Enterprise Risk Management
A growing body of evidence
Study shows improved performance by businesses with ERM programs
By Michael J. Moody, MBA, ARM
Enterprise risk management (ERM) is well past the fad stage since it’s been around for more than 10 years. Despite this, there have been few studies that confirm the positive effects of implementing an ERM program. However, the Risk & Insurance Management Society (RIMS) has just released a new report, “RIMS State of ERM Report 2008,” which provides some additional support for ERM implementation.
About two years ago, RIMS introduced its risk maturity model (RMM). At the time RIMS introduced its new RMM, “we did not want to write a new standard because it was clear that there already were several competing frameworks,” according to Carol Fox, chair of RIMS’ ERM Development Committee and senior director-risk management for the Convergys Corporation. “What was needed was a method to help people get started,” she points out. “It really didn’t matter what framework they used.” That is why they designed the RMM to be flexible enough to work within any ERM framework.
Risk management taking center stage
If nothing else, the current financial crisis has shown a spotlight on risk management. And, unfortunately, it has not been too flattering. As the RIMS report points out, “The current crisis is now largely seen as a failure of risk management.” The report goes on to say that new governmental regulations that enforce more prudent risk management will certainly follow. While SOX Act regulations required that corporations discuss their major risk factors, these did not go far enough.
RIMS believes that new regulations will require corporations to “go into depth on how they identify risk, set risk tolerances and provide evidence of effectiveness.” They note that since 2006, the boards in the UK have been held accountable by the Combined Code on Corporate Governance to review and express opinions on their firm’s ERM processes and systems; and the report notes that U.S. corporations should be preparing for “similar comprehensive requirements.”
Beginning to see results
One aspect of the RMM program is that participants are asked to complete a survey and provide information anonymously about their current ERM programs. As of January 2008, 564 organizations had participated in the RMM study. After the first of that year, RIMS began to tabulate the survey results. In essence, Fox notes, “The survey looked at what the participants determined as the current state of their ERM programs” and compared it to what RIMS believe it would be for a mature program. A summary of this comparison was provided to each of the participants for benchmarking purposes. As the information base grew, “so did the credibility of the data,” Fox notes. The RIMS current report is an overview of the 564 participants’ results of this benchmarking project, and the results surprised many.
To a large extent, what makes this report an important breakthrough, as well as relevant, is the importance that rating agencies are now placing on ERM. For example, Standard & Poor’s (S&P) has made note of the importance that it places on ERM assessment in its rating methodology. S&P states that it has been including effectiveness of ERM as one of the eight overall rating criteria. Additionally, Moody’s Investor Service has proven that there is “a direct relationship between better-managed companies as measured by higher credit ratings and better performance as measured by fewer defaults on financial obligations.” Similar comments have also been made by other rating agencies. And this becomes even more important as the rating agencies begin to expand beyond the financial service sector and introduce ERM analysis across all industry sectors.
While a number of significant findings accompany the report, one of the most relevant is that the report provides “verification from businesses that ERM boosts business performance.” Fox points out that this finding is universal across all industry segments. And she goes on to say that all three of the top industry segments—the financial sector, manufacturing sector and utilities—note this performance boost.
Other key findings
Several other key findings that shed new insight into ERM were:
• Organizations that have embraced ERM have realized a concrete advantage in their risk management competency. “The study found that 93% of organizations with formalized ERM programs in place make better risk-informed decisions,” which is a recognized competitive advantage over those that do not have been ERM program.
• The link between ERM and better business performance is significant. “There is a distinct correlation between companies that score higher on RIMS risk maturity assessments and companies that possess higher credit ratings.” The same is true of “lower scoring companies that typically possess lower credit ratings.” Hence “better managed companies, in terms of ERM practices, benefit from better business performance,” according to the study.
• The study also verifies that formal infrastructures in well-managed ERM programs embody the 68 best practice guidelines for efficient and effective risk management programs as presented by the RIMS’ ERM risk maturity model.
• “Direct, extensive involvement in ERM by front-line management at all levels is the competency driver that is most strongly correlated with higher credit ratings.”
• Despite the favorable findings noted above, “Many organizations still fall significantly short of achieving managed or better maturity ratings.” The study indicates that only 4% of the participants have achieved a managed or better level of risk management competency. Obviously, there is ample room for improvement in this important area.
What the report documents is that better managed companies tend to have higher credit ratings and, as a result, higher ERM competency. Accordingly, “This study proves the positive correlation, (i.e., the direct relationship) between higher RMM scores and higher credit ratings.” Ultimately, this results in a lower cost of capital because of the higher credit ratings for those companies with good ERM programs.
Conclusion
Via its Risk Maturity Model, RIMS has been able to develop an excellent procedure for those wishing to find a way to implement ERM. Further, the RMM is also a good benchmarking tool to help determine a participant’s implementation progress. In the final analysis, the report points out, “In addition to the important strategic benefits associated with ERM, there are also proven direct relationships among higher ERM competency, effective ERM governance and infrastructure, better business performance and reduced short-term, bottom-line costs.” Given this relationship and the fact that rating agencies are already placing a premium on effective ERM programs, it would appear that now is the time to begin a serious move towards an ERM approach.
Agents and brokers have a unique opportunity as a result of RIMS’ new RMM benchmarking tool. RIMS is allowing non-RIMS members to complete the RMM survey and obtain the results of the self-assessment. Agents and brokers should be encouraging their larger clients to participate in the survey. RIMS notes that “rating agencies, regulators, capital markets and even the courts now have reliable guidance on how to evaluate an organization’s risk management competency,” so any corporation is going to soon be held to a higher standard with regard to risk management. Maybe it’s time to partner with your larger clients and help them strengthen their risk management competency via ERM. *
The author
Michael J. Moody, MBA, ARM, is the managing director of Strategic Risk Financing, Inc. (SuRF). SuRF is an independent consulting firm that has been established to advance the practice of enterprise risk management. The primary goal of SuRF is to actively promote the concept of enterprise risk management by providing current, objective information about the concept, the structures being used, and the players involved. |