Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

ERM programs evolving as firms embed strategy

More change coming as risks, technology develop

Reprints

SAN DIEGO—The enterprise risk management programs of many organizations have changed during the past decade, and they'll likely change further during the decade ahead, a panel of ERM experts suggested last week.

Speaking as part of a panel looking at the Future of ERM last week at the Risk & Insurance Management Society Inc.'s inaugural ERM Conference in San Diego, Ryan Egerdahl, enterprise risk manager for the Portland, Ore.-based Bonneville Power Administration, said that when he first became involved with ERM at the BPA, it seemed to be an approach used only in discussions of exposures at the highest level of the organization.

However, today at Bonneville, ERM is a discipline applied to risks at every level of the organization, Mr. Egerdahl said.

“There's been a lot of change,” said Mary Gardner, vp-Americas business resilience at Zurich Services of the Americas at Schaumburg, Ill.-based Zurich North America. Today, Ms. Gardner said, “Management really recognizes that risk management is their responsibility.”

At Zurich, she said, while the company has always had an audit committee, in recent years the company's board has formed a separate risk committee as well.

Robert G. Torok, executive consultant, financial management services, at IBM Canada Ltd. in Toronto, said he thinks one major change in ERM programs during the past decade has been an evolution away from a compliance-driven focus.

In addition, he said, ERM at many organizations has changed as a result of speed and transparency.

Speed has been a factor, as the pace of social media-driven communications has left companies no time to shape messages about events as information about them is disseminated on the Web. “You're forced to chase rather than lead because of the speed of technology,” Mr. Torok said.

Transparency also has become more of a factor as many organizations face pressure from regulators or stakeholders forcing them to demonstrate how they're addressing various exposures, he said.

Mr. Torok said he anticipates the nature of ERM programs will continue to change in the next 10 years, with the focus becoming a more proactive one of identifying as-yet-unforeseen exposures that might affect the organization's ability to meet its objectives.

“The biggest change that has taken place in the past 10 years is moving away from a compliance- and insurance-based focus,” he said. Looking forward, he told risk managers attending the conference, “Your responsibility will not be to stop the organization from stumbling by not complying with something. It will be to find that next big thing.”

In 10 years, enterprise risk managers will be expected to lead their organizations as they try “think the unthinkable,” Mr. Torok said. “That's the growth in ERM that I think we're going to see.”

Ms. Gardner said accomplishing that will require overcoming a reluctance common at many organizations to consider some dire possibilities. “For any company, some of those scenarios, the what-ifs, there's a reluctance to think about those,” Ms. Gardner said.

But, said Mr. Torok, “The one thing as a risk manager you can't allow your organization to say is, "That can't happen to us.'”

Ms. Gardner said that from Zurich's position as a risk taker, a key difference in the company's ERM program in 10 years will be improvements in risk data that will allow the company to better deploy its capital to take advantage of business opportunities.

“We need to have more facts and more data from an emerging risks perspective,” she said. “How do we get that information? How do we get that data?”

“We've learned that looking in the rearview mirror probably doesn't give us the information we need for the environment we're in,” Ms. Gardner continued.

Mr. Egerdahl said he thinks one change in his organization's ERM program during the next decade will be a reduced emphasis on a central ERM operation as effective risk management continues to be embedded in processes across the BPA.

Asked what sort of opportunities ERM programs might provide organizations during the next decade, Ms. Gardner said, “For Zurich, new countries.”

“Going forward, I think a real question is going to be risk-based capital and where do we reduce our capital so we can write more coverage in growing areas of the world,” she said. ERM should help Zurich make those decisions.

Mr. Torok said he thinks some opportunities may be of a more personal nature for risk managers, opening the doors to new roles in their organizations as a result of their current role as a “business unit supporter.” Understanding the risks that various business units face and helping them ask tough questions about those exposures “gives you tremendous opportunity going forward, because you know both the strategies and the risks associated with the unit,” he said.

In order to have an effective enterprise risk management program, “an organization must have a standard risk taxonomy,” Mr. Torok said. It should include perhaps the top 75 to 100 risks facing the organization, and should ensure that everyone in the organization is looking at the same risks and risk definitions across all business units.

That taxonomy must be subject to change over time, however, and will change during the next decade. “It's a living document,” said Ms. Gardner.

“Ten years from now, something you didn't think was important will be, and vice versa,” said Mr. Torok.

In general, Ms. Gardner advised enterprise risk managers to “keep it simple.” It's easy to make the ERM process complicated, she said, but sometimes it's best to focus on the basics. And she advised risk managers to occasionally “get out of the box” and seek ideas from peers in industries other than their own.

And Mr. Torok advised enterprise risk managers to “think broadly” and not close their eyes to possibilities, and to take a long view where needed.

“There are a number of risks that organizations face that evolve over many, many years,” he said. “It's not the next 12 months you're worried about, it's the next 12 years.”