Articles: Executive Leadership for ERM

  • The Six Mistakes Executives Make in Risk Management

    October 01, 2009

    This article in the October 2009 issue of Harvard Business Review outlines six key mistakes that are often made in risk management. It was written by three experienced risk professionals: Nassim Taleb, Daniel Goldstein, and Mark W. Spitznagel. The article focuses on the occurrence of black swan events and how they are becoming more prevalent in today’s business environment. These events are virtually impossible to predict; therefore, the only thing businesses can do is decrease their vulnerability by developing sophisticated risk management techniques. The first step is changing society’s view of risks. In order to do so, it is important for business managers to realize and correct the six mistakes outlined in the article.

  • Managing Risk in the New World

    October 01, 2009

    The recent financial meltdown has brought risk management under scrutiny like never before. In this article, five experts discuss the future of enterprise risk management and how risk oversight has evolved in the business world today.

  • Shifting of Internal Audit Strategy and Focus

    July 01, 2009

    Findings from a survey and roundtable of internal audit executives, service providers, and regulators show that internal audit is changing its risk priorities and audit coverage in response to changing stakeholder expectations in the current economic crisis. Internal audit is taking on a more strategic role in the organization and focusing more on ERM processes and recession-related risks.

  • Uncertainty in Business

    July 01, 2009

    Uncertainty and ambiguity are a key challenge for business leaders today. Organizations are finding that they must increasingly plan for contingencies in the future instead of focusing primarily on short-term goals. In the past, many business leaders believed their organizations’ long-term goals could wait until they had dealt with the current crisis. In the current business environment, this is no longer the case. The rate of change has accelerated, indicating that business leaders must learn how to strike a balance between managing complex issues today and predicting the uncertain issues of tomorrow.

  • Getting Executive Compensation Right

    July 01, 2009

    Executive compensation systems are often criticized for rewarding the wrong things, ignoring shareholder objections, focusing on short-term results, and being too opaque. Finding the appropriate level and type of compensation is an important first step to improving effectiveness of pay packages. There are also several actions that boards and shareholders can take in working towards improved executive compensation systems.

  • Need for Adaptive Leadership

    July 01, 2009

    While the current crisis will pass, a sustained crisis of unfamiliar challenges will remain. To successfully carry organizations through this sustained crisis, leaders will need to use an adaptive leadership approach unfamiliar to many. Adaptive leadership requires fostering adaptation, embracing disequilibrium, and generating leadership internally. By adopting these practices, organizations can effectively mobilize their resources to thrive in a changing and challenging world.

  • Culture of Candor

    June 01, 2009

    Performance of leaders is increasingly being measured based on the extent to which they create economically, ethically, and socially sustainable organizations. Increased transparency is an important step for leaders making this shift. An improved culture of candor can benefit organizational performance and there are several steps outlined for leaders seeking to create increased transparency. There is no easy way to institutionalize candor. Positive steps towards increased transparency are described but true transparency will require ongoing effort, sustained attention, and constant vigilance.

  • Importance of Risk Management Mindset

    April 15, 2009

    Many companies that were unprepared for the current economic situation have become hesitant to make decisions regarding the future. For companies to regain confidence in making these decisions there needs to be a realization that risk management models are only as good as the decisions that are made based on the models. As a result, the risk management mindset is just as important as the model. Companies can focus on their risk management mindset by re-defining risk to include a more integrated view of risk and constructing a new ‘risk architecture’ that incorporates information external to the company and looks at interdependencies to help make better decisions and more successfully manage their risks.

  • Risk Culture of Companies

    April 15, 2009

    Risk culture is an area of risk management that has become a recent focus for many boards. Risk culture is the system of values and behaviors present in an organization that shapes risk decisions of management and employees. A first step to addressing the risk culture of an organization is a conversation among management and the board involving topics such as “tone at the top”, effective communication, and appropriate incentives. A strong risk culture will take time to develop in an organization and its presence will mean that employees know what a company stands for, the boundaries within which it can operate, and that they can openly discuss which risks should be taken in order to achieve the company’s long-term strategic goals.

  • Six Ways Companies Mismanage Risk

    March 01, 2009

    Effective risk management is difficult even in the best situations, and failure of risk management can cause large losses within an organization. There are six fundamental mistakes risk managers routinely make: relying on historical data, focusing on narrow measures, overlooking knowable risks, overlooking concealed risks, failing to communicate, and not managing in real time. Augmenting conventional risk modeling techniques with scenario analyses of catastrophic risks and strategies for surviving these risks can improve risk management effectiveness.

  • Internal Auditors Partnership with Management

    February 01, 2009

    Internal auditors in the past have been used to examine how well management is performing and how well the company is operating. Now there is a need for internal auditors to work in conjunction with management to oversee risks. CHAN Healthcare Auditors realized this change in internal audit and has developed an audit process and tool that allows for a more effective approach to risk management. Even though the approach is mainly geared towards the healthcare industry, it can be used in numerous industries to determine companywide and departmental vulnerabilities.

  • Optimism Thwarts Risk Identification

    January 31, 2009

    Many culprits have been identified as causes to the current financial crisis, from faulty risk models to basic human greed. Susan Webber takes a step back to examine the culture that underlies errors which led to the current climate. In this article, she examines how a “yes man” environment creates a dangerously optimistic decision-making process. Valuing good news and positive thinking over observing realistic restraints to business strategy can prove disastrous in the long run for a company.

  • Financial Industry Assesses Role of Risk in Credit Crisis

    January 01, 2009

    This global survey conducted by KPMG in conjunction with the Economist Intelligence Unit in October 2008 summarizes responses from over 500 world-wide risk management senior officers in the banking industry about the role risk management played in the current economic crisis and how enterprise risk management would be used going forward. The report based on this survey highlight several themes permeating banking culture’s utilization of risk management that helped allow the current credit crisis. The report provides insights as to possible solutions, which many of the respondents are planning to or are currently taking.

  • Board Oversight of Risk Management and Executive Compensation

    December 01, 2008

    Boards of directors have fiduciary responsibilities to shareholders and there are several “pressure points” they can address to ensure fulfillment of these duties. One pressure point for boards is risk oversight and boards should consider reassessing their existing risk management programs to ensure a top-down, enterprise-wide approach is being taken that helps achieve the long-term goals of the company. Another pressure point is executive compensation and boards can take several steps to strengthen the link among pay, performance, and accountability to better reflect the risk culture of the organization.

  • Aligning Risk Management and Executive Compensation

    December 01, 2008

    Boards of directors are charged with corporate governance tasks that include setting executive compensation and developing the corporation’s strategic agenda in light of its risk tolerance. Using short-term performance metrics, like stock price or earnings per share, to determine executive compensation may encourage executives to make decisions that are not aligned with the corporation’s strategic plan or overall risk appetite.

  • Enterprise Risk Management Benchmark Survey

    December 01, 2008

    Deloitte conducted a survey of 151 companies over 2006 and 2007 to gauge the current state of ERM implementation. The survey found that interest in ERM is growing, driven primarily by regulations. The status of ERM programs is such that the primary uses and benefits are in traditional risk management areas, with little integration into the business areas focused on growth where respondents expect to see benefits. Survey results indicate the biggest challenge to ERM is demonstrating its value to the organization. There were many findings related to ERM implementation according to industry, region, and listing status; ERM program organization; and ERM policies, processes, and systems. The survey demonstrated that many companies are implementing ERM but are not realizing its full potential because they are focusing on asset protection and have not yet moved to incorporating value creation in their ERM programs.

  • Emory University’s ERM Implementation

    December 01, 2008

    Leaders at Emory University began an ERM program to improve the university’s ability to manage risks, prepare for adverse events, improve principles and practices related to financial controls, and to communicate with managers across the university about key issues. The ERM effort was endorsed by the executive committee and the process was developed by an ERM steering committee, which consisted of operational vice presidents and senior administrators. Emory did not find an ERM model in higher education or one offered by consultants that suited its goals for ERM, so it began its efforts with a bottom-up inventory of operational risks.

  • Managing Risk Through GRC to Improve Financial Processes

    November 01, 2008

    The Economist Intelligence Unit surveyed 446 senior executives from nine industries about their views on how to improve internal financial processes. The September 2008 survey included multinational executives of companies with annual revenues generally over $500 million US dollars. The industries included were chemicals, consumer goods, energy, financial services, the public sector, life sciences, IT and retailing. The survey focused on companies’ attempts to streamline governance, risk and compliance (GRC) processes and the impact on the financial functions of the business. The primary conclusion was that a holistic GRC system could be instituted as a value-added activity and would result in streamlined financial processes. Trying to reduce costs and streamline financial processes as a bottom-up approach was not as effective and doesn’t fully assess risks.

  • Linkage between Executive Compensation and Financial Sector Meltdown

    October 14, 2008

    This article shows how executives can cause unintended harm and risk on a company by asking the question, “In our quest for pay-for-performance, have we—boards, executives, and shareowners alike—created pressure points that influence risk-taking behaviors in unintended ways?” To answer this question the authors use the analogy of driving a car in different environment’s to help readers better understand the amount the risk that should be taken and provides steps companies can take to prevent financial crisis.

  • C-suite Influence on Excellence in Risk Management

    October 01, 2008

    This abstract summarizes the 2008 Excellence in Risk Management Survey conducted by the Risk and Insurance Management Society (RIMS) and Marsh. This is the fifth year that they have conducted an Excellence in Risk Management Survey. They find that senior management’s attention has shifted to the value of a strategic, broad approach to risk management in the wake of the current financial crisis. The survey cites disconnect within a company between risk managers and C-suite executives. It also explores organizations’ objectives in implementing and maintaining an ERM system. These objectives include internal and external expectations for the ERM system, which risks to consider, who is responsible, and the impact on the company. While the desire for a strategic risk management process seems to have leveled-off, businesses who have undertaken ERM implementation continue strong development and have continued support from the senior level.

  • Managing Risks for Comparative Advantage: Five Steps to Better Risk Management

    September 01, 2008

    This articles highlights a five-step process to help companies make changes to better their approach to risk management in response to the developments occurring in the corporate approach to risk management: 1. Identify and understand your major risks; 2. Decide which risks are natural; 3. Determine your capacity and appetite for risk; 4. Embed risk in all decisions and processes; and 5. Align governance and organization around risk.

  • Risk Managers Should Have Been Better Prepared

    August 07, 2008

    A risk manager at a large global bank explains how he did not expect the economy to take a turn for the worse. Since the economy was doing so well, it was always a possibility but it was thought inconceivable for the liquidity crisis to happen. This article highlights some of the difficult challenges those in risk management functions face when serving as “goal-keepers” facing internal front-line traders and bankers seeking deal approvals.

  • ERM: The Importance of Senior Management Buy-In and Leadership

    May 01, 2008

    The Midwest Audit Committee Network met to discuss effective ways for boards and audit committees to oversee enterprise-wide risk management. The network is a group of audit committee chairs drawn from leading Midwest companies of varying size. This article captures the overall tone of the comments and outlines the conclusions drawn by the committee. While specific quotes are highlighted to emphasize a point, the speaker’s identity is kept confidential.

  • Emerging Expectations for Alignment of Internal Audit and Risk Oversight

    December 31, 2007

    This report summarizes survey responses received by PricewaterhouseCoopers from chief audit executives of Fortune 250 companies about trends affecting internal auditors by 2012, particularly related to internal audit’s role in risk oversight. The report notes that since 2002, many companies have been concerned with meeting compliance standards set forth by the government and regulatory agencies. This has led many companies to begin focusing on how internal controls, including the role of internal audit, can be aligned to create value. As companies now view risk management and internal controls as fundamental to their business operations, they are striving to be proactive versus reactive to risk oversight given the dynamic risk environment associated with accelerated rates of change and faster pace of business. Companies are now beginning to take a risk-centric approach instead of a controls based approach to managing the company. This report details the major trends developing among a number of companies related to the importance of having a risk-centric approach for internal audit.

  • Audit Committee Involvement in Risk Oversight

    December 01, 2007

    Many boards of directors are directing executive management to embrace enterprise risk management (ERM) to develop a stronger top-down holistic view of risks affecting the enterprise. In most cases, the board is delegating oversight of management’s risk processes to the audit committee. Audit committees are now examining how they can expand their already full agendas to tackle these emerging expectations. This article briefly overviews the emerging role of ERM and issues facing audit committees.

  • The Global CFO Study 2008:  Balancing Risk and Performance within an Integrated Finance Organization

    October 01, 2007

    This IBM study of 1,200 CFOs and senior finance professionals reveals that CFOs may be taking the wrong approach to resource and risk management on a global scale. Organizations are turning to global markets deploying assets worldwide and establishing both vertical and horizontal operations in countries well beyond headquarter operations. As they do so, they face an undeniably riskier landscape. In fact, 62 percent of those surveyed encountered material risk events in the last three years, but nearly half (42 percent) were unprepared to manage those risks. Furthermore, risks arise from multiple sources often beyond financial activities. Eighty-seven percent of risk events were strategic, geopolitical, environmental, operational, or legal. Ironically, the study finds that supporting and managing enterprise risk ranked low in importance by survey respondents. Findings suggest that enterprises are looking to the CFO for leadership in risk management to close these performance gaps.

  • Governance, Risk Management, and Compliance (GRC)

    September 01, 2007

    The article titled One for Three provides an interesting perspective for companies using automation for their governance, risk management, and compliance concerns. Governance, risk management, and compliance (GRC) software has quickly advanced as various industries try to hone in on the best way to manage risks, while at the same time addressing compliance and regulatory issues. Many companies spend a little over 8% of their information technology budget on compliance requirements. Disturbingly, some companies using GRC software admit they are not completely aware of what GRC involves and the full capabilities of the software.

  • Linking Governance to Strategy

    September 01, 2007

    Finance professionals should play a key role in corporate governance, including connecting corporate governance to performance metrics and daily operations. This article examines an example of such a role in GE Oil & Gas, where Finance plays a key role in strategic planning and operations, including the integration of risks and opportunities.

  • Political Risks

    August 01, 2007

    Internal Auditor recently published an article titled, Assessing Political Risks, that discusses the role of chief audit executives (CAEs) as they face challenges such as unstable global markets. The article brings to light the importance of understanding the Foreign Corrupt Practices Act and the unavoidable risks associated with doing business abroad.

  • Risk Language

    June 01, 2007

    Internal Auditor recently published an article titled, The Language of Risk, which stresses the need for a clear risk language throughout all organizations. By using a common language, different levels of a business can communicate more effectively. Without a common risk language, lots of time can be wasted in clarifying risk issues that are miscommunicated

  • ERM Strategy: Create and Safeguard Stakeholder Value

    May 01, 2007

    The May 2007 issue of Strategic Finance cover story article, “Strategic Risk Management: Creating and Protecting Value,” illustrates the importance of integrating an enterprise-wide view of risks into all aspects of effective strategic planning. The article emphasizes the benefits of embracing an enterprise risk management (ERM) perspective when evaluating various strategic alternatives so that stakeholder value is protected, and more value is created. By moving risk management away from the “silo approach,” ERM users strive to balance all risks within their risk appetite while looking at risks interactively. The article explores how risks affect multiple aspects of strategic planning, by illustrating risks along The Return Driven strategy framework. Board of directors seek more effective management of strategic risks. This article argues for senior management to manage enterprise-wide risks in conjunction with strategic planning.

  • Managing the Unexpected

    September 25, 2006

    The Quarterly Journal of the EDS Agility Alliance recently published an article titled, Unwelcome Surprises, that discusses the dangers that can evolve from having a decentralized business structure that does not promptly alert upper management of potential dangers. Not knowing the outcome of future events makes the management of risks seem impossible.

  • The 2006 Oversight Systems Financial Executive Report on Risk Management

    June 15, 2006

    "The market may reward companies who take strategic risks, but many executives are discovering the consequences of overlooking their day-to-day operational risks. As companies place a greater emphasis on managing their operational risk, Oversight Systems surveyed financial executives to gauge corporate America’s progress in implementing enterprise risk management."

  • Integrating Compliance and Ethics in Risk Assessment Agenda

    February 01, 2006

    Since the publicity of numerous corporate scandals, the interest in compliance and ethics has created an important role for senior management to incorporate preventive maintenance measures for risk assessment and ethical violations. Recently, some of the guidelines and mandates from the federal government and ethics groups are helping to drive the interest even further. In response to this interest, Aon has developed a four-phase compliance and ethics risk assessment process.

  • Survey Data: ERM Trends

    December 31, 2004

    This study provides data obtained from surveys of nearly 1400 chief executive officers (CEOs) about risk trends and related expectations for effective ERM practices. With CEOs note that they are more aggressive risk takers than in the past, many note that they believe enterprise risk management practices will help them manage risks proactively to create value. They also agreed that risk management is a growing board of director priority and emphasis

  • Risk Gaps-Demand for ERM

    May 19, 2003

    Enterprise Risk Management programs can help close the huge gap in communication among executives and business unit leaders. Senior management and the board of directors’ involvement with risk assessment plays an important role in making an ERM framework effective. Involving all of the business units in risk assessment helps to eliminate the “silo effect,” whereby each business unit manages its risks in isolation. Developing an ERM framework that suits the company will help make it successful.