This article, authored by Donna Galer, discusses how enterprise risk management is becoming more of a trend for companies today. While “risk management” has occurred for years by companies, most traditional approaches to risk oversight are not used holistically around organizations. Now risk management is being implemented in companies in the form of Enterprise Risk Management (ERM) because of the many issues and challenges faced by companies today. ERM has become vital to organizations because it allows them to be proactive with about risks and ERM has become a measure now assessed by rating agencies and capital markets. This article, written by a former executive vice president of general insurance at Zurich Financial Services, defines ERM as “viewing risk holistically and horizontally across an organization.”
Added Value of ERM
By correctly implementing ERM companies, can experience fewer management surprises, earn higher ratings by ratings agency, or have less volatility in earnings or operations. ERM is a continual process that should be used year around. All organizations should perform four steps to maintain an effect ERM policy. These steps are: (1) identifying the major, specific risks that exist, (2) plotting the risk frequency and severity profiles, (3) comparing the results against the tolerance of the organization to withstand the risks, and (4) making strategic changes or creating strategic tactics that control or eliminate risks.
ERM Takes a Team
ERM today differs from risk management models in the past because it takes a team. ERM requires a cultural change that is seen on all levels of the organization. ERM mandates for all individuals to be held accountable and responsible for all of their actions. To create a team approach to risk oversight, many organizations are turning to Chief Risk Officers (CROs) to set the tone at the top. The CRO should have a team that looks at risks for the whole company that can delegate risk mandates to all levels within the company.
ERM is All About Mindset and Culture
For ERM to really be effective within the organization there needs to be a mindset and culture change. There also needs to be a common language and understanding of the risk that the organization will tolerate. All employees should know the policies surrounding the company’s risk management process and how to respond to risks facing the organization. In the past, risk wasn’t necessarily communicated consistently across the whole company. Individuals also did not know key terms associated with risk so when issues emerged, individuals did not know how to react or reacted inconsistently across the organization.
ERM is Not All About Insurance
Even though ERM is not all about insurance, using insurance will help organizations manage risk. In the past, company approaches to “risk management” often focused on identifying and dealing with risks that are insurable. By embracing ERM, companies are evaluating all kinds of risks including those that can and cannot be insured. Companies are also looking into different ways to manage risk in the form of maintaining higher self-retentions, introducing captives or new hedging vehicles, increasing business diversification, modifying risk appetite, improving contingency planning, and enhancing governance.
ERM is Not a Once-a-Year Exercise
ERM is an on-going practice. Organizations constantly experience change, which in turn leads to constant changes in risks. So, it is important for risk managers to stay abreast of business changes as they occur and consider how those changes impact the organization’s risk profile. By monitoring risk continually, companies will be able to handle challenges better and be able to protect its ability to function in the future.
Solutions for Maintaining an Effective ERM program
ERM is gaining more importance as companies become more global and stakeholders become more weary. Therefore, it is important for companies to adhere to the following ERM guidelines mentioned in this article.