Organizations sometimes struggle to structure their risk management processes in a manner that is sustainable and value-adding.  Often what they create fails to deliver robust risk information useful to running the business because they make the process overly complex or they fail to position it from a strategic perspective.  A recent article, authored by Alix Stuart, highlights findings from a Booz & Co. study which found that “more than 60% of [shareholder] value lost over the last decade has been attributable to strategic risks, like being in the wrong market with the wrong product.” However, the article notes that few risk management programs focus on strategic risks such as “being in the wrong market with the wrong product”.

The article highlights that one way CFOs can successfully lead risk management is by initiating a companywide program that adopts a common risk framework and encourages two-way open communication about emerging risks. Discussed below are some notable highlights on four separate perspectives for directing a risk team.

Human Capital

This outlook refers to how companies are looking to incorporate its nontraditional staffers to think about risk management. Including more individuals to help identify risks and make decisions results in more ‘risk-spotters.’ John Varvaris, CFO and COO of Best Doctors, recently initiated a companywide risk management program. The following list includes the steps he took in building a risk team:

1. Get all of the senior leadership team on board to ensure the program’s support.
p. 2. Assemble the appropriate people to assess the firm’s risks- For Varvaris’ company, this included 12 people in the beginning: the heads of business units and geographies, key departments like finance and IT, as well the company’s chief actuary.  The group meets quarterly for two and a half hours.
p. 3. Educating the team- Varvaris ran a brief survey asking members what they knew about risk and based off these answers the team had a tutorial on how to identify and measure risks as a corporation.
p. 4. Set a risk-appetite level for the organization

p.Committee members self- assess their parts of the business before each quarterly meeting and report on the top 5 to 10 risks they face and how they are managing them.

Supply Chain

This perspective deals with those elements that are outside of a company’s direct control. Globalization has made companies’ supply chains more vulnerable than ever. Jin Leong, chief procurement officer for International Monetary Fund, has implemented a “supplier observation database” that is designed to capture the procurements staff’s concerns about its most critical vendors.

Staff members are encouraged to log useful observations about the suppliers with whom they work closely. Examples of observations include: supplier performance metrics that are trending downward and decreasing responsiveness from a vendor. Collectively, a series of observations can prompt action that can greatly help the organization.  In addition to concerns that directly affect the supplier, risks related to the environment the supplier works in are equally important.

While Leong is only six months into the database project, it is hoped that eventually enough data will be compiled to identify patterns and advance warnings of problems.


While collecting data is essential in risk management, the real value is in analyzing the data. In an example of ERM automation and its impact on analyzing data, the article discusses Intuit and how it developed a homegrown web-based program to input data real time. Janet Nasbug, the firm’s first chief risk officer, turned to the company’s product development team for a way to manage all the data on risk-assessment she was receiving. The program allows business heads to see what others are thinking and entering in real time.

Risk Governance

This component deals with how corporate boards are responding to the pressure to oversee risk. According to the article, careful guidance from the CFO is essential for higher level analysis and discussion among the board. Experts suggest that finance executives can help engage more members in risk by subtly working risk into broader educational efforts. For example, Best Doctors’s Varvaris makes sure every board meeting involves a SWOT (strengths/Weaknesses/ opportunities/ threats) analysis of a rotating series of business units and geographies- this ensures the meeting’s focus is on the right risks.

Click below to read article

Link: CFO Magazine

Subscribe to ERM Insights

The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.

ERM Enterprise Risk Management Initiative 2012-04-01