Articles: Business Case for ERM

  • The Future of Risk

    July 31, 2009

    The current economic downturn has caused companies everywhere to question their risk management process and investigate ways to upgrade their risk management efforts. As risk complexity has increased, so too has company spending on risk management. While some companies are committed to increase resources spent on risk management, a majority will attempt to increase risk management efforts with existing resources. This reality can be achieved by balancing risk, cost and value across the enterprise.

  • S&P Issues Progress Report on ERM Integration into Credit Ratings

    July 22, 2009

    Standard & Poor’s recently published a report detailing the focus of their discussions with rated companies regarding ERM and insights gleaned from these discussions to date. So far, ERM discussions have been conducted with over 300 rated issuers and the report shares the seven questions used as the basis for these discussions. An interesting preliminary finding is that few companies have leveraged their ERM programs to identify risky opportunities that they are well-positioned to capitalize upon - most companies are currently focused on identifying and managing downside risks.

  • Determining the Value of ERM

    July 01, 2009

    In the current economy, companies are under pressure to justify all major investments, including enterprise risk management (ERM). In this article, KPMG provides some common approaches for valuing ERM programs or ERM components. Placing a value on ERM can help companies realize the return of their investment through reduced costs, increased reputation, and improved decision-making.

  • ERM in an Economic Downturn

    July 01, 2009

    Risks are necessary for success, but the failure to manage those risks effectively often leads to a plethora of negative outcomes for an entity. In the current economic environment, it is becoming increasingly important for companies to proactively respond to risks through an enterprise risk management (ERM) approach. Along with the benefits of assessing and managing risks, ERM can also positively affect a company’s credit rating and corporate governance outlook.

  • Internal Audit’s Role in Managing Reputation Risk

    June 01, 2009

    Reputational risks and corporate missteps are having more significant impacts on bottom lines and stakeholder perceptions of companies than ever before. Therefore, companies are recognizing the importance of reputational risk and placing a greater emphasis on reputational risk management. Internal audit departments can play a significant role in helping companies manage reputational risks through their advisory and monitoring efforts.

  • Risk Preparedness

    June 01, 2009

    Risk intelligence is a risk management philosophy focusing on the use of both risk avoidance and risk-taking to create value. While this article deals with risk intelligence, it focuses on the risk avoidance aspects as it discusses prudently preparing for the occurrence of negative events. By adequately planning for business disruption events, companies can become more resilient and recover from events more quickly, therefore gaining a competitive advantage in the marketplace.

  • Balancing Enterprise Risk Management and Enterprise Performance Management

    June 01, 2009

    Poorly planned and executed risk management capabilities contributed to the collapse, and they are likewise impeding the recovery as companies have shifted from taking too many risks to taking too few. Companies that are able to effectively balance enterprise risk management and enterprise performance management will have more robust risk management capabilities and be poised to make better decisions and drive improved company performance.

  • Reputation Management

    May 31, 2009

    Reputation management is critical to organizations and it continues to grow more complicated. Companies in the past could earn reputations as good corporate citizens by making philanthropic contributions without significant alignment with a business strategy. However, nonstop access to information, a lack of trust in business, and an increasingly broad base of stakeholders have increased the importance of reputation management to companies as well as changed the ways in which companies need to act to successfully manage their reputations.

  • Getting Risk Appetite Right

    May 01, 2009

    While the concept of a risk appetite framework is sound and can provide many benefits to organizations, many of these frameworks failed during the current crisis due to design and application problems. Organizations can learn from several key failings in risk appetite frameworks that were highlighted by the crisis. Though this article looks at risk appetite from the perspective of banks, the suggestions are applicable to many types of organizations seeking to improve their risk appetite framework.

  • Reputation Risk Management

    March 01, 2009

    A 2008 survey investigated the status of reputation risk management at different companies and found that companies are aware of reputation risks but may not be sufficiently managing these risks. There are several methods for managing reputation risks, including engaging with stakeholders, monitoring the content and volume of media coverage of the company, monitoring performance against external ratings or benchmarks, and crisis management. Ultimately, for reputation risk management to be successful, it should be integrated into broader risk management frameworks and reputation risk factors should become a key aspect of business decision making.

  • Companies Succeed During Downturn with ERM

    January 01, 2009

    In the four-part series “Managing in a Downturn” produced by The Financial Times, Russell Walker comments on the place for enterprise risk management in the current economic environment. Walker uses JPMorgan, Berkshire Hathaway, Honda and Toyota to show how enterprise risk management (ERM) as part of an overall business strategy can help prepare a firm for unexpected events like the credit crisis.

  • The Convergence of Enterprise Performance Management and Risk Management

    December 31, 2008

    Organizations can increase their probability of achieving strategic objectives by taking an integrated approach to deploying strategy and managing associated risks. The Performance/Risk Integration Management Model (PRIM2) provides a framework for organizations to consistently communicate and deploy strategies, proactively identify and manage inherent risks in the strategy, and ensure integration of strategic plans, risk management, and performance management in strategy execution. PRIM2 also provides real-time transparency into an organization’s operations, facilitating continuous alignment of strategy, risk management capabilities, and performance management. While the details of a PRIM2 infrastructure will vary across organizations, there are several core elements that should be incorporated in any PRIM2 framework. Implementation of a PRIM2 framework is intended to establish and maintain a balance between the enhancement and protection of an organization’s shareholder value.

  • Boards of Directors and Risk Management in 2009

    December 08, 2008

    There will be many pressures on boards of directors in 2009 given the current economic climate, and several of these pressures revolve around the issue of risk management. This “white-paper” memorandum examines risk management in the context of key issues facing boards in 2009, roles and duties of the board, and board committees and procedures. Boards will need to focus on oversight of risk management, possibly establishing a dedicated risk management committee at the board level. Boards should also ensure executive and director compensation policies are aligned with stakeholder interests and that those policies do not promote excessive risk-taking. Another key focus for boards will be balancing short-term and long-term interests, resisting undue pressure for positive short-term results and positioning their companies for long-term growth.

  • Understanding and Articulating Risk Appetite

    December 01, 2008

    Risk appetite, when properly understood and articulated, can be a powerful tool for managing risk and enhancing overall business performance by better aligning decision-making and risk. Many organizations have a need for increased clarity regarding their risk appetite and this article provides insights on formulating and defining risk appetites.

  • Enterprise Risk Management Benchmark Survey

    December 01, 2008

    Deloitte conducted a survey of 151 companies over 2006 and 2007 to gauge the current state of ERM implementation. The survey found that interest in ERM is growing, driven primarily by regulations. The status of ERM programs is such that the primary uses and benefits are in traditional risk management areas, with little integration into the business areas focused on growth where respondents expect to see benefits. Survey results indicate the biggest challenge to ERM is demonstrating its value to the organization. There were many findings related to ERM implementation according to industry, region, and listing status; ERM program organization; and ERM policies, processes, and systems. The survey demonstrated that many companies are implementing ERM but are not realizing its full potential because they are focusing on asset protection and have not yet moved to incorporating value creation in their ERM programs.

  • Contrasting Old and New Models of Risk Management

    November 30, 2008

    This article details the growing importance of ERM and contrasts ERM with old models for risk management to illustrate how ERM, if positioned correctly, can add value to companies today. ERM today is all encompassing, takes a team, requires management to set the mindset and culture of the company, is not all about insurance, requires partners in strategy development, is not a once-a-year exercise, and viewed through a wide-angle lens.

  • Preparing For S&P Integration of ERM

    October 01, 2008

    Standard and Poor’s (S&P) is integrating an evaluation of enterprise risk management (ERM) into corporate credit ratings beginning in 2009. S&P has considered ERM when rating financial institutions and insurance companies previously and decided to expand the consideration of ERM to all rated companies. This incorporation of ERM into the credit rating process signals that S&P believes that companies with strong ERM capabilities are a better credit risk. This article highlights key aspects of ERM that S&P intends to consider when evaluating ERM preparedness at organizations they evaluate.

  • Companies Employing an Entity-Wide Risk Management Program Better Prepared for Credit Crisis

    October 01, 2008

    The CFO Europe Research Services paired with ING Wholesale Banking to research chief financial officer’s opinions on the current credit crisis. More than 450 senior executives across Europe responded in the summer of 2008, to questions about market, operational, and financial threats to their companies in the summer. The major finding was that companies employing a structured entity-wide risk management program were much better prepared for the credit crisis and accompanying rising commodity prices. Most companies without an ERM system were taking steps to implement one.

  • Outsourcing and Offshoring Decisions - Taking a Risk Intelligent Approach

    October 01, 2008

    When initiating the use of outsourcing and offshoring, companies should take a Risk Intelligent approach. In doing so, companies can better mitigate risks that develop from outsourcing and offshoring and optimize the benefits from such contracts. Companies should follow the steps within the outsourcing and offshoring lifecycle to when making outsourcing and offshoring decisions.

  • Using Six Sigma Techniques to Improve ERM Systems

    October 01, 2008

    Enterprise risk management can be difficult to implement and improve upon in an organization due in part to measurement challenges. Using Six Sigma methodologies may offer internal auditors of organizations a new approach to more effectively implementing ERM. Six Sigma offers a scientific, data-driven, business improvement methodology that can be adapted to enhance ERM application in the areas of skilled employees, implementation tools, and value creation.

  • Managing Risks for Comparative Advantage: Five Steps to Better Risk Management

    September 01, 2008

    This articles highlights a five-step process to help companies make changes to better their approach to risk management in response to the developments occurring in the corporate approach to risk management: 1. Identify and understand your major risks; 2. Decide which risks are natural; 3. Determine your capacity and appetite for risk; 4. Embed risk in all decisions and processes; and 5. Align governance and organization around risk.

  • We Will Never Have a Perfect Model of Risk

    March 16, 2008

    Former chairman of the Federal Reserve Alan Greenspan discusses why both risk and econometric models will never reach perfection. Business cycles and surprising discontinuities attribute to imperfection. Though these models helped past crises, Greenspan notes that the most reliable forms of managing against economic failure are market flexibility and open competition.

  • NC State ERM Initiative Responds to S&P Request for Comment

    January 31, 2008

    The NC State ERM Initiative has responded to the request for comment issued by Standard & Poor's on their proposed expansion of ERM analysis to nonfinancial companies as part of their overall credit ratings process. The ERM Initiative strongly endorses the S&P proposal to incorporate ERM analysis as an important component of the credit ratings decision and a copy of the comment letter submitted to S&P on January 31, 2008 and the link to the original S&P request for comment are provided.

  • When Strategy and ERM Meet

    January 01, 2008

    This article describes the intersection of strategic business plans and enterprise risk management (ERM). Recent events concerning collateralized debt obligations (CDOs) and subprime mortgages revealed that some institutions were tempted by the higher yields without managing the higher risks. This article contains three approaches to connect a company’s strategy to its risk management efforts. The three approaches for effective strategic risk management are: (1) a strategic risk management process, (2) a process to identify and protect assets at risk, and (3) strategic risk monitoring and performance measurement.

  • The Evolution of Risk and Controls: Seeking Value Creation

    December 31, 2007

    KPMG partnered with the Economist Intelligence Unit to report on the evolution of risk and controls functions within organizations. This report contains findings of how companies are re-defining the roles and objectives of their risk and controls management. Based on a survey of 435 senior global executives over a cross section of industries, the report highlights the major finding that executives are increasingly trying to find ways to utilize risk management (ERM) as a value-adding activity and partner in business strategy, rather than a mechanized response to threats or ad hoc system designed to merely preserve business objectives. Boards and key stakeholders are placing greater demands on executives to show that risk and controls are making measurable, positive contributions to value creation. A variety of factors has contributed to this change in perspective: volatility of international business proceedings, changing regulatory environment, greater desire for improved cost and efficiency considerations, and the emergence of new business risks. The survey illustrates primary concerns of CEOs in the changing ERM environment and their increasing reliance on risk and control professionals to make strategic decisions. The survey’s questions and responses are cataloged in an appendix to the article.

  • Reputation Risk Management

    December 01, 2007

    Corporations have started to take notice of the importance of reputation risk management, particularly in the past decade. Since 2000, research concerning reputation risk has more than doubled. A use of a top-down risk management strategy, as prescribed in an enterprise risk management strategy, as well as concentration on stakeholders are key parts of successful reputation risk management.

  • Governance, Risk Management, and Compliance (GRC)

    September 01, 2007

    The article titled One for Three provides an interesting perspective for companies using automation for their governance, risk management, and compliance concerns. Governance, risk management, and compliance (GRC) software has quickly advanced as various industries try to hone in on the best way to manage risks, while at the same time addressing compliance and regulatory issues. Many companies spend a little over 8% of their information technology budget on compliance requirements. Disturbingly, some companies using GRC software admit they are not completely aware of what GRC involves and the full capabilities of the software.

  • Cultivating Risk Intelligence for Competitive Advantage

    June 01, 2007

    Risk intelligence requires organizations to consider both unrewarded risks, taken primarily for value protection, as well as rewarded risks, taken to drive value creation. Risk management has been increasing in importance in recent years, and as entities undertake risk management programs it is important to consider both aspects of risk in order to maximize the value of these activities. Several characteristics of a risk-intelligent enterprise are described as well as several steps organizations can take in order to increase their risk intelligence.

  • Integrating SOX and ERM- Truths and Myths

    April 01, 2007

    For most organizations, the efforts being made to meet compliance regulations are not tied to current ERM processes. Procedures should be put in place to integrate compliance functionality into existing risk management plans.

  • Managing Reputation Risk

    February 01, 2007

    Reputation is very important to most organizations, yet many companies do a poor job of managing risks to their reputation. Too often, companies focus their energy on addressing threats to their reputation that have already surfaced instead of proactively searching for potential reputation risks on the horizon.

  • ERM Business Drivers

    February 01, 2007

    Forrester recently published an article by Michael Rasmussen titled, Business Drivers for Enterprise Risk Management, detailing why companies struggle with implementing and managing a successful enterprise risk management (ERM) program. Groups such as the Open Compliance and Ethics Group and the Professional Risk Managers’ International Association have been established to provide help.

  • How Managing Political Risk Improves Global Business Performance

    December 31, 2006

    A study was completed by PricewaterhouseCoopers Advisory and Eurasia Group dealing with political risk and how it affects multinational companies. The results of the study showed that multinational companies are not happy with how political risk is being managed. This is an unfortunate situation because political risk affects how companies protect their investments and assess new opportunities. PwC believes that by using an integrated approach based on the COSO model, companies can improve their management of political risk.

  • Managing the Unexpected

    September 25, 2006

    The Quarterly Journal of the EDS Agility Alliance recently published an article titled, Unwelcome Surprises, that discusses the dangers that can evolve from having a decentralized business structure that does not promptly alert upper management of potential dangers. Not knowing the outcome of future events makes the management of risks seem impossible.

  • ERM – UnitedHealth Group

    July 01, 2005

    UnitedHealth Group has implemented ERM within the organization to help identify risks and alleviate negative exposures while profiting from positive opportunities. ERM implementation at UnitedHealth Group evolved out of their Business Risk Management processes used in their six diverse operating businesses.

  • Expanding ERM to Embrace Strategic Risk

    April 01, 2005

    Firms are insured against the usual risks but they are not protected against strategic risks. By using enterprise risk management techniques to identify strategic risks, firms can use countermeasures for anticipating and managing these threats systematically and turn some of them into growth opportunities.

  • ERM and Business Continuity

    March 11, 2005

    There is a huge debate over the roles and positioning of risk management and business continuity management within organizations. Some argue one function should be subordinate to the other. The key, however, is that the organization must determine the functional scopes of each function and communicate the appropriate relationship of the two tasks. Each organization needs to decide the appropriate mixture of these two functions.

  • Outsourcing Decisions:  Taking an ERM Approach

    July 01, 2004

    Before outsourcing a business process or function, it is essential to assess the associated risks from an enterprise-wide risk management perspective. Poorly managed outsourcing decisions may ultimately increase, rather than decrease, total risk for an enterprise. An ERM approach to risk management is appropriate for managing the complexity of risks associated with outsourcing decisions.

  • Benefits of Managed Risks

    November 01, 2003

    When companies don’t guard themselves against substantial risks, the outcome can easily produce a damaged reputation. However, risk management should not discourage growth through eliminating risks, but the reverse should take place and positive risks should be implemented. Therefore, effectively managing the many risks faced by an organization is critical to its success.

  • Book Review:  Making ERM Pay Off

    December 31, 2001

    The book, Making Enterprise Risk Management Pay Off, discusses the use of ERM for managing organizational risks and creating, protecting, and enhancing shareholder value. The book contains in-depth case analyses of five companies' risk management practices. These analyses provide several lessons learned about ERM, which can be helpful for others trying to implement ERM in their organizations.

  • Driving Need for ERM

    March 31, 2001

    Many environmental forces—such as globalization, technology, the Internet, and deregulation—have created uncertainty for twenty-first century businesses. Companies therefore have to re-think business models, core strategies and customer bases. As a result, new issues related to risk and risk management have also evolved. Now, more than ever, executives are confronted with calls for managing risk on an enterprise-wide basis. The idea of risk management is one that has become strategic, rather than defensive, as companies try to mesh risk management with business management.