newer issues.
One of the most indicated new drivers is natural disasters/pandemics, which was selected by respondents 55% of the time. A number of respondents noted the significant problems that were encountered subsequent to Hurricane Katrina. A number of them indicated that Katrina had caught their companies totally off guard, with the result that significant gaps in their risk management programs were identified. Others felt that potential problems with a pandemic would be significant and that their organizations had been working to mitigate this potential.
Other drivers identified by the survey respondents as reasons for an increased emphasis on ERM include: increased liability risks (48%), physical infrastructure/facility risk issues (37%), competitive pressure issues (37%), and customer requirement issues (26%).
While organizations struggle to identify, assess and manage a wide range of risks that are specific to their particular industry segment, the study noted that some types of risks are common to all industries. The survey identified several key risk domains that had universal concern from all participants. Operational risks were identified as the most important risk facing management today.
The operational risk area that was noted most frequently was supply chain risk. This is emerging due to the increased exposure from the globalization of the world marketplace, as well as the geo-graphic spread of a firm’s suppliers and customers. The supply chain risks were noted across all industry segments, which accounted for the increased demand for methodologies and solutions to quantify and mitigate these increasing risks. Of major concern to the participants is the variety of potential external shocks such as natural disasters and political disruptions.
The second most important risks, according to the survey, were property/casualty risks, with 19% of the respondents selecting them. Obviously, these risks are a core ingredient to any risk management program and include traditional property, liability and workers compensation risks, which utilize insurance to mitigate these exposures. Some people may be surprised at the indication of insurance risks as number two; however, there are valid reasons for this selection. It is not the insurance risks per se that is the issue, but rather it is the industry shortage of sufficient capital to cover certain property and casualty risks that prompted the second place finish. This shortage has led to companies turning to the capital market for potential solutions. As a result, this has led to more emphasis on integrated risk products and a broader view of organizations’ risk profiles.
Business/strategic risks also scored a top three position. Included in this grouping are political risks, business continuity risks and, most important, reputational risks. Participants noted that part of this high ranking is the result of an inability that many companies face in identifying, quantifying and managing these risks. Globalization has created a significant concern about another important risk domain, financial/capital market risks. Those risks that fall into this group are interest rate risks, foreign exchange risks, commodity risks and credit risks. While hedging has helped companies deal with these exposures, the participants indicated that they were looking for more innovative and sophisticated solutions for these risks.
Compliance risk also continues to rank high on the list of most important risk domains. Most of the survey participants indicated that they have progressed to having SOX compliance concerns “under control.” However, it was pointed out that compliance goes beyond SOX, to include accounting, labor, safety and securities concerns. Another area of concern was the pension and human resources risks. These are two areas of risks that appear to be growing, according to the participants. In particular, pension risks will need more proactive risk management since pension obligations are so firmly linked to a company’s overall financial health.
View of ERM
In addition to the traditional risks domains, participants were asked to address ERM. The survey respondents were clearly aware that a major shift in the risk management environment was taking place. And while in more regulated industries (i.e., banking, insurance, energy and health care) the major drivers of ERM will continue to be regulatory and rating agency pressures, today in all industries, ERM is seen as providing a competitive advantage to those companies that deploy more sophisticated, strategic risk management solutions.
However, the survey also showed that there remains some confusion about what ERM really is and how it should be implemented. Despite this shortcoming, the majority of participants indicated their firms have made a commitment to ERM. Over 20% stated that their organizations have ERM programs in place, while an additional 14% stated they are committed to implementing an ERM program, and another 36% said they were seriously discussing ERM. Only 31% indicated no plans to implement an ERM program.
The Towers Perrin survey clearly shows that U.S. companies are much more aware of ERM and are working towards implementation. In the final analysis, the study concludes by stating, “So the issue appears not to be whether ERM will succeed, but rather how it can be embraced with minimal disruption and rapid payback, and flexible enough to accommodate the changing risk and financial needs of today’s corporations.” *
Michael J. Moody, MBA, ARM, is the managing director of Strategic Risk Financing, Inc. (SuRF). SuRF is an independent consulting firm that has been established to advance the practice of enterprise risk management. The primary goal of SuRF is to actively promote the concept of enterprise risk management by providing current, objective information about the concept, the structures being used, and the players involved.
Today in all industries, ERM is seen as providing a competitive advantage to those companies that deploy more sophisticated, strategic risk management solutions.