Measuring risk: enterprise risk management takes a holistic approach.Even before Sept. 11 knocked insurance premiums into the stratosphere stratosphere (străt`əsfēr), second lowest layer of the earth's atmosphere. The level from which it extends outward varies with latitude; it begins c.5 1-2 mi (9 km) above the poles, c.6 or 7 mi (c. , JoAnn Ralph began telling her clients that the days of easy insurance coverage were coming to an end. Her advice? Prepare for inevitable premium increases by looking for Looking for In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with. other ways to mitigate risk. Ralph, a risk management partner in the New Jersey office of Rothstein, Kass & Company, CPAs, uses a holistic approach holistic approach A term used in alternative health for a philosophical approach to health care, in which the entire Pt is evaluated and treated. See Alternative medicine, Holistic medicine. to assess corporate risk and get the big picture. Enterprise risk management is a broader method than traditional risk management for managing hazards that could hit a company and ultimately affect its bottom line. While risk management tends to address a business' risk on a segment-by-segment basis, ERM (Enterprise Relationship Management) An umbrella term with many shades of meaning over the years. It may refer to the management of information from any or all of an organization's customers, suppliers, business partners and employees. looks at the whole company and the impact of one sector's performance on the other. Insurance premiums were more affordable before the stock market faltered two years ago. "When the stock market was doing extremely well, insurance companies were willing to sacrifice underwriting for investments," notes Ralph. Then the bottom fell out. On top of that came Sept. 11. Add Enron to the stew, and everyone, it seems--from investors to CEOs--has the jitters jitters 'Butterflies' Psychology An episode of nervousness or anxiety that often precedes a public event; jitters is a type of performance anxiety which may affect actors in a stage production–stage fright or soloist musicians; it may respond to anxiolytics . "There is absolutely zero tolerance The policy of applying laws or penalties to even minor infringements of a code in order to reinforce its overall importance and enhance deterrence. Since the 1980s the phrase zero tolerance has signified a philosophy toward illegal conduct that favors strict imposition of in the markets right now for missteps, any kind of negative news," notes Bruce Meikle, managing partner of Deloitte & Touche's enterprise risk services group. Now with insurance companies doubling and in some cases tripling their premiums, companies are seeing that a holistic approach to managing risk is the best way to keep costs under control. "When you talk about enterprise risk management, you're looking at credit risk, you're looking at currency risk, you're looking at investment risk, you're looking at physical risk, and all of these different things that could affect the bottom line," says Ralph. "Most people think of insurance as only the transfer of risk, and that's not true." NO MORE CHECK THE BOX Historically, internal auditors Internal auditor An employee of a company who analyzes the company's accounting records to that the company is following and complying with all regulations. have performed risk management that is protective in nature and compliance-oriented. This has evolved into a more dynamic, systematic approach of seeking out potential risk, heading it off at the pass and putting the systems in place for mitigating that risk. Scot Clover clover, any plant of the genus Trifolium, leguminous hay and forage plants of the family Leguminosae (pulse family). Most of the species are native to north temperate or subtropical regions, and all the American cultivated forms have been introduced from , a partner with Ernst & Young's business risk services group sums up the process: "We ask: 'What are the company's goals and objectives? What can get in the way of achieving those goals and objectives?' and, 'Can we do an assessment of those and help them figure out the path to get there?'" Says Lance Ewing, risk manager for Las Vegas-based GES GES GTN (Global Transportation Network) Exercise System GES General Estimates System (NHTSA) GES Ghana Education Service GES Government Economic Service (UK) Exposition Services, "Risk management is not risk avoidance. Risk is calculated. Las Vegas--that's really true gambling. But really, gambling lends itself toward the house. We want to move things toward our side of making it a gain and not a loss." Using cash management as an example, Meikle explains: "When addressing the cash operations of a business, there are some basic things that need to be asked: Are we billing timely? Are we collecting what we bill? When we collect it, are we depositing the cash quickly into the bank? These are not generally insurable activities, yet you need to make sure that nobody's misappropriating the cash when it comes in--that you've properly billed that invoice for the service you've delivered." Another uninsurable uninsurable Health insurance A high-risk person without health care coverage through private insurance who falls outside the parameters of risks of standard health underwriting practices. See Underwriting. risk is product quality. Notes Meikle, "You can insure your equipment on the manufacturing floor, and you can insure your people against injuries, but what processes do you undertake to ensure that they produce a product that meets the customer's quality requirements? You can't insure that part of the business." The cornerstone of enterprise risk management is understanding the risk exposures facing the company and managing them to tolerable levels, either through assessing ways to maximize available insurance coverage and lower premiums or by implementing risk-management processes. MANAGE UNINSURABLE RISK In the past, the risk manager of a large company dealt with insurance risks and the CFO See Chief Financial Officer. dealt with financial risks. "Often there wasn't a discussion of how one interplayed With the other," notes Ralph. For example, "The one problem of 'We've got turnover's is probably showing up in many different-places," says Ralph. "By looking at it with a holistic approach, we don't just have the HR person asking, "How do we retain employees?' We also have operations people asking, 'Are people bored? Are they angry? Is there talk of a layoff?"' SMALL COMPANIES CAN BENEFIT Ralph says ERM has been allow to catch fire with smaller businesses that could benefit from it as much as the larger companies now using the approach. Small businesses see risk management as insurance, or a cost, not something that brings in money. So it then becomes a CPA's' challenge to show their clients that the extra "cost" of enterprise risk management consulting Noun 1. management consulting - a service industry that provides advice to those in charge of running a business service industry - an industry that provides services rather than tangible objects actually will save them money. "Risk management itself has not been given a whole lot of credibility by business," says Ralph. But as a business begins to focus on a problem such as spending to much on insurance, or too much lost productivity, this is when the ERM consultant can make their value know. Ralph adds, "Very often, just having a discussion, you can get a sense of things that are happening in the organization that the CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. or the CFO might not connect to risk management and how it can cross over different lines of operations Lines that define the directional orientation of the force in time and space in relation to the enemy. They connect the force with its base of operations and its objectives. ." A BIRD'S EYE VIEW "What's emerging now is a high-level look at how we are managing this business, from strategy, to technology, to people'" says Meikle. "When you talk about ERM now, you're looking at a process that steps back to the most senior levels of management to get an understanding at that level, and asks, "How are we managing, say, our reputation risk? What activities are we undertaking to make sure that if we have a product failure, we can respond to that?'" With ERM, says Meikle, it's easier to spot risks that are more pervasive in the organization, those that can't be dealt with on a business-unit level, but have to be dealt with by executive management. "A lot of times, you're not talking about eliminating this risk," he says. "You're talking about being aware of it and having action plans in place to manage around it so that you can influence your destination." GIVE THEM WHAT THEY NEED Glover says this can mean providing a service other than what your clients think they need. For example, a high-growth technology company might ask you to do a revenue-recognition review. Says Glover, "What I would be more concerned about is, 'What do your contract processes look like? How do you price stuff? How do you give discounts? How do you relate with your customers? How do you, once you decide you're going to sell something, get it shipped out, bill it, collect it, and manage the cash flow from those billings and collections?" He points out that you can help your clients prepare for a lot of risk at each of those junctures. Or say there is a damaged reputation to be repaired--fast. Once again, looking at the organization as a whole should be an urgent priority. "Certainly legal is going to be aware of it," says Meikle. "But what is your marketing group going to respond to? How is your production line going to deal with the fact that it has a million products to recall and re-supply?" The impact echoes throughout the organization. "It's one thing to say, 'I've got my publicist pub·li·cist n. One who publicizes, especially a press or publicity agent. publicist Noun a person, such as a press agent or journalist, who publicizes something publicist who is going to put out a nice memo telling the public, "Don't worry, we're on top of this."' But then you've got all of this other infrastructure that says, 'How do we regain confidence in our product?' You've got all of those pieces you have to fit together." ERM TOOLS Information gathering during facilitated workshops is an essential beginning point. "A lot of what we do is accumulate the data and the information so that we can lay it out in a usable, readable format that summarizes the assessment process for management," says Meikle. "Then management can look at it and formulate actions around those risks." Other key tools include interview templates that lay out each of the business processes. The templates might have questions surrounding reputation risk, thought starters meant to glean glean v. gleaned, glean·ing, gleans v.intr. To gather grain left behind by reapers. v.tr. 1. To gather (grain) left behind by reapers. 2. information on marketing and sales roles, the human resources The fancy word for "people." The human resources department within an organization, years ago known as the "personnel department," manages the administrative aspects of the employees. culture and other areas of the company. Once the information is gathered, it goes into a database that enables risk managers to summarize the facts. "It helps businesses to find not just the risks that a lot of them may intuitively know, but helps them define the actions they're taking to manage those risks," explains Meikle. CHECKING INSURANCE CONTRACTS Risk managers often discover insurance coverage problems only after an integrated look at the organization. "You think that your business contracts and your insurance contract are in sync. Very often they are not," says Ralph. "A lawyer reading a contract may not understand the implications to the insurance policy. And very often we have found provisions in contracts that are not properly financed by insurance, that could penalize pe·nal·ize tr.v. pe·nal·ized, pe·nal·iz·ing, pe·nal·iz·es 1. To subject to a penalty, especially for infringement of a law or official regulation. See Synonyms at punish. 2. a business for millions and millions of dollars." Ralph says assets as large as buildings are sometimes inadvertently left uninsured. Communication is perhaps the most important development that ERM brings to the table. It's the lack of attention to detail and lack of communication that Ralph says can bring on big trouble. "It's a problem of too many chiefs," she says. "There is communication that's missed so that a risk manager might not even know the plans a company has until it's too late." In comes the CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. who, as an internal or external ERM consultant, can bring a business clarity and perspective. RELATED ARTICLE: TOP FIVE DANGER ZONES From a company's reputation to its human capital, risk is in the works at every juncture. Here are the top five areas that Lance Ewing, risk manager for GES Exposition Services and vice president of the Risk and Insurance Management Society Risk and Insurance Management Society, Inc. (RIMS), founded in 1950, is a membership-based industry trade group, representing nearly 4,000 industrial, service, nonprofit, charitable, and governmental entities and serves more than 10,000 risk management professionals around the , says enterprise risk managers who seek a holistic approach live and die for when seeking out a company's danger zones. 1. Human Resources. How far must a company go to keep its employees? Even in today's pro-employer labor market labor market A place where labor is exchanged for wages; an LM is defined by geography, education and technical expertise, occupation, licensure or certification requirements, and job experience , National Semiconductor offers on-site dentistry dentistry, treatment and care of the teeth and associated oral structures. Dentistry is mainly concerned with tooth decay, disease of the supporting structures, such as the gums, and faulty positioning of the teeth. , hair styling, a post office and a fitness center. "Employees leaving your company, dying, taking trade secrets, having injuries, those types of things are all a risk for us," says Ewing. 2. Liability. Hot coffee spilled in a client's lap? "Who's going to sue?" asks Ewing. Litigation An action brought in court to enforce a particular right. The act or process of bringing a lawsuit in and of itself; a judicial contest; any dispute. When a person begins a civil lawsuit, the person enters into a process called litigation. has replaced baseball as the national past-time." Sales is one aspect of this. "What sales literature Sales literature Material written by an institution selling a product, which informs potential buyers of the product and its benefits. do you have out there?" asks Ewing. "We look at the sales contracts Sales Contract Contract between a seller and buyer for the sale of goods, services, or both. , insurance language, indemnification language and hold-harmless language." Research and development is another important area for liability scrutiny. "Remember Fen-phen? Look at that liability. That all had come out of R&D. You need to catch that by looking at test results." 3. Property and assets. What does the company own? This runs the gamut from information and websites to buildings, vehicles and other hard assets. "We look to protect these," says Ewing. 4. Net income. Where are there increases in expenses and decreases in revenue? "That's why I spend so much time with the financial and sales people," says Ewing. "We look at projections to evaluate, asking ourselves, 'Can we cover this through insurance?' We also ask, 'What happens if that whole compaign falls in our face?'" 5. Due dilligence See due diligence. . A lot of business these days is grown through merger and acquisition. "If we acquire a company, we ask, 'What's it going to cost us to do remediation if we buy this company?' Or, 'What's it going to cost me to acquire those liabilities, if it's an asset-exchange due diligence Research; analysis; your homework. This term has caught on in all industries, because it sounds so "wired." Who would want to do analysis or research when they can do due diligence. See wired. ?'" Laurie Mason is a San Francisco-based freelance writer. She can be reached at lauriemason@msn.com. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion