|
Enterprise Risk Management
ERM: Paint by numbers
New process helps mid-sized firms identify top risks
By Michael J. Moody, MBA, ARM
The U.S. economy, as well as the world economy, remains sour. Although there are a number of reasons for this situation, the financial meltdown on Wall Street is certainly high on the list. As the Obama administration tries to chart a course out of this mess, many are wondering just how we found ourselves in such a desperate situation. Many financial experts believe that some of the problems are due in part to a failure of risk management.
Most of the industry segments involved in the mess were in the financial services sector and were among the most advanced with regard to the holistic approach known as enterprise risk management (ERM). Some of these industries, banking for example, have been actively involved with ERM for over 10 years. What went wrong in these organizations?
Recent studies have indicated that one failure of the larger banks, investment firms, and insurance companies was that they did little to actually change their corporate culture to an ERM approach. Now, with an increasing emphasis on ERM by rating agencies, stock analysts, government regulators, and stockholders, large corporations must begin to embed more of an ERM mentality into their corporate cultures. But what about mid-sized firms that are still struggling to begin the ERM process? How should they proceed?
Start at the beginning
While larger, Fortune 500-type corporations have been able to hire “big box” consultants from international auditing firms, mid-sized corporations, insurance brokers and management consultants may not have the budget for such expenditures. A key problem facing any organization that wishes to implement an ERM program is the lack of a universal approach to ERM.
Regardless of the approach chosen, whether it is the COSO ERM Framework, AS/NZS 4360 (Joint Australia/New Zealand Committee OB/7), or some other program, the first step and typically the most important is risk identification. Frequently this is where mid-sized organizations have problems.
A risk advisory firm, PrioritERisk™, has developed an approach that can assist corporations in completing this first important step. PrioritERisk, according to co-founder Steven Seider, “is an executive-level identification and prioritization process that is intended to assist organizations to manage their risks on an enterprise basis.” Based on the firm’s research, Seider says, “We believe that frequently a company’s main obstacle is that they don’t know how to kick start their ERM process. Too often, organizations make the process unnecessarily complicated and then become frustrated and give up.”
Accordingly, PrioritERisk developed a simplified, “paint by numbers” approach that focuses on identifying key risks and assessing their impact on the organization. The program is now available to agents and brokers on a “white label” basis and in the future, agents will be able to offer the program directly to their clients and prospects.
PrioritERisk’s process “helps clients, through interactive participation with the organization’s executives, take the first step at a high level in examining risks enterprise-wide,” says Stephen Mallory, the other co-founder. He explains that the program “involves the use of sophisticated technology, both online and in-person at a workshop, to facilitate the flow and capture of ideas from corporate management.”
The program’s key deliverable is a prioritized list of the organization’s top 10 risks. The process also helps participants pinpoint where the company is channeling its resources to control risks and creates an action list to get the organization started on the next steps in ERM.
Getting started
A typical project requires about six hours of the executives’ time, including a four-hour workshop, and usually takes place over a six-week period. The initial stage identifies the management team members who will be taking part in the study. E-mails are sent to each participant explaining the project and assigning background reading in ERM. In the next step, each participant is asked to complete an online survey to identify the top 10 risks the organization faces from each participant’s perspective. “The participants are requested to review their functional areas of operations,” Seider says, and “indicate not only the top risks of the organization on a macro level, but also risks for which they are responsible, seeking input from their direct reports as necessary.”
PrioritERisk then collates and vets the input and, based on the responses, prepares a preliminary list of risks. This list is then circulated to the participants, and they are asked to consider each risk, its impact on the organization, and the likelihood of its occurring, as well as the perceived effectiveness of any existing mitigation controls in place.
PrioritERisk reviews and consolidates this information, and a draft list is prepared for discussion and debate in a half-day workshop. During the workshop, participants are asked to consider which risks threaten the achievement of the organization’s corporate goals, strategies and mission. The primary deliverable that comes out of this process is that the corporation will have an inventory of the top 10 risks facing the organization, as determined by its executive management team.
In essence, this “risk map” identifies and summarizes the key risks and also provides information regarding the impact of the risks on the company and the likelihood that a loss will occur. Additionally, comments are provided about the effectiveness of any risk mitigation strategies associated with each risk. With this top-10 risk list, the executives have information they can use to plan and implement effective ERM strategies.
Summing up
For a variety of reasons, enterprise risk management has taken center stage in many organizations today. As more pressure is placed on corporate executives to better identify and manage their organization’s risks, ERM’s influence is certain to grow. As a result, the practice of ERM is undergoing significant changes, one of which is increased interaction with a corporation’s insurance agents and brokers. Many of the large international brokers have already started ERM divisions and see the potential for expanding value-added services for their clients and prospects. Mid-sized agents and brokers are also beginning to recognize the opportunities of moving toward an ERM approach. Frequently, however, these firms lack the resources to take advantage of these opportunities.
For these mid-sized agents and brokers, the PrioritERisk process is a way to help their clients begin moving toward ERM. The “paint by numbers” approach can work in conjunction with an agent or broker’s clients and prospects in the most important holistic risk identification and prioritization activities. The service is now available for delivery on behalf of the agent or broker, and soon by the agent or broker directly.
“We saw a need for mid-sized agents and brokers to stay engaged with their customers beyond the insurance purchasing process,” Mallory says. “As a result, we made our services available on a ‘white label’ basis.” In this way, the agent or broker can take the lead in the project and still use PrioritERisk products and services. Mallory believes this approach is an excellent opportunity for mid-sized agents and brokers to provide expanded value-added services to their clients and prospects. n
The author
Michael J. Moody, MBA, ARM, is the managing director of Strategic Risk Financing, Inc. (SuRF). SuRF is an independent consulting firm that has been established to advance the practice of enterprise risk management. The primary goal of SuRF is to actively promote the concept of enterprise risk management by providing current, objective information about the concept, the structures being used, and the players involved.
|
