|
Enterprise Risk Management
One step forward, two steps back
New study finds ERM progress — but significant impediments remain
By Michael J. Moody, MBA, ARM
Without question, the perception of risk management is changing. There is little doubt that over the past 10 to 12 years, risk management has been moving more toward the 360-degree view that is generally associated with enterprise risk management (ERM). The reasons for this change in attitude are numerous. Certainly, changes in the regulatory environment and the increasing attention from the rating agencies have caused ERM to get more than passing consideration.
However, at the end of the day, it well may be the events preceding the recent financial crisis that are responsible for much of the attention ERM has received. From today's perspective, there is no question that risk management mistakes occurred prior to the crisis. And while the mistakes have been reviewed and analyzed from a number of perspectives, it is generally agreed that executive management had frequently ignored warnings provided by their organization's risk management department. This fact has been well documented in several white papers and studies published over the past couple of years.
One step forward
One of the new studies also notes that the financial crisis has been the catalyst for significant change in risk management that generally has added "to the risk function's authority and independence." The study, "Fall Guys: Risk Management in the Front Lines," was completed by The Economist Intelligence Unit (EIU) and was sponsored by ACE and KPMG. It notes that risk management "is currently enjoying an unprecedented level of authority and visibility." In order to assess the current state of risk management, EIU conducted a global survey of senior executives, both within the risk management function as well as those within general executive management.
One of the study's key findings is that corporate executives today are painfully aware of the importance of strategic risk management, considered by most as those risks that pose a threat to a company's ability to set and execute its overall strategy. Among the major threats noted in the study are weak demand and market volatility—these were named by the participants as the greatest challenges that their organizations will face over the next 12 months.
The participants also indicated that the identification of new and emerging risks is a key goal of risk management. Most of the participants also made note of the increasing influence of the risk function. According to the majority of participants, "The financial crisis has placed risk management under the spotlight."
As a result, there is agreement that the events of the past three years have "brought risk management into sharper focus," within most organizations.
Most executives are welcoming the greater insight that the risk function can provide in relation to what the future holds. "For risk managers, this presents a rare window of opportunity to elevate their function," the study indicates. Further, this opportunity should allow risk managers to "play a more prominent role in key business decisions." In general, risk managers are "wielding greater power than at any time in recent memory." And while corporations clearly have their own agendas, boards are also beginning to request that risk managers expand their reach beyond operational issues and to tackle larger strategic risks. In addition, some corporations are "embedding a broader culture and awareness of risk and encouraging a more structured approach to the consideration of both threats and opportunities."
Two steps back
Despite the rosy view presented above, the comments provided by the majority of the 500 survey participants were not overly optimistic. While participants realize that the incentives to ensure greater emphasis on risk management have never been greater, implementation continues to lag in several critical areas. The strategic aspect of risk management is one of the areas that is lacking.
Most participants realize that strategic risk management is a key factor in developing a successful ERM program; however, "The examples of companies that take a genuinely strategic approach to risk management remain few and far between." A primary reason for the lack of a more strategic approach is a need for communication between the corporate function and the broader business units. The study confirmed that from a strategic standpoint, communication is paramount and may account for the fact that "only a minority of companies involve the risk functions in key business decisions."
Additionally, experience has shown that an "enterprise-wide culture and awareness of risk can be very difficult to achieve." Certainly, corporate risk managers have long hoped for a more prominent role in strategic decision-making. However, the study confirms for the most part that "this aspiration is still unfulfilled." This is even more disturbing since "few companies even expect the risk function to play a supporting role in decision making."
Unfortunately, too many executives continue to see risk management in terms of "negative activities" that are about imposing control and setting limits. Frequently, risk management functions are viewed as "business prevention units" that get in the way of the business units achieving their objectives. This results in some executives "finding ways of stepping around risk management policies and procedures." The study documents the fact that risk managers "recognize that they must shake off this perception and be seen as a positive contributor to business." As a result of this sensitivity, "risk managers' roles as enablers of business are not yet fully achieved."
This current view of risk management also carries over to other important areas as well. While there is "a greater awareness and focus on risk management, this might suggest that corporations are looking to beef up their risk functions," that is usually not the case. The study noted that less than one-fourth of organizations are actually increasing the head count in the central risk function.
In too many cases, the function continues to be an "army of one." Certainly the current economic downturn has had an effect on this issue and may, in fact, lead to reluctance to invest. Risk management may be a victim of "this pervasive climate of cost-consciousness." So it would appear to be the ultimate irony: While corporations realize the value of ERM, "because of the current downturn, they are curtailing their investment plans" in all areas including risk management.
Finally, the study also notes that while the risk function has increased its visibility, "there is a danger that its increasing influence will not be a permanent change." Some of the participants stated that "the elevated position could be temporary." And some even suggested that the attention risk management is given today "will inevitably decline when the good times return."
Conclusion
First of all, the fact that these kinds of discussions are even taking place is a testament to the advances that have already occurred in risk management. Acceptance by executive management is never easy, and implementation of any new management discipline such as enterprise risk management never proceeds without a hitch. Progress in moving towards ERM is occurring, and in enlightened companies it is occurring faster than many people realize. Frequently, those firms have seen the value-added from ERM first hand and have taken specific steps to hasten its acceptance.
One other issue that the study notes should serve as a "word to the wise." In discussing the challenges of embedding risk management into the business, it was indicated that many executives continue to see risk management as a "back-office cost center that does little to help the cause." And here the study was clear: "We're beginning to see companies laying off teams of traditional, old-fashioned risk managers (including insurance buyers) or outsourcing these functions to specialist organizations."
For those who continue to bury their heads in the sand concerning ERM, here is a news flash: The genie is out of the bottle. And this issue is not limited to risk managers; agents and brokers who continue to believe that risk management is limited to insurance buying are destined to be "laid off" as well. At this point, risk management has come too far and, as a result, there is no turning back. Thus the facts are simple—risk managers and agents and brokers that do not change do so at their own peril.
The author
Michael J. Moody, MBA, ARM, retired as the managing director of Strategic Risk Financing, Inc. (SuRF), a firm that had been established to advance the practice of enterprise risk management. As a columnist, he actively promotes enterprise risk management by providing current, objective information about the concept, the structures being used, and the players involved.
|
