Your Risk Management Magazine
Has ERM earned its stripes?

Font size : + -

email print

Enterprise risk management continues to be an elusive concept for some, but the benefits are becoming more easily measurable. Stuart Fagg investigates how ERM is helping risk get a seat at the top tableWhat’s in a name? In terms of enterprise risk management (ERM), everything. To some it’s integrated risk management, to some it’s enterprise wide risk management and to others it’s just a convenient way to transmit risk information around large organisations.

However, despite some confusion over the definition of the concept, there’s no doubt ERM is gaining plenty of traction in Australia’s leading companies. “There’s a general understanding of what ERM is, and firms know they need to have a view about how they undertake this,” said Alan Hui, director, advisory, at PricewaterhouseCoopers. “I don’t think you’ll find anyone that would say they don’t believe in the concept of managing risk across the business and in the business.”

But with the rise of ERM, and its realignment of risk management away from controls and toward value adding, some have tended to view ERM as the ‘silver bullet’ and total solution to the incredibly complex challenge of managing risk across an organisation while also feeding value back in. Those that see ERM in those terms are likely to be disappointed.

“It all gets back to one of the terms in ERM and that’s risk,” said Geoff Bell, general manager, compliance and assurance at Suncorp. “Risk to people with different backgrounds in different organisations and industries is completely different. Risk to a risk manager in a bank versus an actuary in an insurance company versus a risk person working in a large mining conglomerate – although it’s the same word, it’s a completely different topic. They come at it from different perspectives. That’s why we’ll never get to a point where we have a consistent definition of what ERM is. The big four [accounting firms] aren’t going to be able to package and sell the perfect ERM solution because there isn’t one.”

The key to approaching ERM, experts said, is to tailor the process to your organisation. “There can be a shopping list mentality with ERM in terms of say 78 benefits required,”said Dante Peel, partner at PwC. “The conversation should go more along the lines that there are a range of things that can be achieved through ERM, but organisations need to sit down and look at the unique situation their business is in, the planning and other processes being used to direct, manage and monitor the business, and work out where there may be some benefit from augmenting this with an explicit risk management toolkit. Having a conversation along those lines leads to a more realistic assessment as to what can be achieved. Once that assessment has been made, the approach that’s taken can be put in place in a way that’s congruent with the benefits that are being sought.”

It can also be a mistake to even refer to the process of implementing an organisation-wide approach to risk as ERM. “Whether we term such an approach as enterprise risk management is not of great consequence; the importance is to view risk in a holistic fashion so that strategic business decisions can be made with confidence, said Paul Muir, head of portfolio management at Vero Insurance.

Suncorp’s Bell, who was named PwC Risk Professional of the Year in 2005 at the Australian Risk Management Awards for his ERM implementation, added that it can help to outline the concept before putting the ERM label on an implementation.

“At Suncorp we convinced the executive, risk committee and the board to really consider the ways we could optimise the management of risk before we named it ERM,” he told Risk Management. “In terms of the benefits of managing risk holistically across an organisation, we spent a fair bit of time identifying the outcomes and benefits before we put a name on the program. If we’d come to the risk committee with an initial position that we had to have ERM, we would have faced some resistance and a more difficult route. Without defined outcomes ERM is just consultant speak.”

But like many things in life, it’s not what you call it, but what you do with it that’s important, and early adopters of ERM are starting to feel the benefits. While experts caution against attempting to place a dollar value on what ERM can bring to businesses, there are obvious benefits.

“The benefits have been really quite broad,” said Bell. “Starting at the top, the approach we have taken has a risk governance focus. Our ERM initiative provides a much clearer view for the board and the executive team and all the way down through the lines of business, of what risk is, how much we carry and how best it should be managed. We didn’t necessarily have that in the past – all the components of risk were being well managed, but not in a coordinated manner. Now, when the executives or board are speaking credit risk, they are talking about credit risk across the organisation, not just in banking – there is a much better understanding of the group’s total exposure by risk category.”

The benefits can also be relatively easily quantified.

“In terms of major investments and projects measuring the expected return against the actual return and if there was explicit discussion around risk when that business case was put forward for that investment. Part of the post implementation review should cover whether assumptions were right and how successfully were the risks identified and managed that impacted on costs and returns,” said PwC’s Peel. “That’s a very explicit way of measuring benefit. Another would be the benefit around the allocation of resources. In the financial services sector there is benefit around allocation of capital but there is also benefit around executive and management time. Their time is limited so how can you drive agreement on where their team’s time should be focused to have greatest impact. This can be an exercise to prioritise their time and you can certainly measure that.”

Allowing management and executives to make more informed decisions about the business has obvious benefits, but until ERM emerged it was not thought of as a spin off from traditional risk management techniques.

“There is consistency in terminology and assessment but the freedom to assess risk at an operational level,” said Vero’s Muir. “We use a combination of a top down/bottom up approach so that risk can be appreciated at both a macro and micro level. Business decisions can then be made confidently based on our risk appetite. This approach also ensures that there is not a gap between the executive and board perception of the ERM and the business reality.”

But beyond the benefits of a more complete picture of risk and the reality check that can bring, there are cultural spin offs too. Recent experience has underscored the penalties for failing on cultural issues, but there is no doubt among experts of the crucial role ERM can play in cultural development.

“On the less measurable side we often find there is a benefit around greater clarity of accountabilities and responsibilities,” said Peel. “Having had a discussion about what the risks are, you have to be clear about who is accountable for managing and monitoring them. That in itself leads to better outcomes.

“Secondly, there is the issue around culture and behaviour, which can be more difficult to measure. Many organisations use employee surveys, employee climate reviews to ask some objective questions around the culture and behaviour. For example, have we got an open and transparent culture which means we are more likely to report things that go wrong more quickly upwards than last year?”

Increasingly, ERM is not being viewed in terms of its benefits, but also in terms of the potential penalties for not implementing it. Ratings agencies have for some time considered ERM as part of their assessments of listed companies’ credit ratings.

“Standard & Poor’s work on ERM is being undertaken in many markets,” said Jeanette Ward, director at Standard & Poor’s Rating Services in Melbourne. “In Australia, we broadened that focus to include industrial and infrastructure companies in 2005. Standard & Poor’s increased focus on ERM reflects, among other things, the increasingly complex business environment, continuing developments in corporate governance, risk management, and internal control standards and processes, and the more holistic approach companies are taking to risk management.”

While S&P’s does not adversely rate companies based on their ERM programs, the rating agencies’involvement can lead to benefits. Indeed, according to Ward, S&P’s assessment methodology is extensive.

“The information gathered on the company’s risk management framework is an important adjunct to our normal rating and surveillance processes,” she said. “A strong enterprise management framework should enable boards and management to be more proactive in considering a broad range of risks and opportunities, be more effective in identifying, measuring and managing risk, better understand the company’s risk profile and the pace with which it evolves, be forewarned about emerging problems, and be nimble and effective in dealing with large, damaging shocks.”

Most experts welcome the increased external focus on ERM, but it’s not just rating agencies that becoming increasingly involved. “We encourage the direction ratings agencies are taking, because it means there is more insight into the forward looking position and how risk is being managed,” said Peel. “We are seeing two other stakeholder groups paying attention to ERM. The first is insurers and insurance brokers. We are finding increasing recognition and receptiveness to further understanding the risks they are insuring so they can make better pricing decisions.”

There is increasing interest from third party supplier and service providers in ERM and contracts are gradually including detail or attestations on how risks are being managed. However, an insider’s perspective is needed.

“In all these cases, it’s about getting a greater level of insight than what might be disclosed in an annual report,” said Peel.

For its part, S&P’s is seen as a partner by the firms it is assessing, which gives it access to information not normally disclosed. “Our rating process is interactive,” said Ward. “Just as many companies treat S&P as insiders for the rating process so we would expect a similar approach to our discussion on ERM.”

Most risk professionals – at least those with robust ERM frameworks – welcome the external oversight; however there is some way to go before the concepts are fully understood by players such as capital markets analysts.

“I think it is still early and market participants do have something to learn,” said Bell. “Those that begin to understand it will be able to separate themselves from those that don’t. It really gets to the heart of the bottom line and the value of the business: how well does the business understand its risks so it can set appropriate prices and optimise its returns on that level of risk.”

Firms, however, have a responsibility to educate external sources in the fineries of ERM in their organisation, Bell added. “With the analysts, responsibility sits with the businesses to ensure that they are providing education to the market,” he said. “With the rating agencies and regulators – those people that have access to some information that isn’t available to the public, they are getting a significant amount of disclosure currently. Certainly with rating agencies, we talk about our ERM approach front and centre. We take them through the frameworks that the directors have signed off. This includes our accountability models and how we manage risk/return and the tools we are developing to improve the management of our risks.”

  • Bookmark & Share
go back
Your comment
Risk management is the place for positive industry interaction and welcomes your professional and informed opinion.
eNewsletter

Breaking news, video interviews, opinion and analysis delivered straight to your inbox. Subscribe now
Categories

Home   |    Advertising   |    About Us   |    Contact Us   |    Privacy Policy  

© 2012 Key Media Pty Ltd.