The prominence of enterprise risk management sessions at the 2007 Risk & Insurance Management Society Annual Conference shows the topic's importance. At the same time, many organizations focus on internal controls, compliance and hazard risks. But ERM is more than that. Organizations should consider five features that enhance an ERM program.
ERM means many things to different people. To avoid misunderstandings, an organization should determine whether senior executives agree on certain premises. Foundation concepts include:
Risk opportunities. Traditional risk management deals with pure risk where only a loss is possible. A major conceptual advance of ERM is the upside of risk, addressing scenarios where failure to take a risk is a risk itself.
Alignment of risk opportunities. The likelihood of success in ERM rises if an organization correctly aligns risk opportunities with its business model. For example, an organization should not identify reputation as a risk category. No one individual is responsible for reputation. Instead, the image of an organization and its brands stems from many other factors.
Central risk function. Someone has to coordinate efforts to identify risk opportunities. This can be an individual or a unit that scans the horizon and internal culture to identify and share risk opportunities.
Knowledge warehouse. A major issue in ERM is how to share ideas with key players. One possibility is to create a knowledge warehouse on a high-tech platform that authorized users can access. Individuals and units can post new opportunities and exposures and various parties can weigh in with comments and strategies.
Relationship of ERM and the board. Thanks to Sarbanes-Oxley, most directors have a growing interest in ERM. The organization should create a mechanism for the board to participate in ERM.
3. Creation of Central Risk Function
These topics were thoroughly examined in my Feb 19 and March 19, 2007, columns in Business Insurance (see www.BusinessInsurance.com/ERM).
Sharing knowledge about risk can be tricky in large, complex global organizations. The increasing complexity of logistical, communications and financial reporting systems complicates the problem of working together in a seamless ERM framework. The same technology that allows coordination of operations can facilitate the sharing of risk opportunities.
Lest we think organizations already share major risks, consider Ford Motor Corp. In the late 1990s, Ford recognized an exposure to price fluctuations in the rare metal palladium, an important component in catalytic converters. The purchasing department hedged the exposure by signing long-term contracts to purchase palladium at stable prices. Simultaneously, Ford's research and development department redesigned catalytic converters requiring minimal palladium. In 2001, the price per ounce dropped from $1,500 to $400, far below the long-term contract rate, causing Ford to suffer a loss of $1 billion. A knowledge warehouse with automatic sharing of risk opportunities and strategies could have avoided the loss.
Organizations must resolve a major design issue before creating an ERM knowledge warehouse--vetting posted information. On one hand, Wikipedia shows that knowledge is often enriched without significant error when all parties are authorized to contribute. At the same time, lawyers and others would cite exposures when sensitive information is posted on electronic platforms without proper vetting. Each organization will handle this issue in the context of its business model, competitive position and policies about sharing information.
As with components 3 and 4, this issue was covered in the March 19 issue of Business Insurance.
An ERM program encourages an organization to bring all its intellectual resources to deal with emerging opportunities and risks. Adopting a standard process for decision-making facilitates the effort.
To illustrate ERM decision-making using a knowledge warehouse platform, let us examine JetBlue Airways when a nasty ice storm hit New York on Feb. 14, 2007. JetBlue was not prepared for such an event. The result was thousands of passengers were trapped in planes on runways for up to eight hours. Aircraft ran out of food, toilets overflowed, and the airline canceled mo e than 1,000 flights and required six days to get the backlog cleared.
Now suppose JetBlue had a knowledge warehouse where an operations person had previously identified the possibility of such an occurrence. Let us follow it through.
Before the incident, a BusinessWeek survey ranked JetBlue fourth in the United States in customer satisfaction. After the incident, the magazine pulled the ranking from its March 5, 2007, edition and reported the failure in detail. Prior to this event, JetBlue was the top choice in a national airline quality rating four years in a row. It won an award five years in a row from readers of Condé Nast Traveler. It always ranked high in J.D. Power's quality ratings. Then it stumbled. An ERM program with risks shared on a high-tech platform might have avoided losses that are likely to exceed $30 million.
John J. Hampton is the KPMG Professor of Business and Dean of the School of Professional and Continuing Studies and Graduate Business Programs at St. Peter's College in New Jersey. He specializes in business ethics, legal liability and enterprise risk management. He is a former executive director of RIMS. To read Mr. Hampton's columns and interviews, visit www.BusinessInsurance.com/ERM.