A panel of chief risk officers and executives leading ERM efforts in their organizations engaged in a rich discussion at the ERM Roundtable Summit on October 1, 2010 that focused on the following topic: “The Value Proposition of ERM: Strategic or Compliance.” Panelists discussed lessons learned from real-world experience and ERM leadership efforts within their organizations on how to position ERM for strategic value. The panel consisted of four individuals including:
- Tom Belt – VP Internal Audit of Advance Auto Parts, Inc.
- Laurie Brooks – CRO and VP Risk Management of Public Service Enterprise Group Inc.
- Steve Dreyer – Managing Director and Lead Analytical Manager of Standard & Poor’s, Inc.
- Ward Sax – VP, CRO, and Treasurer of RTI International
Bonnie Hancock, Executive Director of the NC State University ERM Initiative, moderated this panel.
The panel discussion started by focusing on how to implement ERM in an organization. The panelists advised that ERM implementation must fit the culture of the organization and that there is no one way to do so. Most argued that the current approach by some of trying to fully embrace an ERM conceptual framework at the start of an implementation effort was somewhat overstated and unnecessary. Instead, the panelists noted that they found the embrace of parts of various frameworks often better suits the organization, rather than relying upon one framework.
One practical example of a way to begin ERM implementation included working with compliance and finance risks first, since they are easier to manage, and then moving to business and strategic risks next. Additionally, the panelists advised that visiting companies and interfacing with ERM experts may lead to a better understanding and practical approaches of how to implement ERM successfully.
A theme that emerged in the discussion was the difficulty in transitioning to ERM practices, as increasing risk awareness and convincing skeptics in the organization proves to be a challenge. The panelists agreed that getting an organization’s board of directors and audit committee dedicated to starting ERM is crucial to driving the implementation process. Once the board of directors and audit committee recognize the value added by executing an ERM initiative, the task of spreading the oversight of risk management and incorporating risk responsibilities into existing processes becomes more manageable.
The panelists focused on the importance of leveraging existing processes to assess risk and responsibilities and retaining risk ownership within already existing business functions. The panel recommended assigning responsibilities for line management in order to hold them accountable for defining risks and working to manage those risks, as one committee or person should not be the “owner” of all risks. Linking risk management to compensation was another piece of advice offered by the panel. For example, ERM competence assessments could be included in annual performance evaluations by holding management accountable for the amount of risk taken in order to achieve a particular return goal. If different risks are taken to achieve a similar return, the individual achieving that return with less risk-taking should be compensated better than the one who took greater risks to achieve the same return.
Overall, the panelists pointed out that ERM should be developed based on an organization’s culture and implemented through existing processes. An understanding of what needs to be achieved and strong support from executive management and defining risk responsibilities for line management is crucial in order to be successful implementing ERM. Additionally, using ERM to determine potential risks and opportunities will add value to an organization, even though the initial launch of risk management may be a challenge. Making sure management sees how the output of ERM processes informs strategic decisions will ultimately impact the embrace of ERM the most.