BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Data sharing critical to ERM


The prominence of enterprise risk management sessions at the 2007 Risk & Insurance Management Society Annual Conference shows the topic's importance. At the same time, many organizations focus on internal controls, compliance and hazard risks. But ERM is more than that. Organizations should consider five features that enhance an ERM program.

1. Agreement on Premise

ERM means many things to different people. To avoid misunderstandings, an organization should determine whether senior executives agree on certain premises. Foundation concepts include:

Risk opportunities. Traditional risk management deals with pure risk where only a loss is possible. A major conceptual advance of ERM is the upside of risk, addressing scenarios where failure to take a risk is a risk itself.

Alignment of risk opportunities. The likelihood of success in ERM rises if an organization correctly aligns risk opportunities with its business model. For example, an organization should not identify reputation as a risk category. No one individual is responsible for reputation. Instead, the image of an organization and its brands stems from many other factors.

Central risk function. Someone has to coordinate efforts to identify risk opportunities. This can be an individual or a unit that scans the horizon and internal culture to identify and share risk opportunities.

Knowledge warehouse. A major issue in ERM is how to share ideas with key players. One possibility is to create a knowledge warehouse on a high-tech platform that authorized users can access. Individuals and units can post new opportunities and exposures and various parties can weigh in with comments and strategies.

Relationship of ERM and the board. Thanks to Sarbanes-Oxley, most directors have a growing interest in ERM. The organization should create a mechanism for the board to participate in ERM.

2. Alignment of Risk Opportunities

3. Creation of Central Risk Function

These topics were thoroughly examined in my Feb 19 and March 19, 2007, columns in Business Insurance (see

4. Creation of a Knowledge Warehouse

Sharing knowledge about risk can be tricky in large, complex global organizations. The increasing complexity of logistical, communications and financial reporting systems complicates the problem of working together in a seamless ERM framework. The same technology that allows coordination of operations can facilitate the sharing of risk opportunities.

Lest we think organizations already share major risks, consider Ford Motor Corp. In the late 1990s, Ford recognized an exposure to price fluctuations in the rare metal palladium, an important component in catalytic converters. The purchasing department hedged the exposure by signing long-term contracts to purchase palladium at stable prices. Simultaneously, Ford's research and development department redesigned catalytic converters requiring minimal palladium. In 2001, the price per ounce dropped from $1,500 to $400, far below the long-term contract rate, causing Ford to suffer a loss of $1 billion. A knowledge warehouse with automatic sharing of risk opportunities and strategies could have avoided the loss.

Organizations must resolve a major design issue before creating an ERM knowledge warehouse--vetting posted information. On one hand, Wikipedia shows that knowledge is often enriched without significant error when all parties are authorized to contribute. At the same time, lawyers and others would cite exposures when sensitive information is posted on electronic platforms without proper vetting. Each organization will handle this issue in the context of its business model, competitive position and policies about sharing information.

5. Involvement of the Board

As with components 3 and 4, this issue was covered in the March 19 issue of Business Insurance.

An ERM program encourages an organization to bring all its intellectual resources to deal with emerging opportunities and risks. Adopting a standard process for decision-making facilitates the effort.

To illustrate ERM decision-making using a knowledge warehouse platform, let us examine JetBlue Airways when a nasty ice storm hit New York on Feb. 14, 2007. JetBlue was not prepared for such an event. The result was thousands of passengers were trapped in planes on runways for up to eight hours. Aircraft ran out of food, toilets overflowed, and the airline canceled mo e than 1,000 flights and required six days to get the backlog cleared.

Now suppose JetBlue had a knowledge warehouse where an operations person had previously identified the possibility of such an occurrence. Let us follow it through.

  • Source of the risk opportunity. Any disruption of operations that strands passengers at Kennedy Airport in New York City at peak flying time. Examples: Ice storm, police action or terrorist act. The upside is to show JetBlue's high level of customer service and enhance the company reputation. The exposure is the reverse plus financial loss.
  • Risk owner(s). This scenario is assigned to the senior vp of operations. The SVP further assigns it to the Kennedy Airport Operations Center.
  • Likelihood. Using the platform, authorized contributors discuss an ice storm. Such a storm hits New York once every three winters. One chance in three of hitting at busy time. Evaluation: A disruption is likely to happen in a 9-year period.
  • Severity. The disruption could be a public relations boon if handled smoothly and a customer relations nightmare if passengers were stranded on planes for long periods of time. Could be financially beneficial if good news attracts new customers or costly if the airline had to reimburse passengers for losses or time spent. Evaluation: A disruption is a major risk opportunity.
  • Quantification. Suppose two contributors quantified impacts (see Figure 1). One estimated benefits at three levels from good public relations. Another estimated three levels of losses if the event is mishandled. Evaluation: The millions of dollars at stake reflect a serious exposure. Quantification Score: Using a scoring system such as is shown in Figure 2, JetBlue might conclude that the exposure has a high likelihood to occur and medium-high importance. On a scale from 10 to 90, this is a critical scenario at a level of 80.
  • Options. At this point, JetBlue can evaluate risk mitigation alternatives. It could have buses available for an emergency. The buses could load passengers on the tarmac when all gates are full. The company can provide additional personnel to solve problems, handle luggage and otherwise mitigate discomfort. This would involve training the office staff on tasks needed at the airport during a crisis. It is a viable option since the company headquarters is a few miles from the airport. The company can revise its operating procedures to develop rapid response capabilities for weather or other crises.
  • Cost/benefit analysis. Suppose the company assessed preparation costs at $3 million to $7 million. This factor would influence the decision.
  • Decision. JetBlue would have had the information it needed to select a combination of options to change the outcome of the actual event.
  • Conclusion

    Before the incident, a BusinessWeek survey ranked JetBlue fourth in the United States in customer satisfaction. After the incident, the magazine pulled the ranking from its March 5, 2007, edition and reported the failure in detail. Prior to this event, JetBlue was the top choice in a national airline quality rating four years in a row. It won an award five years in a row from readers of Condé Nast Traveler. It always ranked high in J.D. Power's quality ratings. Then it stumbled. An ERM program with risks shared on a high-tech platform might have avoided losses that are likely to exceed $30 million.

    John J. Hampton is the KPMG Professor of Business and Dean of the School of Professional and Continuing Studies and Graduate Business Programs at St. Peter's College in New Jersey. He specializes in business ethics, legal liability and enterprise risk management. He is a former executive director of RIMS. To read Mr. Hampton's columns and interviews, visit