ERM: embracing a total risk model; Enterprise risk management (ERM) is fast joining the business lexicon for more and more companies as increasing regulatory, legislative or stock exchange rules demand that senior executives and corporate boards certify their knowledge of current and future risks and the programs in place for managing those risks.Don't tell Mike Gardner that enterprise risk management (ERM (Enterprise Relationship Management) An umbrella term with many shades of meaning over the years. It may refer to the management of information from any or all of an organization's customers, suppliers, business partners and employees. ) shouldn't be a major "do-or-die," board-sanctioned effort at corporations worldwide. Vice president of Audit Services at Providence, R.I.-based Textron Corp., Gardner had already structured a major ERM effort at his former employer, Hillebrand Industries Inc. in Indiana. When he subsequently was hired by Textron as Vice President of Internal Audit and it became more interested in ERM, he was asked to evaluate the applicability of ERM for Textron as well. He advises other companies to follow suit--as quickly as possible. [ILLUSTRATION OMITTED] Never mind that the evolution of ERM, in both theory and practice, is in its infancy--with nay-sayers who believe there's no need for it, and many senior executives and board members who still believe effective risk management need be nothing more than what it has been traditionally: keeping hazard and financial risks under control. Never mind, too, that there are plenty of executives who would simply think no more about risk management under any name or title--now that they've dealt with the Section 404 compliance requirements Compliance requirements are a series of directives established by United States Federal government agencies that summarize hundreds of Federal laws and regulations applicable to Federal assistance (also known as Federal aid or Federal funds). of The Sarbanes-Oxley Act See SOX. of 2002. A Global Sprint Toward ERM Gardner is not alone in his keen interest in ERM. Fueled by new exchange rules, regulatory initiatives around the globe and a bevy bevy a flock of birds. of reports that link good corporate governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. with effective risk management, attention is turning to ERM. Some are entering the ERM arena reluctantly, while others view it as something of a "second coming"--much like the total quality programs of yesteryear--that will save companies from any number of current and future ills while providing significant competitive advantages along the way. No hard numbers exist for all industries, but Rick Funston, a managing director at Deloitte, estimates that somewhere between a third and half of the Fortune 500 companies are looking at or have launched ERM initiatives. Not surprisingly, financial services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. firms have long led the way, and it's not just investment and commercial banks; the insurance industry, too, is widely and increasingly embracing ERM, according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. successive annual reports from Tillinghast Towers-Perrin. Abroad, Australian, Canadian and British companies have led the way. "Already everybody feels safer," says Craig Raymond Craig Raymond (born April 5, 1945 in Aberdeen, Washington) is an American former professional basketball player. A 6'11" center from Brigham Young University, Raymond was drafted by the Philadelphia 76ers with the twelfth pick of the 1967 NBA Draft. , who was appointed chief risk officer (CRO) for The Hartford Financial Services Group last October to promote a more holistic approach holistic approach A term used in alternative health for a philosophical approach to health care, in which the entire Pt is evaluated and treated. See Alternative medicine, Holistic medicine. to managing risk across its three operating units operating unit A type of operating company that engages in transactions with outsiders and that is owned by another business. For example, in 1995 the stockholders of Capital Cities/ABC approved a $19 billion merger with the Walt Disney Company, whereupon , which include the life side (Hartford Life), Hartford Fire, the property and casualty (P & C) side and the business and investment management company, Hartford Investment Management. At the same time Raymond was hired, the company created new CRO positions for each of those units. "As we started looking at things from more of an enterprise level, we realized that they needed to be rolled up together," Raymond explains. "In contrast, prior to 9/11, we viewed the life and P & C risks as independent." Board members are demonstrating interest as well. Says Barbara Colwell, a member of the audit committee at Mutual Trust Life Insurance Co. and on the audit and compensation committees at Publishers Clearing House: "ERM is a good concept, and I think all intelligent risk managers and board members should concern themselves with it." Why Be Concerned with ERM? At its most basic, ERM is a means of determining all the risks a company faces, both currently and in the near and long-term future--regardless of whether those exposures have been historically insurable or able to be hedged through the financial markets. That description may sound too "mid-management" and technical to attract the interest and attention of boards and senior management, but nothing is further from the truth. Companies should and must care about ERM, for a variety of reasons. First, increasingly, regulatory and legislative requirements, as well as a boatload boat·load n. The number of passengers or the amount of cargo that a boat can hold. Noun 1. boatload - the amount of cargo that can be held by a boat or ship or a freight car; "he imported wine by the boatload" of rules being issued by stock exchanges globally, require or strongly suggest that corporate boards and senior executives certify cer·ti·fy v. cer·ti·fied, cer·ti·fy·ing, cer·ti·fies v.tr. 1. a. To confirm formally as true, accurate, or genuine. b. publicly that they are aware of all of their current and future risks, and that they have effective programs in place for managing those risks. Indeed, Sarbanes-Oxley asks a variation of this, as do new NYSE NYSE See: New York Stock Exchange rules now coming into effect. Among the countries pressing companies to "tell all" about their risk management strategies--due either to legislation or exchange rules--are Canada, the United Kingdom, Germany, the Netherlands, Australia and New Zealand New Zealand (zē`lənd), island country (2005 est. pop. 4,035,000), 104,454 sq mi (270,534 sq km), in the S Pacific Ocean, over 1,000 mi (1,600 km) SE of Australia. The capital is Wellington; the largest city and leading port is Auckland. . In some cases, requirements have been legislated; in others, like Australia and New Zealand, they are simply recommended. Requirements aside, corporate executive proponents of ERM cite a number of expected--but by no means guaranteed--benefits. Those benefits derive broadly from a rejection of the traditional backward-looking approach to corporate risk: that it has only a downside Downside The dollar amount by which the market or a stock has the potential to fall. Notes: You might hear someone say that the downside on stock XYZ is $10. What that means is that the stock could fall by this amount if things got bad. that can cost the company hard dollars, its reputation and shareholder value, and that managing risk is limited to protecting physical assets already on the books. Instead, with ERM, forward-looking companies are focused on the upside Upside The potential dollar amount by which the market or a stock could rise. Notes: This is basically an educated guess on how high a stock could go in the near future. See also: Bull, Downside as much as the downside of risk. Now, the company is also focused on thinking of risks it may take, both now and in the future, and how to possibly contribute to overall financial performance in positive ways and ultimately add shareholder value. Bottom line, proponents of ERM are driving a sea change in thinking about how corporations manage risk with a positive focus on risk management, rather than a negative one. Explains Hubert Mueller, a principal at Tillinghast-Towers Perrin in Hartford: "There are always two sides to ERM. One involves the benefits side, where you're creating value by being able to exploit situations. Here, if you can manage a particular risk you can, for instance, bring out new products that others can't because they're not managing the same risk as well. You might, for instance, be exploiting a natural hedge that they're not." In the second situation, Mueller notes, ERM creates value by avoiding losses. This is, of course, still the biggest area of ERM, "avoiding insolvency risks Insolvency risk The risk that a firm will be unable to satisfy its debts. Also known as bankruptcy risk. or earnings volatility, for instance. If you can use ERM to reduce your GAAP GAAP See: Generally Accepted Accounting Principles GAAP See generally accepted accounting principles (GAAP). (generally accepted accounting principles The standard accounting rules, regulations, and procedures used by companies in maintaining their financial records. Generally accepted accounting principles (GAAP) provide companies and accountants with a consistent set of guidelines that cover both broad accounting ) volatility, you will have a better standing in the analyst community," he argues. The upshot of this two-sided approach is evident. Mueller says, "Four or five years ago, companies would blindly follow the competition, if someone did something. Today, through ERM, managers might say, 'Maybe we should explore that, but we shouldn't do it until we have explored the risks.' They'll ask, 'Can we afford it?' or, 'Will it jeopardize jeop·ard·ize tr.v. jeop·ard·ized, jeop·ard·iz·ing, jeop·ard·izes To expose to loss or injury; imperil. See Synonyms at endanger. the future of the company?'" Others describe how crucial ERM is in different ways. To John R.S. Fraser, ERM "really boils down to being a process for how a company allocates its resources." As vice president of internal audit and CRO at Hydro One Hydro One Incorporated delivers electricity across the Canadian province of Ontario. It is a Crown corporation wholly owned by the Government of Ontario. Hydro One traces its history to the early 20th century to the establishment of the Hydro-Electric Power Commission of Inc. in Ontario, Fraser established the company's ERM process in late 1999. "I'm talking I'm Talking was a 1980s Australian funk-pop rock band, noted for launching vocalist Kate Ceberano. History After the break-up of the Melbourne-based experimental funk band Essendon Airport in 1983, members Robert Goodge (guitar), Ian Cox (saxophone) and Barbara Hogarth about things like the dollars and time needed to achieve the organization's agreed-upon business objectives, based on a common understanding of the risks to those objectives," Fraser explains. For ERM to be effective, companies need to have a systematic way of providing the board with the top 10 risks to the company's business. "Without ERM," Fraser says, "most [boards] do it on an ad hoc For this purpose. Meaning "to this" in Latin, it refers to dealing with special situations as they occur rather than functions that are repeated on a regular basis. See ad hoc query and ad hoc mode. or reactive basis. But in the end, you have to ask: 'Do the board, management and staff share a commonly agreed-upon definition and tolerance for risk?'" Ultimately, proponents say that a properly administered program can help companies better utilize capital and reduce its costs. "People ask how strategic risk management can really add value," says Dr. James Verbrugge, until recently director of the Center for Strategic Risk Management, created about 18 months ago at the Terry School of Business at the University of Georgia Organization The President of the University of Georgia (as of 2007, Michael F. Adams) is the head administrator and is appointed and overseen by the Georgia Board of Regents. in Athens. "What you're really trying to do is organize systems and processes that increase the firm's risk-adjusted return Risk-Adjusted Return A measure of how much risk a fund or portfolio takes on to earn its returns, usually expressed as a number or a rating. Notes: This is often represented by the Sharpe Ratio. The more return per unit of risk, the better. on capital," he says, noting, "That's the hard-core economics of it." Verbrugge also says that successful risk management allows you to have a lower cost of capital, and if you do that, it allows you to add value to the firm. "If you reduce the chance of financial stress, you add value." [ILLUSTRATION OMITTED] A laundry list laundry list A popular term for a long list of Sx, diseases, or etiologies that share something in common–eg, differential diagnosis of acute abdomen of other benefits may accrue as well. Among them: Creating companies whose component parts work more cohesively; enabling companies to better manage and protect their reputations as they face man-made and natural disasters ranging from product tampering tampering The adulteration of a thing. See Drug tampering. to hurricanes and terrorism; helping companies fend off Verb 1. fend off - prevent the occurrence of; prevent from happening; "Let's avoid a confrontation"; "head off a confrontation"; "avert a strike" deflect, forefend, forfend, head off, avert, stave off, ward off, avoid, debar, obviate additional regulatory and legislative assaults on how they run their businesses; and providing a competitive advantage against those who simply manage risks the "old" way. [ILLUSTRATION OMITTED] Many proponents also believe that a well-designed ERM program will help corporate executives defend themselves against criminal lawsuits of the sort that have been filed against former Enron, Tyco and WorldCom executives. As such, simply stated, ERM may help board members and senior executives stay out of jail. "Proposed new U.S. sentencing guidelines that were issued late last year may offer a lot of help to board members and senior executives," suggests Randy Nornes, a managing director at Aon Risk Services, the Chicago-based consulting arm of insurance brokerage Aon Corp. These guidelines propose "that companies be required to conduct a formal risk assessment. If companies do this, their boards and senior executives may be able to defend themselves better in court. Now they can't just ignore this and say, 'I didn't know that this was going on,'" he explains. Program Construction Problematic Even with rapidly growing enthusiasm for ERM, issues abound around concerns important to both selling the concept and then shaping an effective program that will be successful long term. Among the issues: * Making board members aware of what it is, why they need to be involved and how it can benefit the company financially and strategically remains a work in progress. Without effective top-down, ongoing board support, no ERM initiative can be successful, either short- or long-term, particularly if sufficient ongoing resources aren't provided. * Stressing that ERM is neither a "program du jour du jour adj. 1. Prepared for a given day: The soup du jour is cream of potato. 2. Most recent; current: the trend du jour. " or consultant "flavor of the day." It is, indeed, a long-term investment that needs involvement of board members, executives and employees at all levels. A major potential issue in accomplishing this goal is that in light of Sarbanes-Oxley and other post-Enron developments, companies may likely view ERM as simply another regulation being imposed on them rather than new "ground rules" that, if followed enthusiastically, have the potential to provide global competitive advantage and enhance shareholder value. * Some board members aren't convinced of the need for ERM, arguing that it is simply a new nom de guerre nom de guerre n. pl. noms de guerre A fictitious name; a pseudonym. [French : nom, name + de, of + guerre, war.] Noun 1. for what they've always done: run their companies well. "Well-run companies have been doing ERM all along, it just hasn't been called that," says Warren L. Batts. Batts is a retired CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of Chicago-based Premark International, and now adjunct professor at the University of Chicago Business School who is also a former audit committee chair of Sears, Roebuck & Co., Sprint and Cooper Industries Cooper Industries NYSE: CBE is one of the oldest large companies in the United States, having been founded in 1833 as a partnership in Mount Vernon, Ohio. Incorporated in Ohio as The C. & G. Inc. "Risk management should be imbued throughout the organization, and you don't need a name or a program called 'ERM' to make sure that's happening. The attitude and the culture starts with the CEO, and moves downward throughout the company," he argues. [ILLUSTRATION OMITTED] Nevertheless, even board members are being won over to a broader interpretation of ERM and its potential. For instance, board support clearly was important at Hillebrand, Gardner says. There, board member Ray Hillebrand "provided full-blown support and as a result it's up and running fairly well," he reports. At The Hartford, Raymond says that the directive to create the CRO position and its ERM efforts "came from the office of the chairman, the president and his direct reports." He adds, "It went to the CFO See Chief Financial Officer. as an initiative to address this year." That chairman-level support will remain crucial, he says. [ILLUSTRATION OMITTED] * In some cases, board chairmen have directly initiated a company's ERM efforts. That was the case at the Export Development Bank of Canada Bank of Canada Canada's central bank, established under the Bank of Canada Act (1934). It was founded during the Great Depression to regulate credit and currency. The Bank acts as the Canadian government's fiscal agent and has the sole right to issue paper money. (Canada's equivalent of the U.S. Export-Import Bank Export-import Bank (Ex-IM Bank) The U.S. federal government agency that extends trade credits to U.S. companies to facilitate the financing of U.S. exports. ), says Patrick Lavelle, its chair and a director from 1998 to 2002. "The real spur that got us into ERM was the fact [that] I saw we were a board asked to approve all kinds of transactions and insurance arrangements without having knowledge of the broader impact of those decisions on the corporation," says Lavelle. "This was a process that was totally unacceptable to me, particularly when we were doing large loans to the aerospace and computer industries and our biggest borrowers were companies like Bombardier Inc., which, of course, ran into tremendous financial difficulties." * Also, companies involved with ERM are struggling to figure out what specific information they need to detail their specific exposures and to provide quantitative data that ERM will provide the financial payoffs that might turn the heads of shareholders, analysts and others. Says Deloitte's Funston, who is a big ERM proponent One who offers or proposes. A proponent is a person who comes forward with an a item or an idea. A proponent supports an issue or advocates a cause, such as a proponent of a will. PROPONENT, eccl. law. : "We are at the same point with ERM as quality was in the 1970s. That is, people from the board on down are saying, 'Show me how quality makes a difference, show me the business case.' As a result of those questions, a lot of studies called 'cost of quality' had to be done. Boards had to be shown the cost of poor quality and the cost of good quality, and now you're seeing demand for the same type of information and data in the ERM arena." Without those numbers, managers and employees--as well as boards--may not invest in the ERM process, thus, setting it up for failure. Referring to the quality movement, Funston notes, "Managers would say, 'My job is production, and now you're asking me to do quality on top of it. Where are the extra resources to go with it?' Of course, it ended up that the costs of poor quality were rework re·work tr.v. re·worked, re·work·ing, re·works 1. To work over again; revise. 2. To subject to a repeated or new process. n. , customer dissatisfaction and higher costs. To deal with that, corporations finally learned that quality had to be built into everyone's job." * The inability to provide specific possible savings or enhanced financial results--given the infancy of ERM--troubles some executives and board members, but doesn't bother those with programs already in the works. "The argument that you can't offer specific financial numbers on ERM regarding cost improvements or improved financial results as a reason for not getting involved in ERM is nonsense," says Textron's Gardner. "Any astute person will say that companies face risks and that you're better positioned to manage and benefit from effective ERM, regardless of whether you can provide specific quantification." * The recently issued framework for ERM by the London-based Treadway Commission's Committee of Sponsoring Organizations (COSO COSO Committee of Sponsoring Organizations of the Treadway Commission COSO Church of Spiral Oak COSO Corporate South COSO Class of Service Override COSO Combat Oriented Supply Operations (USAF) ). There is no requirement to use the framework, but it carries weight because it is viewed by some as a major attempt to provide potential "best practices" for ERM. * Some executives and board members think of ERM solely as a control and accounting issue--understandable, given Sarbanes-Oxley and COSO's new ERM model. That could be dangerous, since ERM covers a broad array of exposures beyond control and accounting issues, and corporate executives and board members may mistakenly think that they're covering all their ERM exposures if they implement the COSO model. James Lam, president of Waltham, Mass.-based James Lam and Associates, a risk management consulting Noun 1. management consulting - a service industry that provides advice to those in charge of running a business service industry - an industry that provides services rather than tangible objects firm and author of Enterprise Risk Management: From Incentives to Controls, explains: "As a general management framework, COSO is useful in providing a set of standards for ERM, but its bias is more from a governance, compliance and audit perspective, covering things like authorization, documentation and monitoring activities. To that extent to audit committees and senior managers, say, 'Here's a list of standards and recommendations, how are we doing against this checklist?' But, Lam says, it does not fully represent the full spectrum of ERM activities. "What's missing is coverage of ERM from a business and management perspective--for instance: how do we optimize risk/return tradeoffs, customer management, risk-adjusted pricing and product development? Those types are not fully fleshed out. So from an audit perspective, it might be exactly what they need, but audit is an episodic episodic sporadic; occurring in episodes. e. falling a paroxymal disorder described in Cavalier King Charles spaniels in which affected dogs, starting at an early age, experience episodes of extensor rigidity, possibly brought on by stress. e. process--once a year. From a business perspective, you need to be more dynamic." Many companies implementing ERM programs say they'd like to implement best practices and benchmark themselves both against competitors and companies in other industries. That's difficult to do, since there is presently no agreed-upon definition of what "best practices" means within the same industry or across different industries. Companies need to benchmark if their ERM programs are going to survive long-term, Lam says. "It's important that you benchmark as a means of helping develop a vision and long-term plan for risk management," he says. "Very often, ERM programs don't work because they don't have these long-term plans. It's often a multi-year practice, but benchmarking allows you to see gaps and gives you an idea of how long it will take to close the gap for the company, how to prioritize pri·or·i·tize v. pri·or·i·tized, pri·or·i·tiz·ing, pri·or·i·tiz·es Usage Problem v.tr. To arrange or deal with in order of importance. v.intr. and sequence those initiatives." COSO's framework is ballyhooed as the best stab yet at establishing best-practices standards, but it falls short of what's needed. Deloitte's Funston calls COSO "a big step forward ... but the model is flawed, in some ways fatally fa·tal·ly adv. 1. So as to cause death; mortally: fatally injured. 2. So as to result in disaster or ruin. 3. According to the decree of fate; inevitably. Adv. 1. . But it does give us our first lexicon." He notes that there is "a tremendous interest in the market in finding out what works and what doesn't." The first request he says he gets from a company is wanting to know what other companies are doing, particularly at a point in time. "They don't know Don't know (DK, DKed) "Don't know the trade." A Street expression used whenever one party lacks knowledge of a trade or receives conflicting instructions from the other party. what best leading practices are now, and what kinds of presentations their boards need to have," he argues. "How do you assess the risks? What are the icebergs versus the ice cubes? The information simply isn't there," Funston comments. "Sometimes I struggle with what is meant by 'best practices.' I am currently spending a lot of time networking with my peers about what best practices might be," says The Hartford's Raymond. "I'm not just interested in what's most commonly done, but what will make this an effective, impactful role. So I'm in the process of formulating an approach and what we want to do with this role." Act ... Sooner, Not Later Whatever the challenges of implementing an ERM program, it's clear that corporate boards and executive management need to address the issues now. A key reason: It's not just the NYSE and other regulators who will be looking at how well they manage risk. "There are so many parties that will be keeping an eye on what companies do in the ERM area," says Mueller. "In some cases, the board itself will ask senior management challenging questions. And, if it's not the board, it will be external groups--like the ratings agencies and analysts. In the end, the ratings agencies will be all over them if they don't have a good ERM in place." The good news: companies don't have to be on the defensive to be or stand in a state or posture of defense or resistance, in opposition to aggression or attack. See also: Defensive . If they're proactive now, they can turn the tables. Mueller points to The Hartford as an example. "They have a very good ERM process all the way up to the CEO, who can answer any analyst's question about risk management, and people have noticed," he says. "In their case, the agencies have taken parts of their ERM process and made that the industry standard." The agencies took note of The Hartford's risk program for variable annuities Variable annuities Investment contracts whose issuer pays a periodic amount linked to the investment performance of an underlying portfolio. . "They had a good program for hedging the downside of risk of their variable annuities program," Mueller explains. "They sat the analysts down, explained what they were doing, and the analysts turned around and said, 'Now we understand what a good company does.' So now, everyone else is trying to catch up with them." RELATED ARTICLE: Hallmarks of Best-Practice ERM 1. Engaged senior management and board of directors that set "the tone from the top" and provide organizational support and resources. 2. Independent ERM function under the leadership of a chief risk officer (CRO), who reports directly to the CEO with a dotted line to the board. 3. Top-down governance structure with risk committees at the management and board levels, reinforced by internal and external audit. 4. Established ERM framework that incorporates all of the company's key risks: strategic risk, business risk, operational risk, market risk and credit risk. 5. A risk-aware culture fostered by a common language, training and education, as well as risk-adjusted measures of success and incentives. 6. Written policies with specific risk limits and business boundaries, which collectively represents the risk appetite of the company. 7. An ERM dashboard technology and reporting capability that integrates key quantitative risk metrics metrics Managed care A popular term for standards by which the quality of a product, service, or outcome of a particular form of Pt management is evaluated. See TQM. and qualitative risk assessments. 8. Robust risk analytics to measure risk concentrations and interdependencies, such as scenario and simulation models. 9. Integration of ERM in strategic planning Strategic planning is an organization's process of defining its strategy, or direction, and making decisions on allocating its resources to pursue this strategy, including its capital and people. , business processes and performance measurement. 10. Optimization of the company's risk-adjusted profitability Risk-adjusted profitability A probability used to determine a "sure" expected value (sometimes called a certainty equivalent) that would be equivalent to the actual risky expected value. via risk-based product pricing, capital management and risk-transfer strategies. Source: James Lam & Associates Inc. Lawrence Richter Quinn (larry_quinn1@hotmail.com) is a Washington, D.C.-based freelance writer who writes on business and financial subjects. |
|
||||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion