ERM: the evolution of a balancing act.It's widely acknowledged that one of the culprits in the current economic crisis has been the underestimation or mismanagement mis·man·age tr.v. mis·man·aged, mis·man·ag·ing, mis·man·ag·es To manage badly or carelessly. mis·man  age·ment n. of
risk. No one ever imagined that real estate prices could actually go
down, so what was wrong with holding mortgages that might not be paid
down? Problems that plagued the financial-services industry quickly
spread throughout the global economy, and a global recession soon
followed.
Each decade seems to suffer some widespread economic problem that could have been avoided with prudent risk management. Although problems may vary from decade to decade, the global economy will always be fraught with uncertainty. Any company could benefit from enterprise risk management (ERM (Enterprise Relationship Management) An umbrella term with many shades of meaning over the years. It may refer to the management of information from any or all of an organization's customers, suppliers, business partners and employees. ), a structured and disciplined approach to evaluate and manage uncertainty. As Financial Executives Research Foundation celebrates its 65th anniversary of producing unbiased research that financial executives can implement, it's interesting to reflect on how risk management has evolved in organizations. FERF's first research study on risk management, International Risk Management, written in 1983, by Business International, was commissioned after political and cultural turmoil rocked the Middle East and Central America Central America, narrow, southernmost region (c.202,200 sq mi/523,698 sq km) of North America, linked to South America at Colombia. It separates the Caribbean from the Pacific. , resulting in losses to companies that did not foresee the turmoil. Many of the study's key recommendations are still relevant today. FERF's second research study, Foreign Exchange Risk Management: A Survey of Corporate Practices, written in 1995, by Henry Davis and Fred Militello Jr., was commissioned following the unraveling of the European Exchange Rate Mechanism European exchange rate mechanism (ERM) The system that countries in the European Union once used to pay exchange rates within bands around an ERM central value. and the decline of the dollar against the Japanese yen and the Deutsche mark. Again, the principal findings of this study are just as relevant today as in the 1990s. By the time FERF's 2001 study, Making Enterprise Risk Management Pay Off, was published, ERM was still a relatively new management discipline, and few companies had adopted it in a significant way. Looking to the future, it's always hoped that learning occurs from adversity. And perhaps the issues already identified will not be repeated. Yet, as time has shown, as the environment changes, new issues and challenges continuously crop up. --William M. Sinnett At the time the authors were researching what would eventually be Making Enterprise Risk Management Pay Off, published in 2001, ERM, was still a relatively new management discipline. Companies that had adopted ERM were not facing a global economic crisis, but instead were attempting to "create, protect and enhance shareholder value." The five pioneering firms in the study--Chase Manhattan (now part of JPMorgan Chase & Co. Inc.), E.I. du Pont de Nemours Du Pont de Ne·mours , Pierre Samuel 1739-1817. French-born economist and politician who took part in negotiations after the American Revolution (1783) and in the acquisition of the Louisiana Territory (1803). and Co., Microsoft Corp., United Grain Growers United Grain Growers, or UGG, was a Canadian grain distributor. Founded in 1906 in Winnipeg, UGG was active in grain sales, crop inputs and livestock production services. Ltd. (now part of Agricore United), and Unocal (now a unit of Chevron)--shared some common characteristics in their ERM implementation. These included: a formal, dedicated effort to identify all significant risks; the ranking of risks by severity (impact) and frequency (likelihood); the development and implementation of sophisticated and relevant risk metrics; and a senior management committed to drilling ERM into the decision-making processes at all levels of their organizations. Not surprisingly, the companies studied showed diversity in achieving these objectives. The study wrapped up convinced that these firms were committed to their ERM efforts and on the road to building future value from them. [ILLUSTRATION OMITTED] Eight years later, ERM is no longer the fledgling, somewhat trendy management initiative it seemed to be in 2001. With the debacles of the Enron-World-Com era and the recent global financial meltdown, ERM has sprung into the business arena as one of the strongest hopes for a future in which costly and even potentially catastrophic risks can be understood, evaluated and contained. However, managing the downside of risks needs to be balanced with the upside (the creating, protecting and enhancing the value side). If this article were being written for FERF's 60th anniversary--in 2004--the tone and content would be different. Within the last year, the world economy has been brought to the brink of a financial catastrophe not seen since the 1930s, forcing the United States government to commit billions upon billions of dollars to bail out many household-name companies. One company, American International Group
American International Group, Inc. (AIG) (NYSE: AIG; TYO: 8685 ) is a major American insurance corporation based in New York City. Inc., came close to bringing the U.S./global financial system to its knees through its involvement in credit-default swaps, stealth derivatives that were referred to by financial guru Warren Buffett Warren Buffett Known as "the Oracle of Omaha," Buffett is Chairman of Berkshire Hathaway and arguably the greatest investor of all time. His wealth fluctuates with the performance of the market, but for the last few years he has been reported to be worth over $30 billion, making as the financial equivalent of "weapons of mass destruction Weapons that are capable of a high order of destruction and/or of being used in such a manner as to destroy large numbers of people. Weapons of mass destruction can be high explosives or nuclear, biological, chemical, and radiological weapons, but exclude the means of transporting or ." Managements in the current era have the power not just to incur large losses for their companies, but actually to destroy shareholder value, wreck their firms and decimate dec·i·mate tr.v. dec·i·mat·ed, dec·i·mat·ing, dec·i·mates 1. To destroy or kill a large part of (a group). 2. Usage Problem a. years of growth, profitability and success. Identifying, assessing and managing risk by businesses has taken on an importance that is likely unprecedented in history. Still, much of risk management is in an evolutionary state. The assessment and measurement of risk--even financial risk--is not fully developed. The 2001 study pointed to metrics, such as value-at-risk and earnings-at-risk, as best practices measuring financial risks. But now, in 2009, critics have charged that many of the popular risk metrics are doomed to be ineffective in turbulent, unprecedented times because they rely heavily on the past as a predictor of the future. In an article in the December 2008 issue of Financial Executive, these authors made the claim that precedent is "the enemy of managing rare-event risks." Senior managers discussing their risk debacles before Congress and other forums last fall often argued that they were victims of unprecedented events. For example, former AIG AIG addressee indicator group (US DoD) AIG American International Group, Inc AiG Answers in Genesis (religious group in defense of Scripture) AIG Artificial Intelligence Group AIG Australian Industry Group Chief Executive Officer Martin Sullivan said in his testimony before Congress in October 2008 that "no disaster as massive as the unforeseen and unprecedented financial market disruption Market Disruption A situation where markets cease to function in a regular manner, typically characterized by rapid and large market declines. Market disruptions can result from both physical threats to the stock exchange or a unusual trading (as in a crash). that has occurred over the past year is the result of a simple or single cause." An effective ERM program rejects the notion that unprecedented is synonymous with unmanageable. Under ERM, managers seek to identify, assess and manage all risks; they reject the role of unwitting victim, helpless against the onslaught of the unexpected. Post-2001 ERM Developments In some organizations, unfortunately, ERM implementation from 2001 forward was driven mainly by risk debacles instead of by the desire for better corporate management and value creation. But in quick succession, Enron Corp., WorldCom Corp., Tyco International Ltd. and other large business frauds/failures have spurred the federal government and professional organizations into action. Some of these actions are highlighted as follows: * The Sarbanes-Oxley Act See SOX. of 2002. When President George W. Bush signed it, in July, 2002, he said that Sarbanes-Oxley included "the most far-reaching reforms of American business practices since the time of Franklin D. Roosevelt." There is no doubt that Sarbanes-Oxley brought about major new interest in ERM, but it is of note that "risk management" is mentioned only once in the act (in a different context), and ERM is not mentioned at all. The parts of Sarbanes-Oxley that triggered ERM momentum are Sections 302 and 404. Section 302 mandates "disclosure controls and procedures" so that issuers could disclose developments and risks of the business and noted that "an assessment" may be necessary. Section 404 requires an assessment of the effectiveness of internal control over financial reporting. Essentially, Sarbanes-Oxley focuses on risks related to financial-reporting issues. Some organizations--after complying with the Section 404 requirements for several years--saw an opportunity to expand their effort at risk identification and assessment to a full-scale ERM effort. Also, an impetus to expanding toward ERM from a more narrow focus on financial reporting risk was the U.S. Securities and Exchange Commission requirement for companies to disclose "risk factors" in section 1A of their 10-Ks. A robust ERM process should improve these disclosures. Following Sarbanes-Oxley, the SEC and Public Company Accounting Oversight Board The Public Company Accounting Oversight Board (or PCAOB) (sometimes called "Peekaboo") is a private-sector, non-profit corporation created by the Sarbanes-Oxley Act, a 2002 United States federal law, to oversee the auditors of public companies. (PCAOB PCAOB Public Company Accounting Oversight Board ) developed Section 404 guidance in the form of "top-down risk assessment." This type of control assessment focuses on the areas of the financial statements that are deemed the riskiest and dovetails nicely with an effective ERM implementation. However, the thrust of that guidance is still on financial-reporting risks--not ERM. * Increased Focus on Corporate Governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. . The Enron-WorldCom era produced a heightened interest in corporate governance as observers asked where the directors were. Directors themselves became increasingly concerned about their own oversight responsibilities and legal liabilities. In the current financial crisis, questions are again being raised about the role of boards in overseeing risk management. In fact, some boards have already been sued (such as AIG and Citigroup Inc.), forcing directors to take ERM training and development more seriously. Two very visible ERM-related governance initiatives have been the governance, risk-management and compliance (GRC GRC Greece (ISO Country code) GRC Glenn Research Center (NASA) GRC Governance, Risk and Compliance GRC Gendarmerie Royale du Canada (RCMP - Canada) GRC John H. ) movement and the New York Stock Exchange New York Stock Exchange (NYSE) World's largest marketplace for securities. The exchange began as an informal meeting of 24 men in 1792 on what is now Wall Street in New York City. listing rules on corporate governance. Early views of GRC driven by Sarbanes-Oxley concerns were focused on compliance issues and the development of information technology systems to track compliance. GRC was based on the presumption that effective risk management was impossible without strong governance controls, hence the placement of "governance" first in the moniker (1) A name, title or alias. See alias. (2) A COM object that is used to create instances of other objects. Monikers save programmers time when coding various types of COM-based functions such as linking one document to another (OLE). See COM and OLE. . By 2003, the NYSE NYSE See: New York Stock Exchange imposed Section 303A of its Listed Company Manual, "Corporate Governance Rules." Of particular relevance to ERM is the following: "While it is the job of the CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. and senior management to assess and manage the listed company's exposure to risk, the audit committee must discuss guidelines and policies to govern the process by which this is handled." In addition, Section 303A requires that an internal audit function "provide management and the audit committee with ongoing assessments of the company's risk management processes and system of internal control." * COSO's Integrated ERM Framework. In September 2004, the Committee of Sponsoring Organizations of the Treadway Commission
Committee of Sponsoring Organizations of the Treadway Commission (COSO), is a U.S. private-sector initiative, formed in 1985. (COSO COSO Committee of Sponsoring Organizations of the Treadway Commission COSO Church of Spiral Oak COSO Corporate South COSO Class of Service Override COSO Combat Oriented Supply Operations (USAF) ) published its Integrated Framework for ERM. This was particularly significant because it provided U.S. businesses with an accepted and established ERM framework that could be used to implement and gauge ERM efforts. With the ERM framework, COSO's aim was to furnish "key principles and concepts, a common language, and clear direction and guidance" for ERM implementation. A broader objective was to assist managers in determining how much risk they are prepared to accept, and actually do accept, in value creation. A number of global efforts in developing ERM frameworks are particularly noteworthy, including the Australian/ New Zealand New Zealand (zē`lənd), island country (2005 est. pop. 4,035,000), 104,454 sq mi (270,534 sq km), in the S Pacific Ocean, over 1,000 mi (1,600 km) SE of Australia. The capital is Wellington; the largest city and leading port is Auckland. Standard, the Turnbull Report (England), the forthcoming ISO (1) See ISO speed. (2) (International Organization for Standardization, Geneva, Switzerland, www.iso.ch) An organization that sets international standards, founded in 1946. The U.S. member body is ANSI. 31000, Risk Management - Principles and Guidelines on Implementation and the King committee's Report on Governance in South Africa (King III). * Standard & Poor's and ERM. In May 2008, Standard & Poor's announced that it would explicitly incorporate ERM evaluations into its ratings process for nonfinancial companies. (S&P had been including ERM evaluation in its ratings of financial institutions and insurance companies since 2005.) This may be one of the most important ERM developments of all, since it directly links ERM with a company's cost of capital in a way that even the most hard-nosed businessperson can understand: better ERM can lead to lower capital costs. To wit, here are two recent examples from the insurance industry: S&P raised SCOR SCOR Scientific Committee on Oceanic Research SCOR Supply Chain Operations Reference model SCOR Small Corporate Offering Registration SCOR Specialized Center of Research (White Plains, NY) SCOR Second Cousin Once Removed SE, the French reinsurer re·in·sure tr.v. re·in·sured, re·in·sur·ing, re·in·sures To insure again, especially by transferring all or part of the risk in a contract to a new contract with another insurance company. , from A-minus to A, and cited the company's "commitment to building a strong enterprise risk management program." Around the same time, S&P lowered Bermuda-based Everest Re Group Ltd. from A-minus to BBB-plus and included this comment in its explanation: "Everest's enterprise risk management program is adequate, but the implementation of a more robust program has been slower than expected." * Other Developments. Among other important ERM-related developments: * Nonprofit organizations, such as colleges and universities, have begun adopting ERM. * All the major consulting firms now offer ERM advisory services advisory services advisory services provided to the public, in their capacity as owners and managers of animals, are an important part of veterinary science. They may be provided by government bureaux, by commercial companies who deal in pharmaceuticals or animals or animal . * ERM courses are being added to higher-education graduate and undergraduate curricula and executive course offerings. * Boards of directors are seeking ERM guidance. * Improved ERM metrics are being developed. For example, Jim Laney, director of ERM at Textron Inc. notes: "We are a Six-Sigma company. We measure everything. We measure the risk impact and likelihood and the ERM process effectiveness as well." Effective ERM Fueled by government regulation, corporate failures and now the global financial crisis, the ascent of ERM into corporate consciousness since 2001 has been surprisingly quick and widespread. A 2008 Towers Perrin survey revealed that 72 percent of the study's chief financial officers rated their companies' risk management practices in their top three concerns. Senior managers desirous de·sir·ous adj. Having or expressing desire; desiring: Both sides were desirous of finding a quick solution to the problem. de·sir of implementing an ERM system, or making their present system better, should consider a short list of lessons that have become apparent of late (a few learned the hard way). Some are extensions of the authors' 2001 findings. Having an ERM system is good but having a strong ERM system is excellent. Here are several suggestions: * Integrate the ERM process into the company's strategy. Ensure that it is embedded in all levels of decision making throughout the organization. The balanced scorecard Balanced Scorecard A performance metric used in strategic management to identify and improve various internal functions and their resulting external outcomes. The balanced scorecard attempts to measure and provide feedback to organizations in order to assist in implementing works well in this effort. An ad hoc For this purpose. Meaning "to this" in Latin, it refers to dealing with special situations as they occur rather than functions that are repeated on a regular basis. See ad hoc query and ad hoc mode. ERM system is doomed to be given lip service at worst or deemed an after-thought at best. * Understand the organization's stakeholders' risk appetite. Then plan accordingly. * Understand the business's major risks. Don't be blindsided by lack of knowledge; saying that you did not think of it is "not acceptable." * Ensure that corporate governance is strong. In the face of weak corporate governance, ERM is likely to flounder flounder: see flatfish. flounder Any of about 300 species of flatfishes (order Pleuronectiformes). When born, the flounder is bilaterally symmetrical, with an eye on each side, and it swims near the sea's surface. . Recall the order of the letters in the GRC acronym: governance comes before risk management. * Develop as many meaningful risk metrics as possible and use them. The old maxim, "What you measure is what you get" is especially true here. Look to sophisticated tried-and-true initiatives such as Six Sigma for help. * Link compensation to risk in intelligent ways. Don't make the mistake of rewarding the upside but not penalizing the downside. It appears that some financial-services firms were awarding large bonuses for both good and poor risk management. * Don't dismiss the risk of high-impact, rare event risks as unmanageable. Many of these can be catastrophic, value-destroying debacles. They may also turn out to be less rare than previously thought. With hindsight, AIG's board cir-ca-2007 would have been happy to sidestep side·step v. side·stepped, side·step·ping, side·steps v.intr. 1. To step aside: sidestepped to make way for the runner. 2. the credit-default-swap business! * Consider taking a risk management version of the physician's Hippocratic oath Hippocratic oath ethical code of medicine. [Western Culture: EB, 11: 827] See : Medicine , one that pinpoints the ability to wreak havoc with poor risk management: "Above all, do no harm!" RELATED ARTICLE: FERF FERF Financial Executives Research Foundation FERF Far End Reporting Failure FERF Far End Receive Failure Research Reports on Risk Management Over the Years 1983: International Risk Management:Experiences and Practices, by Business International Corporation 1995: Foreign Exchange Risk Management: A Survey of Corporate Practices, by Henry A. Davis and Frederick C. Militello, Jr. 2001: Making Enterprise Risk Management Pay Off, by Thomas L. Barton, William G. Shenkir, Paul L. Walker. Executive Reports 2006-07: A Top-Down Approach Top-down approach A method of security selection that starts with asset allocation and works systematically through sector and industry allocation to individual security selection. to Risk Management and Internal Control, by R. Malcolm Schwartz: Issue #1: Having a Business-Process Focus Tied to Business Planning, 2006 Issue #2: Using an Aggregated Risk Assessment, 2006 Issue #3: Using a Process Point of View, 2007 Issue #4: Relying on Ongoing Monitoring, 2007 2008: Fraud Risk Checklist: A Guide for Assessing the Risk of Internal Fraud, by Gary A. Rubin, 2008 The first in a series of articles highlighting Financial Executives Research Foundation research over the past 65 years, this article looks at the evolution of risk management. The goal of FERF research is advancement through knowledge that is relevant and practical for organizations. Thomas L. Barton, Ph.D., CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. , is the Kathryn & Richard Kip Professor of Accounting, at the Coggin College of Business at the University of North Florida The University of North Florida (UNF) is a public university in Jacksonville, Florida. It currently has an enrollment of more than 16,000 students and employs over 500 full-time faculty. The current president is former Jacksonville mayor John Delaney. . William G. Shenkir, Ph.D., CPA, is the William Stamps Parish Professor Emeritus and Paul L. Walker, Ph.D., CPA, is an associate professor--both at the Mclntire School of Commerce at the University of Virginia. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion