Each organization must determine how best to achieve value-added results from ERM. These results are dependent on the organization’s mission, its long-term viability and its business imperatives.
ENTERPRISE RISK MANAGEMENT
IFRIMA White Paper adds little to
the understanding of ERM
By Michael J. Moody, MBA, ARM
|
Each organization must determine how best to achieve value-added results from ERM. These results are dependent on the organization’s mission, its long-term viability and its business imperatives. |
Over the past few years, a number of financial associations and societies have advanced their approaches regarding enterprise risk management (ERM). Among others, the Casualty Actuarial Society offered its views on ERM in “Overview of Enterprise Risk Management,” and financial risk managers used the Basel II regulations to advance their ideas on ERM. More recently, the auditing and accounting professions provided yet another alternative approach in the Committee of Sponsoring Organizations of the Treadway Commission draft report titled “COSO Enterprise Risk Management Framework.”
For the most part, however, corporate risk managers had not gotten into the discussion. This changed when the International Federation of Risk and Insurance Management Association (IFRIMA) recently issued its White Paper on ERM. IFRIMA is an umbrella organization that is made up of 26 international risk management associations. IFRIMA has members from 30 countries, including members from the Risk and Insurance Management Society (RIMS) in the United States and Canada as part of its membership base.
Background
The White Paper was approved by the IFRIMA Board of Directors at its April 2004 meeting. The board indicated that it took two years to strategically plan and reach consensus on their basic position concerning ERM.
The paper points to a broad recognition of risk management’s place in today’s business environment and states that ERM should become “a central part of all companies’ strategic management efforts.” IFRIMA defines ERM as:
“A process whereby organizations methodically address the risks relating to their activities, with the goal of achieving sustained benefits across the portfolio of activities.”
It notes that ERM should add maximum value to the organization’s activities. Additionally, it says that in order to successfully integrate ERM into the strategic management of the firm, the risk manager must be positioned high enough within the company’s organizational structure.
The paper goes on to state that each organization must determine how best to achieve value-added results from ERM. These results are dependent on the organization’s mission, its long-term viability and its business imperatives. ERM can best be carried out by considering all types of risks, and adopting a consistent approach and methodology to each with “a positive and professional risk/opportunity approach.”
Policy development
In order to achieve the added value from ERM, the paper suggests three major objectives to consider in developing policies and activities:
• “Contribute to the overall business objectives of the organization”—Risk taking is a necessary element in any successful firm, and appropriately applied ERM can allow the company to leverage opportunities to take and manage risks.
• “Establish a consistent, transparent framework for corporate governance”—A critical requirement of good corporate governance is an effective risk management program that has been established by the Board of Directors and implemented by management.
• “Protection for the company from adverse variances and catastrophes”—The practice of risk management has matured over the years so that it now encompasses protection from both internal and external risk factors caused by adverse variances and catastrophes through the innovative use of risk mitigation and risk finance techniques.
Strong foundation
One of the key issues that IFRIMA recognized is the difficulty in writing a best practices manual and guidelines for a broad-based risk management application. Accordingly, it indicates that one specific set of ERM standards would not be practical. However, it goes on to call for the establishment of a strong ERM foundation that should include “a disciplined and consistent process throughout the entire organization.” Additionally, the foundation should be specifically linked to the organization’s strategic objectives and incorporate the following elements:
1. Risk identification and assessment—including the development of risk registers and risk maps, as well as quantitative and qualitative analysis.
2. Risk mitigation strategies—A key to the successful ERM implementation is that risk mitigation strategies must be integrated into the overall business plans of the organization.
3. Risk transfer strategies—After risk mitigation efforts have been exhausted, corporations will need to develop appropriate transfer strategies via a combination of insurance, hedging, and other risk transfer techniques to deal with residual risks.
4. Risk reporting—Internal risk reporting relationships should be specifically directed at senior management and the Board of Directors.
5. Risk monitoring—deals with determining the effectiveness of the ERM program as well as causing adherence to relevant policies and procedures relating to ERM.
As noted previously, the position paper states that due to the significant differences among its member organizations, IFRIMA is unable to provide more specific ERM guidance. It points out that job descriptions vary tremendously across different industries and different countries, thus hampering the ability to provide a universal approach to ERM.
Conclusion
It is difficult to disagree with the premise that ERM differs dramatically from one industry to another. This has been one of the greatest stumbling blocks to ERM acceptance since the concept was introduced. Despite this obstacle, it is a little disappointing to see the final product that took the premiere, international risk management sponsoring organization two years to complete.
Will this position paper assist corporate risk managers develop and implement ERM programs at their companies and move into chief risk officer positions?
In the final analysis, however, it will be what senior management and the Board of Directors of IFRIMA member companies think about this position paper that really counts. Will the information and guidance this document provides be enough to get risk managers a seat at the boardroom table? Only time will tell. *
The author
Michael J. Moody, MBA, ARM, is the managing director of Strategic Risk Financing, Inc. (SuRF). SuRF is an independent consulting firm that has been established to advance the practice of enterprise risk management. The primary goal of SuRF is to actively promote the concept of enterprise risk management by providing current, objective information about the concept, the structures being used, and the players involved.