SAN FRANCISCO — For organizations with enterprise risk management programs, the discipline is maturing into one that's adding value by helping organizations identify and prepare for emerging exposures, deal with “black swan” events and seize new opportunities.

ERM is “not a project or an initiative,” said Susan Meltzer, vice president of enterprise risk management at Aviva Canada Inc. in Toronto. “What we wanted ... was an enhancement to our business model. It's not a separate process. It's not something we do off to the side.”

“If we can understand risk better than anybody else, then we can take more of them than the next guy,” Ms. Meltzer said.

The insurer considers the effect of emerging risks as part of its ERM program, she said.

“When you're doing these kinds of emerging risk analyses, it's really events that you're looking at,” Ms. Meltzer said. Risk management identifies events that might result in massive losses for Aviva, damage its reputation, or fundamentally change the way it operates, and then conducts “war games” with company executives on the potential outcomes of those events.

The scenario-based discussions involve cross-functional groups. “You can't necessarily see that event coming,” Ms. Meltzer said, “but you can tell a story that leads you to that kind of event.”

%%BREAK%%

She and others discussed various aspects of ERM at the Risk & Insurance Management Society Inc.'s annual RIMS ERM Conference 2013 held Nov. 3-5 in San Francisco.

Discussing the network products and services provider's efforts to prepare for black swan events and develop a global crisis communications plan to respond to them, Laura M. Langone, senior director, global risk management at Juniper Networks Inc. in Sunnyvale, Calif., said, “We use every crisis as an opportunity to showcase what we're doing well or where we have a gap.”

While companies might be prepared to deal with direct effects of an event, they might be unprepared to manage its reputational issues. “Who do you get involved? I think that's a key issue for risk managers,” Ms. Langone said.

In developing its crisis communications plan, Juniper prioritized critical risks that could affect the company's brand or reputation, then assembled a group to address that plan. In looking for an outside partner to assist in the process, Juniper decided to “look outside the box” and not limit the search to insurance brokers, Ms. Langone said. “We did look at different vendors. At the end of the day, we chose a communications vendor.”

Juniper's black swan crisis preparation effort “is part of a bigger initiative as part of our ERM program,” Ms. Langone said. The effort also addresses risk volatility and identifying the opportunities and the downsides of risks.

The next phase of the crisis communications plan will focus on the company's supply chain, reaching to the supply chain's third tier.

%%BREAK%%

Not only is reputation risk a growing concern for many organizations, it has a legitimate place in the ERM process, said Nir Kossovsky, CEO and director of Steel City Re, a Pittsburgh-based broker/adviser specializing in corporate reputation management and risk transfer. “Reputation is an enterprise asset.”

“When you talk about reputation risk, it's not amorphous,” he said. “It hits the (profit and loss statement). It's enterprise risk.” He advised firms to understand what stakeholders expect and plan for the “weird and the improbable.”

Morgan Keane, manager of enterprise risk management at the Port Authority of New York and New Jersey, said ways that ERM has brought value to the organization including identifying the sources, causes and ways to mitigate declines in revenue.

Linking risk management to emerging data and analytical capabilities can help make organizations' ERM efforts more forward-looking and provide additional value, said Christina Kite, senior vice president, strategy and operations, at the Federal Reserve Bank of New York.

“When I was a risk manager, I felt most of our systems were very backward-looking.” To take advantage of forward-looking technology, “Half of your challenge as risk managers ... is knowing the questions to ask,” she said.

Ms. Kite cited two major benefits she thinks “big data” can offer risk management: optimizing decision-making to gain a competitive advantage and leveraging data to manage strategic risk.

The conference drew about 250 attendees. For information about next year's conference, go to www.rims.org.