Printer Friendly

ERM Myths&Truths: effectively managing the company's corporate risk landscape can better enable an organization to proactively identify and leverage events as they evolve, to manage the risk by maximizing its upside and minimizing the downside.

Stakeholders want to make sure the companies in which they have an interest are managed responsibly, with a balance of efficiency and resiliency. This scrutiny reflects the growing sophistication of today's stakeholders--investors, employees, regulators, customers, the public and the media--who want to know just how well these companies are being run.

The answer, in many cases, is that companies could be run better.

Risk that goes undetected can derail even the best-laid set of goals and business objectives. Organizations that understand the events that may affect their strategy, product development or services delivery--and could have an impact on growth, market share and corporate health--are better equipped than others to anticipate and react to risk events that can alter the course of the business.

That's the purpose of enterprise risk management (ERM) programs, to enable management to understand the organization's risk environment and make decisions to optimize performance within that environment.

Many organizations are unsure how to implement an ERM program in a way that provides quick, early and measurable results within a reasonable budget. Part of the confusion may be due to myths about ERM that tend to cloud the truth about the ability of this powerful risk management ally to steer companies in the right direction.

A Role in Organizational Strategy

ERM does more than just manage downside risk. It also highlights areas where taking on more risk makes sense.

Since implementing an ERM program in 2006, the LEGO Group has become more aggressive, with remarkable results. Hans Lasssoe, the senior director of strategic risk for LEGO, said that ERM quickly showed that the Denmark-based toy company was operating more conservatively than necessary. Enterprise-wide exposure measures identified by ERM indicated the company was less vulnerable to market fluctuations than management had thought. ERM also alerted management to areas where the company could reasonably take on more risk.

As a result of the ERM findings, LEGO adjusted its risk profile and invested more aggressively in its manufacturing capacity and marketing expenditures. The adjustments improved financial performance significantly during a time when other toy manufacturers experienced dramatic declines.

LEGO itself had sustained massive losses in 2004 before returning to profitability in 2005. With the ERM-inspired risk strategy now fully implemented, total sales for 2010 are expected to be double those of 2005, despite a stagnant industry. "Having an ERM program and a documented measure of risk exposure has strongly supported the development of the company," Laessoe said.

Filling a Growing Need

The global reach of today's companies, as well as the the rise in stakeholder scrutiny, makes the use of ERM a business imperative for companies that want to be sure critical risks are being managed across the enterprise. Risk management efforts must cover a wider range of strategic and performance issues, including financial, operational, legal and regulatory as well as environmental, social, economic, human resources, and information technology concerns.

Well-run organizations are generally looking to:

* Increase an organization's ability to leverage existing risk. Taking on prudent levels of risk to achieve business objectives that, for example, increase market share and broaden distribution outlets is possible when risk is continuously monitored and managed enterprise-wide. As in the case of LEGO, this level of ERM can better support the overall performance of an organization through economic slowdowns.

* Synchronize risk with business strategy. Executives who understand what events may alter strategy, affect product development and have an impact on growth are better able to maintain the long-term viability of their company. In all, strategy drives risk and risks drive strategy

* Define, prioritize and manage an enterprise-wide risk landscape to manage risk proactively and in real time. By understanding the implications of carrying risk, management is in a better position to leverage that risk to optimize performance within the risk tolerance levels of the organization.

Dispelling ERM Myths

ERM is widely acknowledged as the tool to accomplish these varied goals. It debuted in the mid-1990s as American companies, primarily from the financial services, energy and utility industries, adopted models to track and manage risk.

Approaches and frameworks varied, but similar to the emergence of total quality management (TQM) models a decade earlier, lessons were learned early on that can benefit anyone who heeds them.

ERM has now been around long enough for practitioners to have developed relevant and realistic standards and best practices. Though much like emerging TQM models, ERM continues to be shrouded in misconceptions, making these programs largely misunderstood.

Dispelling the myths surrounding ERM programs can give executives a clearer view of the benefits and value of a fully integrated ERM program.


ERM is a Plug-and-Play Process.

TRUTH: When it comes to ERM, one size does not fit all. An ERM program must be customized to the strategies, culture and makeup of each organization. In this way, ERM is streamlined and made relevant, understandable and easier to implement. Custom-fitting ERM begins with defining what ERM means to the business strategy of each individual institution. For one organization, it may be tightly intertwined with the customer relationship management program, while for another, it could be tied in with sustainability efforts.


Risk is Already Being Managed.

TRUTH: This statement is only partially true. The industry benchmark today is that 20 percent of risk is managed through formal risk and compliance programs; management tends to react to the remaining 80 percent of risk, many times too late.

Manufacturers that, for example, manage safety with insurance and precautions against accidents on the job are managing their known risks through a formal risk program. But what about the 80 percent of risks they aren't actively managing, such as those posed by a consolidation of critical suppliers? These types of risks may negatively affect business in the future and should be proactively identified and managed.

To be successful, organizations are striving to develop proactive ERM programs that focus on activities that will be sustainable over the long term, as defined in the sidebar at the top, left, Five Elements of a Sustainable ERM Program.


ERM is Too Expensive.

TRUTH: Best practices have emerged that streamline ERM, keep costs down and boost return on investment. Overall value can now be articulated. That value may be different for each organization. For one company, the value of ERM may be in supporting its growth initiatives; for another, it could be in meeting the increasing demands of its customers.


ERM is Distracting and Disruptive To Management.

TRUTH: Management often feels too overloaded to take on the challenge of implementing ERM. However, a properly implemented ERM program should actually save management time, by focusing its attention on high-priority risks. Also, once the members of the management team have a common way of thinking and talking about risk, they can move beyond debating what their company's risks are to determining the appropriate strategies for managing the top risks.


ERM Does Not Contribute to Achieving the Goals of the Company.

TRUTH: Management often feels time-pressured to focus on sales or another critical business strategy, to the detriment of risk management.

A similar single-focus approach sank the subprime lending market. Subprime lenders focused on sales, with little regard to the overall impact of sales on the housing market. Few lenders took the time to ask whether the easy-credit approach was the right one. And too many people were given loans they couldn't afford. The real estate bubble eventually burst under the pressure of defaulting loans.

Achieving the goals of a company and managing risk must be bedfellows for management to sleep well at night. Synchronizing goals and risk confirms the direction of the organization. Risk should be continuously realigned, in real time, to the overall strategy.


Companies Can Hire Consultants to Build an ERM Program.

TRUTH: ERM cannot be outsourced; the process must be woven into the fabric of an organization. Consultants can coach companies in implementing an ERM program, but the customized nature of the process requires that an effective, sustainable program must be organically grown.


Enterprise Risk Management = Managing Risks Enterprise-wide.

TRUTH: ERM is not about inventorying risk. It is about focusing risk efforts across the organization to help prevent outsize risk from undermining business strategies. It is the responsibility of line management to manage the risks inherent in the business.


The Goal of ERM is to Reduce Risk.

TRUTH: The goal of ERM is to balance risk taken to achieve business objectives against the organization's risk appetite. This allows the management team to lower the level of effort expended to control low-risk items, and to reassign those resources to areas of higher strategic risk.


ERM is a Stand-alone, Self-sustaining Program.

TRUTH: ERM is not a project or a destiny achieved by implementing a framework that runs itself. Rather, ERM results in making better decisions at uncertain times. An ERM program should be a sustainable discipline driven by key individuals throughout the enterprise to guide management to do business correctly in any environment.

Doing the Right Thing

To overcome the challenges of implementing ERM, management should move boldly and shrewdly to capture early returns and long-term benefits by:

* Embracing the cultural requirements, beginning with engaging senior management;

* Retaining the right consultant or company partner to optimize benefits;

* Reaching early and measurable goals; and

* Maintaining ongoing momentum.

Phasing in these measures can help contain costs and result in a well-defined, effective and sustainable ERM program that improves decision-making and increases efficiency. That is, it leads to business done right.

Five Elements Of a Sustainable ERM Program

* Risk management is linked to the organization's strategy, culture and values.

* Management has a repeatable, comprehensive understanding of how to identify, assess and manage risk.

* Roles and responsibilities are assigned for ERM governance.

* The program generates high-value information for better management decision-making.

* The program generates risk-related information that enhances monitoring and reporting processes.

BART W. KIMMEL ( is a director with Crowe Hor-wath LLP in the Los Angeles office. GREGG E. ANDERSON ( is a director in Crowe Horwath LLP's Chicago office.
COPYRIGHT 2010 Financial Executives International
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2010 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Kimmel, Bart W.; Anderson, Gregg E.
Publication:Financial Executive
Geographic Code:1USA
Date:Dec 1, 2010
Previous Article:Navigating the new counterparty risk landscape: the new profile of counterparty risk in today's business and financial communities indicates how...
Next Article:Building a world-class finance team: companies can gain a competitive advantage by shaping their finance departments with exceptional talent and...

Terms of use | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters