Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

RIMS Canada panel covers common enterprise risk management errors

Reprints
RIMS Canada panel covers common enterprise risk management errors

OTTAWA, Ontario—There are various approaches to enterprise risk management, but speakers at the annual RIMS Canada Conference outlined common elements of successful programs and pitfalls to avoid.

Moderating an ERM presentation at the 2011 conference in Ottawa, Ontario, Nowell R. Seaman, manager of risk management and insurance services at the University of Saskatchewan in Saskatoon, said, “Typically we talk about two perspectives on ERM.”

One, he said, is strategic risk management focused on managing uncertainty around strategic objectives and ensuring the long-term viability of the organization. The other is operational risk management, centered on risks in the day-to-day process of executing the organization's strategy.

Despite the differences in organizations' approaches to ERM, “Where you manage these and how you define them is not nearly as important as applying the process,” Mr. Seaman said.

Speaking about the most common errors in ERM programs, Diana Del Bel Belluz, president of Risk Wise Inc. in Toronto, said she's learned that ERM is not only about reducing risk, but also about thinking about risk in achieving the organization's objectives. “With ERM, the focus is always on getting that balance right,” she said.

Among the mistakes Ms. Belluz outlined were complacency, not understanding risk exposures, relying on gut instinct, overlooking available information and focusing on the wrong risks.

Others common mistakes are failure to link the ERM process to the organization's performance management, build resilience into the program, acknowledge and learn from “near misses,” seek out and listen to constructive feedback and cultivate relationships with external stakeholders.

To tackle complacency, the ERM consultant recommended cultivating “a mindset of questioning.” She said she sees the mistake of not understanding exposures most often in organizations that don't “filter” risks against their objectives.

“At its heart, this is really about the failure to link risk and strategy,” Ms. Belluz said.

While there are occasions that require making judgments based on instinct, she said such problems can be reduced by rating the quality of risk estimates and finding information to help gauge the accuracy of gut instincts.

A major element involves determining the organization's risk appetite. “If you don't articulate it, what you do is you leave people to infer what the level or appetite for risk is, and I guarantee you'll have some differences,” Ms. Belluz said.

Regarding the failure to build resilience into the program, Ms. Belluz noted, “Risk management is very much about change management.” As for the mistake of failing to seek out and listen to constructive criticism, Ms. Belluz said that, beyond good communications skills, the solution is “humility in management” and the “ability to admit we don't know it all.”

In another session, John Ebsary, director, enterprise risk management at Canada Mortgage & Housing Corp. in Ottawa, said crafting and implementing a risk appetite statement is a critical component of an ERM program. Top management should approve such a statement, which provides specifics about levels of risk that are acceptable.

A risk appetite statement provides clear indications of what risks must be mitigated or eliminated, and can be useful in an organization's strategic planning, he said. A risk manager can initiate the process by surveying the board and senior management for quantitative and qualitative descriptions of what the organization's risk appetite should be, Mr. Ebsary said.

Factors shaping the statement might include key business drivers, strategic plans and goals, significant risks, stakeholder expectations, and the senior management's or board's focus.

“Every organization's risk appetite statement will be unique,” Mr. Ebsary said.

The board should approve the statement as part of the organization's ERM policy, Mr. Ebsary said. “You should reapprove it every year just to be comfortable with it,” he said. “But it shouldn't have to change constantly.”

Read Next

  • Glen Frederick receives Donald M. Stuart Award at RIMS Canada conference

    OTTAWA, Ontario—Glen Frederick, director of risk management client services-core government and crowns in the risk management branch of the government of British Columbia, was named the recipient of the 2011 Donald M. Stuart Award Monday at the annual RIMS Canada Conference in Ottawa, Ontario.