This report, published by Standard & Poor’s (S&P), announced its intention to include ERM assessments in ratings of nonfinancial companies in May 2008.  Since then, S&P analysts have been discussing ERM in their regular meetings with rated companies to gather information about how valuable ERM information is to opinions about company management.  S&P has always included risks and management capabilities in the overall evaluation process and considering ERM enhances this assessment, allowing for application of a more systematic framework.

S&P analysts have discussed ERM with over 300 rated issuers to date, mostly in the U.S. and Europe.  This represents about 10% of the global coverage of nonfinancial companies.  These discussions have centered around seven primary questions.  The questions address issues including the company’s top risks and their impact and likelihood, what is being done about top risks, the staff responsible for risk management and their place in the organization chart, and whether the board and senior management discuss risk management when making strategic decisions.

Several preliminary findings from these discussions are presented, some of which are highlighted here.  Analysts found that the level of ERM adoption, formality, and maturity varies widely across organizations.  Also, although ERM implementation may be increasing, “silo-based” risk management remains prevalent.  Companies that are more confident about ERM tend to be more transparent about their risk management practices.  Public companies often have more to say about ERM due to their compliance focus.  Finally, few companies have realized the upside aspects of ERM as most are focused on compliance and covering downside risks.

Analysts will continue ERM discussions with issuers in their regular meetings, review their management assessment approach, and look for opportunities to increase the consistency and transparency in credit ratings for nonfinancial companies.  With these efforts, ERM references should be incorporated into individual corporate credit rating reports in 2010.

Click link below to download the full report.

Link: Steven J. Dreyer and Amra Balic, “Progress Report: Integrating Enterprise Risk Management Analysis into Corporate Credit Ratings,” Standard & Poor’s RatingsDirect, July 22, 2009.

Subscribe to ERM Insights

The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.

ERM Enterprise Risk Management Initiative 2009-07-22