Articles: ERM Tools and Techniques

  • The Six Mistakes Executives Make in Risk Management

    October 01, 2009

    This article in the October 2009 issue of Harvard Business Review outlines six key mistakes that are often made in risk management. It was written by three experienced risk professionals: Nassim Taleb, Daniel Goldstein, and Mark W. Spitznagel. The article focuses on the occurrence of black swan events and how they are becoming more prevalent in today’s business environment. These events are virtually impossible to predict; therefore, the only thing businesses can do is decrease their vulnerability by developing sophisticated risk management techniques. The first step is changing society’s view of risks. In order to do so, it is important for business managers to realize and correct the six mistakes outlined in the article.

  • Scenario Planning

    September 01, 2009

    Scenario planning is a tool that allows management to create in-depth contingency plans and move from a reactive to a proactive mindset. This Conference Board Review article explains the strength of scenario planning through its ability to generate several possibilities of future events, and modify those scenarios and related plans as the current state of the economy and world shift with time.

  • Enterprise Governance, Risk and Compliance Platforms

    July 01, 2009

    As enterprise-wide risk management concerns have grown, so too has the market for enterprise governance, risk and compliance GRC platform vendors. This article not only describes the underlying technologies of these platforms, but provides the detailed results of Forrester Research Inc.’s product evaluation of fourteen GRC platform vendors.

  • Balancing Enterprise Risk Management and Enterprise Performance Management

    June 01, 2009

    Poorly planned and executed risk management capabilities contributed to the collapse, and they are likewise impeding the recovery as companies have shifted from taking too many risks to taking too few. Companies that are able to effectively balance enterprise risk management and enterprise performance management will have more robust risk management capabilities and be poised to make better decisions and drive improved company performance.

  • Seven Question Guide to Assess ERM

    May 01, 2009

    Risk professionals should consider seven questions in evaluating risk management tools, improving risk management practices, and assessing the state of ERM in an organization. Professionals should ask these seven questions: (1) if the risk management process really assesses risk; (2) if the risk assessment is context-driven; (3) if the risk management process address root causes of failure; (4) what business performance says about risk; (5) what the organization’s risks say about its controls; (6) what the organization’s controls say about its risks; and (7) if the professionals and their organizations are up for the task of risk management.

  • Importance of Risk Management Mindset

    April 15, 2009

    Many companies that were unprepared for the current economic situation have become hesitant to make decisions regarding the future. For companies to regain confidence in making these decisions there needs to be a realization that risk management models are only as good as the decisions that are made based on the models. As a result, the risk management mindset is just as important as the model. Companies can focus on their risk management mindset by re-defining risk to include a more integrated view of risk and constructing a new ‘risk architecture’ that incorporates information external to the company and looks at interdependencies to help make better decisions and more successfully manage their risks.

  • Six Ways Companies Mismanage Risk

    March 01, 2009

    Effective risk management is difficult even in the best situations, and failure of risk management can cause large losses within an organization. There are six fundamental mistakes risk managers routinely make: relying on historical data, focusing on narrow measures, overlooking knowable risks, overlooking concealed risks, failing to communicate, and not managing in real time. Augmenting conventional risk modeling techniques with scenario analyses of catastrophic risks and strategies for surviving these risks can improve risk management effectiveness.

  • Ten Practical Lessons for Risk Management

    March 01, 2009

    Recent events have uncovered significant deficiencies in the way risks are managed at financial institutions and many other companies. Research into these deficiencies shows ten practical lessons companies can apply to address current weaknesses and strengthen risk management systems. By wielding appropriate authority, gaining support from senior management, and thoroughly examining the models and incentive systems used, risk managers can greatly improve companies’ risk management systems.

  • Optimism Thwarts Risk Identification

    January 31, 2009

    Many culprits have been identified as causes to the current financial crisis, from faulty risk models to basic human greed. Susan Webber takes a step back to examine the culture that underlies errors which led to the current climate. In this article, she examines how a “yes man” environment creates a dangerously optimistic decision-making process. Valuing good news and positive thinking over observing realistic restraints to business strategy can prove disastrous in the long run for a company.

  • Risk Mis-Management

    January 04, 2009

    The largest banks and investment firms in the United States took excessive risks over the past few years, contributing to the current financial crisis; however, there was little indication to many that these risks existed. This is partially due to widespread institutional reliance on Value at Risk (VaR) models to measure the amount of risk in company portfolios. VaR can measure the boundaries of risk in a portfolio over a short duration in a normal market, but it does have some limitations. VaR input includes only recent events and not data from historic times of stress, it does not measure the largest risks that have a small probability of occurrence, it has problems properly accounting for leverage, and its overall measure can be manipulated. Despite these shortcomings, VaR and other risk models can still be useful when they are not relied on alone but combined with human judgment.

  • ERM is Vital for Businesses and the Economy

    January 01, 2009

    With the recent financial crisis many wonder if risk management could have prevented or minimized the fall out. The answer is yes. However many companies fail to properly implement risk management and therefore they do not fully understand the risk they are undertaking. Failures occurred because companies don’t fully understand the proper steps for effective risk management. This report addresses where companies failed and the areas companies need to improve to prevent another financial crisis.

  • Limitations of Traditional Risk Models in Forecasting Risk

    January 01, 2009

    The current economic crisis has upset many common assumptions about the global financial system and shaken investor confidence. While there are unique aspects to this crisis, it is important to understand that severe economic crises in general are not rare events. Traditional methods of modeling risk often fail to reflect the frequency of declines and when these declines will occur. It is important for investors to rely on more than the output from traditional risk models in assessing the potential risk associated with investments.

  • Aligning Risk Management and Executive Compensation

    December 01, 2008

    Boards of directors are charged with corporate governance tasks that include setting executive compensation and developing the corporation’s strategic agenda in light of its risk tolerance. Using short-term performance metrics, like stock price or earnings per share, to determine executive compensation may encourage executives to make decisions that are not aligned with the corporation’s strategic plan or overall risk appetite.

  • Keeping ERM implementation Simple

    December 01, 2008

    ERM has gained increasing attention in the current economic environment. Investors, regulators and chief officers alike look to managing enterprise-wide risks as a magic bullet to rebuild trust and prevent future major events like the credit crisis. In this article, Neil Baker looks to companies who have been engaged in ERM for the past several years. These companies appreciate the benefits, but site obstacles to implementation.

  • Emory University’s ERM Implementation

    December 01, 2008

    Leaders at Emory University began an ERM program to improve the university’s ability to manage risks, prepare for adverse events, improve principles and practices related to financial controls, and to communicate with managers across the university about key issues. The ERM effort was endorsed by the executive committee and the process was developed by an ERM steering committee, which consisted of operational vice presidents and senior administrators. Emory did not find an ERM model in higher education or one offered by consultants that suited its goals for ERM, so it began its efforts with a bottom-up inventory of operational risks.

  • Web-Based ERM Tools

    November 20, 2008

    The Internal Audit and Advisory Services division of British Columbia’s Ministry of Finance has created tools, available on the internet, to assist other ministries in designing and implementing an enterprise-wide risk management program. These tools include a dictionary of risk events common in government, a risk tracking tool, and a maturity model to measure progress in development and implementation.

  • Managing Risk Through GRC to Improve Financial Processes

    November 01, 2008

    The Economist Intelligence Unit surveyed 446 senior executives from nine industries about their views on how to improve internal financial processes. The September 2008 survey included multinational executives of companies with annual revenues generally over $500 million US dollars. The industries included were chemicals, consumer goods, energy, financial services, the public sector, life sciences, IT and retailing. The survey focused on companies’ attempts to streamline governance, risk and compliance (GRC) processes and the impact on the financial functions of the business. The primary conclusion was that a holistic GRC system could be instituted as a value-added activity and would result in streamlined financial processes. Trying to reduce costs and streamline financial processes as a bottom-up approach was not as effective and doesn’t fully assess risks.

  • Enterprise Innovation and Integration

    November 01, 2008

    Innovation and integration are important contributors to growth in an organization. In order to foster these activities within the organization, the article recommends developing two agencies: a distributed innovation group (DIG) and an enterprise integration group (EIG). The DIG promotes innovation by looking for promising ideas within and outside of the organization and funding and incubating those ideas. The EIG helps institute horizontal processes across silos to improve an organization’s performance. The IT function within an organization is often central to both groups, providing many of the requisite skills that enable these groups to succeed. While this article is not explicitly addressing enterprise risk management, the focus on integration of silos is relevant to ERM implementations.

  • Companies Employing an Entity-Wide Risk Management Program Better Prepared for Credit Crisis

    October 01, 2008

    The CFO Europe Research Services paired with ING Wholesale Banking to research chief financial officer’s opinions on the current credit crisis. More than 450 senior executives across Europe responded in the summer of 2008, to questions about market, operational, and financial threats to their companies in the summer. The major finding was that companies employing a structured entity-wide risk management program were much better prepared for the credit crisis and accompanying rising commodity prices. Most companies without an ERM system were taking steps to implement one.

  • Using Six Sigma Techniques to Improve ERM Systems

    October 01, 2008

    Enterprise risk management can be difficult to implement and improve upon in an organization due in part to measurement challenges. Using Six Sigma methodologies may offer internal auditors of organizations a new approach to more effectively implementing ERM. Six Sigma offers a scientific, data-driven, business improvement methodology that can be adapted to enhance ERM application in the areas of skilled employees, implementation tools, and value creation.

  • Eight Principles of Risk Convergence and Implications for GRC Technology Solutions

    May 01, 2008

    Many organizations are currently working to converge governance, risk, and compliance (GRC) efforts within the company. This convergence creates a holistic view of risk that can benefit the organization in many ways, with a primary benefit being cost savings and improved process efficiencies. Eight key principles necessary to achieve GRC convergence are described; along with the implications these principles have for using technologies to support the converged GRC framework. Any technology solution an organization uses can be instrumental in the success of the convergence effort, and the system must have a high degree of configurability to adapt to an organization’s unique risk management methodology.

  • When Strategy and ERM Meet

    January 01, 2008

    This article describes the intersection of strategic business plans and enterprise risk management (ERM). Recent events concerning collateralized debt obligations (CDOs) and subprime mortgages revealed that some institutions were tempted by the higher yields without managing the higher risks. This article contains three approaches to connect a company’s strategy to its risk management efforts. The three approaches for effective strategic risk management are: (1) a strategic risk management process, (2) a process to identify and protect assets at risk, and (3) strategic risk monitoring and performance measurement.

  • Risk:  Dealing with Dangers Abroad

    January 01, 2008

    This article addresses challenges associated with managing global risks. Even with improved global communication technologies, better understanding of foreign cultures, and international advisors, breakdowns in strategies and operations now housed around the globe still occur. Despite the observation that prudent risk management suggests companies should select their foreign business operations carefully, surveys suggest that developed-market company executives responsible for risk management confess to not having a strategy in place to manage risks in emerging markets, with North American companies least likely. This article explores processes and techniques to strengthen an organization’s consideration of global risk management.

  • Assess the Risks – Key Strategies for Overseeing Derivatives

    December 31, 2007

    In recent years the use of derivatives by mutual funds has soared. Yet, there has been little guidance offered to boards on the oversight roles when it comes to derivatives. This article offers nine key points to help boards better understand and assess the risks regarding the use of derivatives. Although, this paper is focused on specific boards overseeing mutual funds, many of the points can be applied to any board or manager’s oversight of derivatives.

  • Managing Risks and the Strategic Advantages

    June 05, 2007

    The article focuses on the importance of diagnostic tools used in managing risks and the need for a holistic methodology such as ERM for providing businesses with a strategic advantage. Companies can benefit immensely from software designed to integrate their compliance and governance activities with ERM.

  • Risk Language

    June 01, 2007

    Internal Auditor recently published an article titled, The Language of Risk, which stresses the need for a clear risk language throughout all organizations. By using a common language, different levels of a business can communicate more effectively. Without a common risk language, lots of time can be wasted in clarifying risk issues that are miscommunicated

  • NIST Risk Mitigation Toolkit

    May 01, 2007

    The National Institute of Standards and Technology (NIST) has issued a risk mitigation toolkit to help risk management leaders identify the most important hazards threatening buildings and other constructions and take action to reduce or eliminate their potential impact. The toolkit is tied to NIST’s “Guide to Printed and Electronic Resources for Developing a Cost-Effective Risk Mitigation Plan for New and Existing Constructed Facilities (NIST 7390). These resources can help building managers and owners with useful disaster mitigation data and tools.

  • Tools and Techniques for ERM Execution

    May 01, 2007

    The Institute of Management Accountants has issued a new document that summarizes tools and techniques used by businesses that have effectively implemented an ERM program. After identifying risks, businesses should focus on risk drivers and utilizing the vast number of tools currently available for managing risks. Also, the importance of an enterprise-wide approach should be considered when organizations become trapped into managing risks reactively or by use of the silo method. This document contains numerous practical tools and templates that can be adapted for a variety of organizational settings.

  • Survey by KPMG- ERM in the US

    January 31, 2007

    A survey published by KPMG titled, Enterprise Risk Management in the United States, reflects senior executive perspectives about risk management practices and on-going efforts to successfully implement and monitor ERM processes. The report provides feedback about ERM practices from US companies that span diverse industries such as aerospace, transportation, financial services, healthcare, and manufacturing

  • Enterprise Risk Management:  Frameworks, Elements, and Integration

    December 31, 2006

    The Institute of Management Accountants (IMA) has issued a new document that emphasizes the importance of understanding and managing risks in today’s complex business environment. Topics covered in the document to assist businesses in their ERM program include summaries of numerous ERM frameworks, foundational elements for ERM, risk tolerance, and business continuity. In conclusion, IMA offers a list titled, “Hallmarks of Best-Practice ERM” as a helpful guide to consolidate current practices that have proven to be effective.

  • RIMS ERM Maturity Model

    November 01, 2006

    The Risk and Insurance Management Society (RIMS) has recently introduced its Risk Maturity Model (RMM) to help organizations better utilize Enterprise Risk Management. The RIMS Risk Maturity Model can be used by chief risk officers and other risk practitioners as a resource to aide in planning, implementing, and benchmarking Enterprise Risk Management practices within their organizations.

  • Functioning Jointly:  ERM and Balanced Scorecards

    March 01, 2006

    The article titled Working Hand in Hand: Balanced Scorecards and Enterprise Risk Management brings together the benefits and rationale for looking at ERM and balanced scorecards jointly. Not only can balanced scorecards aid a company’s risk management program, but ERM can reinforce the effectiveness of the balanced scorecard. Thus, the two together blend risk management processes with the evaluation of risk management from a strategic perspective. Since both ERM and balanced scorecards share common goals such as a holistic perspective, consistency, and interrelationships, it is in a company’s best judgment to integrate the two.

  • Risk Management Quantification

    February 01, 2006

    Existing enterprise risk management frameworks focus on qualitative aspects leaving room for development of a more quantitative framework. Actuarial and mathematical models could provide a more quantitative framework to provide additional guidance to those wishing to implement ERM.

  • Enterprise Risk Management Quantification – An Opportunity

    February 01, 2006

    Enterprise Risk Management has been getting increased attention in recent years, however much of the focus has been on the qualitative aspects of framework with little focus on the quantitative aspects. This article presents the opportunities for individuals with a quantitative background and develops a framework that can be used to develop a risk model for your organization.

  • ERM Guide:  Frequently Asked Questions

    January 01, 2006

    Protiviti has provided an Enterprise Risk Management Guide that addresses the fundamentals of managing risks as well as frequent questions about implementation and the value that can be achieved with ERM.

  • Expanding ERM to Embrace Strategic Risk

    April 01, 2005

    Firms are insured against the usual risks but they are not protected against strategic risks. By using enterprise risk management techniques to identify strategic risks, firms can use countermeasures for anticipating and managing these threats systematically and turn some of them into growth opportunities.

  • Benefits of Managed Risks

    November 01, 2003

    When companies don’t guard themselves against substantial risks, the outcome can easily produce a damaged reputation. However, risk management should not discourage growth through eliminating risks, but the reverse should take place and positive risks should be implemented. Therefore, effectively managing the many risks faced by an organization is critical to its success.

  • ERM Infrastructure and Risk Intelligent Systems

    April 01, 2003

    Enterprise risk management (ERM) is the key to resolving some of the demands for more corporate transparency from investors. ERM is a process that changes how an organization identifies risks and manages those risks continuously. It helps to develop the steps and allocate resources to mitigate the organization’s risks and provides reasonable assurance about the organization’s ability to achieve its objectives.