Login

Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Governance a start for ERM

Reprints

e-mail John Hampton

Governance is a good starting point for enterprise risk management. In this column on Emerging Risk Strategies, we'll explore the drivers of ERM and offer a good example of how an ERM approach could help Chrysler Corp.

Executives are increasingly talking about the need to improve risk management across the entire organization. They are responding to multiple drivers, including:

  • Regulatory requirements. ERM has been discovered by regulators. The Securities and Exchange Commission requires public companies to file 10-K reports that discuss risk factors in plain English. Basel II requires banks to demonstrate adequate capital to handle the risks they accept. Securities exchanges have implemented tighter listing requirements with respect to risk reporting.

  • Funding requirements. ERM affects the raising of debt and equity capital. The New York Stock Exchange requires listed companies' audit committees to discuss risk assessment and risk management. Rating agencies are introducing requirements for an ERM program before a company can achieve a favorable rating on debt issues.

  • Transparency and accountability. ERM is becoming a component of improving management processes. The Sarbanes-Oxley Act requires the chief executive officer and chief financial officer of public companies to sign off on the adequacy of internal controls and reliability of financials. Failure to implement effective risk management processes can lead to criminal penalties.

  • Competitive pressures. ERM is improving the risk profile of organizations as they operate in more complex and rapidly changing environments. The first company to identify risk trends and respond to them may be the most successful in a market.

  • Performance. It is one thing to have a strategy; it is another to execute it in a risky world. ERM is a tool that increases the likelihood of a high level of performance.

    Where to start?

    ERM can begin anyplace, but three approaches seem to be emerging:

  • Governance. The board, CEO and CFO are at risk, and they place the entity at risk when they fail to understand critical risks. They can start the ERM process.

  • Strategy. C-level management believes it understands critical risks. How should the leadership assess them, identify options to deal with them, select a strategy and monitor its effectiveness?

  • Performance. The organization needs processes to achieve profit and other goals, reduce cash flow volatility, control costs, comply with policies and otherwise improve the efficiency of operations. ERM can provide a framework to improve performance.

    An organization can develop a successful ERM program from any of these points. In this article, let's deal with governance.

    A director, CEO or other C-suite executive can raise the need for ERM. Board members and senior executives are likely to display immediate skepticism: "We are doing just fine." "We have been in business a long time." "We know what we are doing." These are typical responses.

    Fortunately, a simple test exists to see if ERM is needed. A consultant or facilitator simply has to ask, "What are your seven to 10 most critical risks?" In many boardrooms, the question has produced an uncomfortable silence followed by a vigorous and maybe even rancorous discussion. Then boards realize more needs to be done to understand risk across the enterprise.

    The first obstacle confronting executive leadership is risk identification and developing agreement on critical risks. A specific example can illustrate the scope of the problem.

    Chrysler's critical risks

    In September 2007, five teams of MBA candidates at Saint Peter's College were assigned to identify five to 10 critical risks facing Chrysler Corp. They learned that Cerberus acquired Chrysler after DaimlerChrysler could not turn it around. Cerberus brought in a controversial CEO--Robert Nardelli, formerly of General Electric Co.--who had attracted national attention for his management style when he was CEO of Home Depot. Several observations from their lists:

  • Leadership risk. Teams identified Mr. Nardelli as a critical risk. Will his management style work better in the crisis environment of Chrysler as compared to Home Depot?

  • General vs. specific. Should risks be broad or narrow? If we identify the wrong risk, the mitigation strategy will not matter. What can Chrysler do about housing and gas prices, reputation or competition if it faces pressing issues from production efficiency, legacy pension and benefit costs, or supply chain exposures?

  • Short vs. long-term. Where do we start? We will not survive in the long term if we do not address deeply embedded risks. We will not survive short term if we run out of money.

    One interesting issue is the absence of cultural risk on any of the five lists. It does not seem reasonable to limit the leadership exposure to the style and skills of the new CEO. Aside from governance risks and subsequent strategies that a CEO might develop to address them, will the culture allow the execution needed to turn around the ailing company?

    In this context, ERM argues that the upside of risk is opportunity. Mr. Nardelli succeeded at GE and struggled at Home Depot. His appointment may be the perfect risk to be accepted by Cerberus. Only time will tell. Whatever happens, risk identification and consensus on critical risks should be a starting point for ERM at the level of governance. If Chrysler focuses on the right exposures, it increases the odds to develop the strategies and pursue the performance needed to achieve its goals.

    John J. Hampton is the KPMG Professor of Business and Dean of the School of Professional and Continuing Studies and Graduate Business Programs at St. Peter's College in New Jersey. He specializes in business ethics, legal liability and enterprise risk management. He is a former executive director of RIMS.

    • About

    Advertise

    Reprints and Licensing

    Resources

    . Privacy PolicyTerms of Use

    COPYRIGHT © 2024 BUSINESS INSURANCE HOLDINGS

    Member, Beacon International Group, Ltd.