Skip to main content
Poole College of Management
Enterprise Risk Management Initiative
Risk Identification and Assessment

How Nonfinancial Companies Manage Risk

June 1, 2010 2-min. read

In September of 2008, S&P widened the scope of its analysis of nonfinancial companies in 17 different industries to better understand the companies’ ability to identify and manage key risks.  S&P sought to specifically understand a firm’s risk culture and how it influences decision making.  These enterprise risk management reviews represent an extension of existing management reviews conducted by S&P, rather than a complete change to the credit ratings process.  Considering the intensified focus on risk management since S&P began this initiative and the confusion some companies have experienced about the expanded reviews, S&P released this short report consisting of answers to frequently asked questions (FAQs) in order to clarify issues related to S&P’s ERM evaluations.

Some of the important findings in the FAQ responses include:

  • ERM related enhancements will remain part of the Corporate Ratings Criteria and will not be published as a separate ERM methodology.
  • S&P’s evaluation of ERM is focused primarily on how the ERM process affects a company’s ability to pay its debt. If ERM improves cash flows, operating performance, or competitive advantages, then ERM might have a positive impact on the credit rating. Likewise, if poor risk management increases the likelihood of unexpected large losses, underperformance, or competitive disadvantage, then a lower of the rating may occur.
  • ERM consideration is more prominent in insurance companies, since risk assessment is a fundamental function.
  • At companies that have a formal ERM program – by no means a majority – ERM is generally in the nascent stage.  The most common ERM approach is the use of a “heat map” to plot the likelihood of risks against their impact. Very few companies seem to have a culture that integrates risk assessment into strategic decision-making. 
  • S&P recommends utilizing a system of measurement and reward to both inform managers and provide incentive for long-term strategy support.
  • One of the most difficult tasks is creating a risk culture and language that is understood and embraced at all levels of an organization.
  • S&P finds that board members are feeling a stronger need to better understand the key risks facing the organization.
  • S&P noted that only a few companies have created a Chief Risk Officer role and believe that risk management should actually be considered the responsibility of all managers.

Click below to download article

Original Article Source: “How Non-financial Companies Manage Risk,” Standard and Poor’s, June 2010

More From Enterprise Risk Management Initiative

ERM Tool: Using Porter’s Five Forces to Analyze Risks
photo of woman with e-tablet.

Techniques to Prioritize and Monitor Risks
Using Bow Tie Analysis To Develop Key Risk Indicators

ERM Tool: Using Bow-Tie Analysis to Develop Key Risk Indicators