Articles: Executive Leadership for ERM

  • Strengthening the Role of the Chief Risk Officer in an Organization

    February 13, 2013

    The role of chief risk officer (CRO) has been put under a microscope to understand methods and key success factors that can enhance the role. Organizations now, more than ever before, are appointing CROs to improve their risk function and better manage potential risks that could impede their strategy. To achieve that, the CRO must be placed in a position that is fundamental as well as instrumental in the decision-making and strategy-setting process. A recent Protiviti white paper provides six key critical success factors that organizations should be aware of and promote to ensure that their organization is in a better risk management position than in the past.

  • Managing Disruptions by Bifurcation

    December 01, 2012

    Proactively managing risks gives managers viable strategies when opportunities or threats emerge. However, even the most proactive companies experience an event or events that require reactions from management. At times, this process involves reinventing the company’s business model while divesting or disowning what made it successful. The authors of a recent Harvard Business Review paper argue that companies can diversify risk and capitalize on disruptions by bifurcating their strategies: a market-adaptive model that repositions its legacy business while also developing a new growth model that is forward-looking. Even though the strategies are divergent, companies should manage them in such a way that they share resources to create synergies in what the authors call “capabilities exchange”.

  • S&P’s Management and Governance Rating Criteria - 2012

    November 13, 2012

    NEW YORK (Standard & Poor's) Nov. 13, 2012--Standard & Poor's Ratings Services today published its criteria for evaluating enterprises' management and governance credit factors in an article titled "Methodology: Management And Governance Credit Factors For Corporate Entities And Insurers." (See also "How We Use Management And Governance Credit Factors," published today.)

  • Internal Audit’s Role in Risk Management

    October 02, 2012

    Michael Somich, Executive Director of Internal Audit at Duke University, discusses with Dr. Mark Beasley his views about the role internal audit should play within an organization’s ERM process. He shares insights from his experiences of leading the launch of the ERM initiative at Duke University while also serving as the general audit executive.

  • The Future of ERM

    October 02, 2012

    Steve Dryer, Managing Director and Practice Leader at Standard & Poors, speaks to whether he thinks Enterprise Risk Management is just another consultant’s fad or if it will be an enduring process and way of thinking. He states that he believes though the name may eventually fade away, the underlying concepts that make up ERM will survive through the test of time. Mr. Dryer expects that ERM will slowly evolve with best-practices surviving the test of time. He also expects S&P to catch some heat for evaluating such a “soft” part of a company as opposed to its traditional “hard numbers” based approach to examining companies. However, he states this is an important part of their evaluations.

  • Chief Risk Officer vs. Risk Committees

    October 02, 2012

    A major stumbling block companies run into when beginning their ERM journey is whether to have one risk champion (CRO) or have a committee that handles risk oversight. Paul Zavolta, Director of ERM at Alpha Natural Resources, tells how Alpha Natural Resources uses both and discusses the importance of having individuals in risk leadership positions who possess strong people skills in addition to their technical expertise. He also goes into how he wishes he had risk management education as a college student and how that would have helped him throughout his career.

  • Role of Senior Executives in Leading Risk Oversight

    October 02, 2012

    Michael Somich, Executive Director of Internal Audit at Duke University, discusses how having the President of Duke University "walk the walk and talk the talk" regarding ERM is essential element of the success of ERM at Duke. He states how the ERM process is maturing and he shares insights as to factors that have contributed to the ongoing embrace of ERM at Duke. He offers his views about the detrimental impact on ERM when an organization lacks the backing of a president or CEO of an organization.

  • Education of ERM Concepts at the Collegiate and Corporate Levels

    October 02, 2012

    Laurie Brooks, retired Chief Risk Officer at Public Services Enterprises Group and current board of director at Provident Financial Services, shares her views about the long-term viability of ERM and how ERM is an expected core competency skill of executives. She argues that should simply be seen as a good management practice and looking at risks from an enterprise-wide view should be seen as the normal thing to do, not a specialized thing to do. She also tells about how to tell the maturity of ERM at a company by how risks are assigned and overseen.

  • Minimizing Risks through Creative Strategy Setting

    September 01, 2012

    Strategic planners often go through a rigorous process of extensive analysis of past performance and forecasts to come up with a robust strategic plan. They attempt to check their biases, preconceived notions, and judgments during this process. However, the reality of the outcome of its execution of strategy provides little comfort on the efficiency of the strategic planning process and in identifying the risks associated with that strategy. This article from the Harvard Business Review recommends a “truly scientific” approach to strategic planning by providing seven key steps for leaders to consider while designing strategies so that they may be in a better position to address risks proactively as the strategy is built rather than after the strategy’s execution. In this way, organizations are better positioned to identify risks before they emerge, thereby enhancing the likelihood of strategic success through more effective risk oversight.

  • Executives Take on Enterprise Risk Management Post- Recent Crisis

    June 01, 2012

    In spring of 2012, a survey of 192 U.S. executives from various industries was conducted by Forbes Insights in association with Deloitte that revealed findings vital to the business world that put enterprise risk management (ERM) in perspective. The overriding theme is that most executives (over 90%) are planning to re-organize and reprioritize their approaches to risk management. And, they sense that many of the risks recently experienced will only increase in volatility. Many of the respondents are turning to ERM with an even greater commitment to find better ways to continuously monitor key risks. This Deloitte thought paper highlights several considerations executives will want to have as they seek to strengthen their organization’s enterprise-wide risk management to ensure it is providing strategic value as the world becomes more complex.

  • Sustainability:  Considerations that Can’t be Ignored from a Strategic Perspective

    May 17, 2012

    The topic of sustainability means a host of things to people. Many view it from a “going green” or “social responsibility” perspective. While there is value in considering sustainability related to those types of initiatives, boards and C-suites are finding greater strategic benefit in positioning their considerations of sustainability from a risk and opportunities perspective. They are trying to view sustainability from a lens that forces them to think how sustainability issues might affect the long-term viability of the entity’s business model. That is, they are seeking to integrate their sustainability thinking with their strategic planning and execution efforts. A recent MIT Sloan Management Review Research Report highlights emerging trends of how sustainability considerations are reaching a tipping point.

  • Allegations of Risk Management Overrides Swirl at JPMorgan Chase

    May 15, 2012

    The turmoil surrounding recent announcements of over $2 billion in trading losses at JPMorgan Chase is now shining a spotlight on risk management failures at the bank. A front-page story in The New York Times (May 15, 2012) reveals that in the years leading up to the bank’s trading loss, risk managers and some senior investment bankers raised concerns that the bank was making increasingly large investments in complex trades, but their concerns were ignored and dismissed. Some allege that the senior executives failed to respond to concerns from internal risk officers, who were largely side-lined. This unfolding story is highlighting the critical importance of the tone at the top regarding maintaining and enforcing an appropriate risk management culture and continues to support the call for direct lines of reporting from chief risk officers to independent members of the board of directors.

  • S&P’s Preliminary Changes for Scoring Management and Governance for Credit Rating Purposes

    May 01, 2012

    Part of the ratings process that Standard & Poor’s (S&P) undertakes to determine the creditworthiness of a company includes examining the management and governance functions of the organization. Often times an otherwise financially stable organization can be taken down from within because leadership is lacking within its own four walls. S&P is revamping its process to examine these aspects of a company, and has published a paper looking for public comment on their proposed process, which includes looking at the strategic positioning, risk management/financial management, organizational effectiveness, and governance. Specific sub-factors within each of those categories are examined to determine a score of strong, satisfactory, fair, or weak.

  • Understanding and Communicating Risk Appetite

    February 01, 2012

    Risk appetite, as defined by COSO, is the “amount of risk, on a broad level, an organization is willing to accept in pursuit of value.” While the overall concept of risk appetite makes sense, organizational leaders find it difficult to find practical ways to articulate the organization’s appetite for risk-taking. As a result, risk appetite is often not discussed in many organizations. However, many are realizing that as their ERM processes mature, they need to tackling articulating risk appetite. Developing and articulating risk appetite needs to be engrained into the culture of an organization.COSO has developed this thought paper on Risk Appetite to provide practical illustrations of effective ways boards and senior executives can identify and communicate its appetite for risk taking across the enterprise.

  • The LEGO Group’s Four Elements of Risk Management

    February 01, 2012

    Integrating risk management with strategy development and execution is one way that organizations can manage their strategic risks in a volatile business environment. One company that has done so is the LEGO Group- a family-owned company that is the third-largest toy manufacturer in the world in terms of sales. To better prepare itself in mitigating strategic risks, the company developed its strategic risk management through four elements: (1) Enterprise Risk Management, (2) Monte Carlo Simulations, (3) Active Risk and Opportunity Planning (AROP), and (4) Preparing for Uncertainty. This four-step approach was started in 2006 and led by Hans Læssøe, senior director of strategic risk management at LEGO System A/S. LEGO’s strategic risk management is a good illustration of how organizations can develop their risk management capabilities and processes in incremental steps. This article describes the four elements of LEGO’s risk management, as well as the PAPA model used to prioritize risks.

  • How ERM May Impact Credit Ratings

    January 10, 2012

    Standard & Poors started looking at ERM in banking and insurance companies in the mid 2000s. Steve Dreyer, Managing Director and Practice Leader at Standard & Poors, provides insights at points of focus S&P considers as it evaluates an organization approach to ERM and how their assessments might impact the organization’s overall credit rating. He highlights factors related to the kind of environment that fosters a strong ERM process and its overall fit within the organization’s culture. He also speaks to obvious failures in a risk management process, and how ERM has to be done correctly to be effective within an organization.

  • Compiling and Presenting Interview Data from Risk Interviews

    January 10, 2012

    After conducting 80-90 interviews seeking the identification of major risk exposures facing the company, David Hughes, Assistant VP of ERM and Business Continuity Planning at Hospital Corporation of America (HCA) has a massive amount of data to compile and disseminate. During our interview of David, he speaks about how HCA breaks down the top ten risks by the type of risk and by level of management who identifies a risk to be a major risk. Hughes also tells how HCA informs its board members about what the top risks that the corporation faces as a whole.

  • Risk Management in Deloitte’s 2011 Board Practices Report

    January 01, 2012

    Deloitte’s 2011 Board Practices Report provides current information on topics of corporate governance. The report is based on the results of a survey distributed to the members of the Society of Corporate Secretaries and Governance Professionals, Inc. This summary highlights the findings related to strategy and risk management. Questions relating to strategy included the level of board involvement and how strategy is developed. The risk management discussion focused on risk oversight as well as how well it aligns with the company’s strategy.

  • Special Report: Risk Lessons from the 2011 Japan Earthquake Disaster

    January 01, 2012

    In the Global Risks 2012 report, the World Economic Forum features a special report on the Great East Japan Earthquake of March 2011. The special report highlights some lessons learned from the crisis that can be applied by governments and businesses. Some of the lessons include the necessity of redundancies for risk resilience, the value of adaptive leadership, and the importance of timely communication during a risk event.

  • Risk Committees

    January 01, 2012

    While most often the board of directors delegates risk oversight to the audit committee, increasingly boards of creating separate board level risk committees charged with that responsibility. This is particularly true for financial services firms, given requirements imposed by the Dodd-Frank legislation for larger banks to form separate risk committees. In an effort to assist companies who are considering the establishment of a board risk committee, Deloitte has organized a resource guide of ideas, recommendations, and specific tools. This resource will help assist those entities that will need to be in compliance with the Federal Reserve’s requirements developed to implement the provisions of Dodd-Frank. Although the guide is helpful for companies that must comply with the new Dodd-Frank regulations, it can be useful for any company that wishes to obtain more information on risk governance and oversight.

  • The World Economic Forum’s Global Risks 2012 Report

    January 01, 2012

    The World Economic Forum’s seventh edition of the Global Risks 2012 report details the survey results of 469 global experts from different sectors. The experts ranked the likelihood and impact of 50 global risks that are major concerns of governments, businesses, and other groups. The risks are divided into five categories namely economic, environmental, societal, geopolitical, and technological risks. The report surveys global experts and aims to provide the survey results to assist political, business and other world leaders to be aware of the current global risks that need to be managed timely and effectively.

  • Interviewing as a Technique for Risk Identification

    November 02, 2011

    Director of the ERM Initiative at NC State, Dr. Mark Beasley, speaks with David Hughes, Assistant VP of ERM and Business Continuity Planning at Hospital Corporation of America, about the interviewing process the company employs to identify top strategic risks at HCA. They speak about the timing, frequency, and content of these interviews and how the interviews have evolved over time. Measurement tools are also discussed briefly during this segment.

  • Enterprise Risk Management and the Banking Crisis:  Lessons Being Learned

    November 02, 2011

    Many critics of ERM point to the banking crisis of 2008 and 2009 as an example that ERM does not work. Steve Dreyer, Managing Director and Practice Leader at Standard & Poors, explains how banks either weren’t practicing ERM correctly or didn’t have strong metrics in measuring their risk assessment. He speaks to how he believes banks were simply doing risk management in name only and they didn’t look at risks beyond a typical scope.

  • How ERM Differs from Traditional Risk Management?

    November 02, 2011

    Often times, corporations don’t see the value in adding additional processes in order to have an enterprise-wide view of risk management. Laurie Brooks, retired Chief Risk Officer at Public Services Enterprises Group and current board of director at Provident Financial Services, explains how looking at risk across business segments and from both the bottom-up and top-to-bottom perspectives can really help companies see what risks they need to monitor most. Ms. Brooks also speaks of considering velocity and ability to handle risks when assessing a risk profile.

  • The ERM Process at Xerium Technologies Part 2

    November 01, 2011

    Bonnie Hancock speaks with Fred Caloggero, VP of Audit Services at Xerium Technology, about the ERM process that he helps lead at the company. Many companies look at risk on a two scale plane, considering likelihood and impact; however, Xerium adds in the aspect of velocity – the speed of which a risk can be onset at a company. By looking at things like Key Performance Indicators and Key Risk Indicators, a company can be more aware of the velocities of various risks.

  • 2011 RIMS ERM Survey

    November 01, 2011

    The 2011 Enterprise Risk Management Survey published by the Risk and Insurance Management Society (RIMS) shows that ERM is growing as a mainstream business practice with more companies adopting ERM programs. The survey results show a growth in the number of risk managers who are taking on leadership of roles in their companies’ ERM programs. However, companies are still immature in their ERM implementation. Companies are still unable to recognize the link between ERM and strategy.

  • Compliance, Ethics and Enterprise Risk Management

    October 17, 2011

    Carlo V. di Florio, the Director of Office of Compliance Inspections and Examinations at the SEC spoke about the relationship between compliance, ethics and ERM. He made his speech at the National Society of Compliance Professionals (NCSP) National Meeting in October 2011. The speech outlined the importance of ethics in compliance and ERM exercises. It also presented ten elements of effective ethics, compliance and ERM programs. The speech also emphasized the need to clarify an organization’s five lines of defense namely the business, key support functions, internal audit, senior management, and the board of directors.

  • Annual Corporate Director Survey Focuses on Risk Management

    October 01, 2011

    PwC’s 2011 Annual Corporate Director Survey report summarizes the responses of 834 corporate directors concerning stakeholder concerns. Critical areas highlighted in the findings were executive compensation, succession planning, and risk management. Given that expectations of governance oversight have reached unprecedented levels, boards are working to adapt their risk oversight role to the shifting risk landscape. See what directors say about their risk oversight maturity.

  • Being Aware of Catastrophic Risks

    September 01, 2011

    Catastrophic risks are always with companies. They can be destructive as well as be the result of a poor decision or lack of making a decision. The consequence associated with making a poor decision demands a risk analysis process that emphasizes having the courage to act in a manner that may be counter to the company’s and board’s expectations. This article discusses a three-part strategy that, with consistent use, aides in the avoidance of catastrophic events. Also provided are examples of well-known decisions that ended in catastrophe that could have been avoided with better pre-event risk analysis.

  • The CFOs Relationship with the Audit Committee for Effective Risk Management

    August 01, 2011

    Organizations rely heavily on senior management and their board to mitigate excessive risk in today’s business environment. In fact, managing risk is often a shared responsibility between the CFO and the audit committee. This article discusses how improving the working relationship between these two is vital for effective risk management. While the article is targeted towards CFOs, other executives are likely to find the guidance related to enterprise risk management wise counsel for them to consider as well.

  • Competitive Advantage in a Risk Environment: Four Capabilities to Gain Adaptability

    July 01, 2011

    In a business environment that is always changing and full of uncertainties, conventional methods of strategy may no longer be appropriate. Instead, managers are finding that sustainable competitive advantage occurs by being more agile through rapid adaptation. This article proposes four organizational capabilities that support a competitive advantage from the ability to adapt quickly, as well as the implications of this strategy for large, already established businesses.

  • Does Reliance on Board Subcommittees Lead to Silo-Risk Management?

    June 14, 2011

    Most boards of directors create subcommittees to manage certain types of board oversight responsibilities. Most boards have audit committees to oversee the financial reporting process and compensation committees to oversee senior executive compensation plans. Other committees might include nominating committees, compliance committees, and in certain industries, risk committees. As responsibilities for boards continue to increase, the agendas of both the full board and their subcommittees are becoming increasingly large and complex. A recent article in Directorship raises the concern that the creation of subcommittees and their related committee charters are leading to more silo-ed oversight of risks whereby certain categories of risks are managed by specific committees leaving little opportunity for the board as a whole to obtain an enterprise-wide or aggregate view of the entity’s most significant risks. The author encourages boards to engage in “risk mapping” to ensure the board has a sufficiently comprehensive view of the entity’s most significant risk exposures.

  • Five Categories for Focusing Risk Oversight

    April 26, 2011

    A whitepaper published by Protiviti explores five categories the board may want to consider in determining whether to adopt a risk language specific to the organization for risk oversight.

  • Improving Board Risk Oversight

    February 03, 2011

    The spotlight has turned to boards and the result is boards are trying to assess how they should strengthen their own processes to enhance their effectiveness in risk oversight. While some boards seem to be on top of their oversight of the major risk exposures facing the organization, other boards are struggling to understand their role in risk oversight and finding difficulty in pinpointing effective processes to help them. This article highlights two overarching board risk oversight responsibilities and suggests several questions for the board to consider as it assesses its ability to assume those responsibilities.

  • A Survey of Global Risk Management in a Changing Environment

    February 01, 2011

    After the recent global financial crisis, many economies and financial markets around the world appear to be strengthening. However, serious concerns still exist as organizations are not returning to the same environment, but rather one that is constantly changing. That reality is causing many organizations to change their risk management approach. Deloitte recently conducted a survey of financial institutions in an effort to understand the state of risk management in this new environment. Though the survey analyzes the financial industry, this white paper is applicable to many different types of organizations.

  • Climate Change and Sustainability Risks

    December 30, 2010

    Shifting consumer expectations, greater information access, and enhanced media attention are some of the reasons for growing attention on issues related to climate change and sustainability. With this increasing focus, more organizations are realizing the need to better understand both risks and opportunities for their organizations related to climate change and sustainability. Some are identifying unique business opportunities related to products and services from a sustainability perspective. More are realizing the importance of their evaluating the nature of risks that may arise as expectations and regulations related to climate change and sustainability continue to emerge. A recent thought paper from Ernst & Young analyzes how issues related to climate change and sustainability may affect the organization’s overall risk profile including risks related to five core areas: strategic, compliance, financial, reputational, and operational risks.

  • Intensifying Dialogue on Risk and Strategy: A Banking Perspective

    November 15, 2010

    Technologies, products, and institutions are constantly becoming more complex, which ultimately increases the risks that organizations face. During recent economic crisis, the banking industry has experienced this first-hand. This white paper provides an analysis of how banks are improving their risk governance through enhanced dialogue of risk and strategy between the Board of Directors and management. Though this white paper contains a research study conducted on the banking industry, it is still applicable to other types of organizations.

  • Guidelines for Effective Risk Oversight

    October 01, 2010

    The International Corporate Governance Network (ICGN) recently released Guidelines, designed to assess institutional investors in their evaluation of the board of directors’ effectiveness in risk oversight in organizations across the globe. The board, management, and shareholders each have distinctive roles and responsibilities over the risk management process. These guidelines assist investors in further defining these roles and responsibilities, which ultimately lead an organization to possessing a strong risk oversight program.

  • Report on the Current State of Enterprise Risk Oversight: 2nd Edition

    February 01, 2010

    This second edition report from the ERM Initiative at NC State University and the AICPA provides insight on how boards and senior management teams are responding the challenges of risk oversight in the current economic state. Increased pressures to strengthen risk oversight have pushed some management teams to implement an enterprise-wide approach to risk management while other organizations have maintained their traditional risk management procedures. The report indicates that over 76% of respondents indicated that key risks are being communicated on an ad hoc basis at management meetings, and that almost 70% noted that management does not report the entity’s top risk exposures to the board of directors. About half (48%) admit that they are “Not at All Satisfied” or are “Minimally” satisfied with the nature and extent of reporting to senior executives of key risk indicators.

  • Board Risk Oversight: Adapting to Regulatory Developments and Emerging Practices

    November 01, 2009

    The increased focus on corporate risk management practices in all U.S. listed companies has placed greater pressure on boards of directors and senior executives to evaluate their risk management structures. This Conference Board report provides valuable information for directors and senior executives including emerging risk management trends and an overview of the regulations related to risk management efforts.

  • The Six Mistakes Executives Make in Risk Management

    October 01, 2009

    This article in the October 2009 issue of Harvard Business Review outlines six key mistakes that are often made in risk management. It was written by three experienced risk professionals: Nassim Taleb, Daniel Goldstein, and Mark W. Spitznagel. The article focuses on the occurrence of black swan events and how they are becoming more prevalent in today’s business environment. These events are virtually impossible to predict; therefore, the only thing businesses can do is decrease their vulnerability by developing sophisticated risk management techniques. The first step is changing society’s view of risks. In order to do so, it is important for business managers to realize and correct the six mistakes outlined in the article.

  • Managing Risk in the New World

    October 01, 2009

    The recent financial meltdown has brought risk management under scrutiny like never before. In this article, five experts discuss the future of enterprise risk management and how risk oversight has evolved in the business world today.

  • Shifting of Internal Audit Strategy and Focus

    July 01, 2009

    Findings from a survey and roundtable of internal audit executives, service providers, and regulators show that internal audit is changing its risk priorities and audit coverage in response to changing stakeholder expectations in the current economic crisis. Internal audit is taking on a more strategic role in the organization and focusing more on ERM processes and recession-related risks.

  • Uncertainty in Business

    July 01, 2009

    Uncertainty and ambiguity are a key challenge for business leaders today. Organizations are finding that they must increasingly plan for contingencies in the future instead of focusing primarily on short-term goals. In the past, many business leaders believed their organizations’ long-term goals could wait until they had dealt with the current crisis. In the current business environment, this is no longer the case. The rate of change has accelerated, indicating that business leaders must learn how to strike a balance between managing complex issues today and predicting the uncertain issues of tomorrow.

  • Getting Executive Compensation Right

    July 01, 2009

    Executive compensation systems are often criticized for rewarding the wrong things, ignoring shareholder objections, focusing on short-term results, and being too opaque. Finding the appropriate level and type of compensation is an important first step to improving effectiveness of pay packages. There are also several actions that boards and shareholders can take in working towards improved executive compensation systems.

  • Need for Adaptive Leadership

    July 01, 2009

    While the current crisis will pass, a sustained crisis of unfamiliar challenges will remain. To successfully carry organizations through this sustained crisis, leaders will need to use an adaptive leadership approach unfamiliar to many. Adaptive leadership requires fostering adaptation, embracing disequilibrium, and generating leadership internally. By adopting these practices, organizations can effectively mobilize their resources to thrive in a changing and challenging world.

  • Culture of Candor

    June 01, 2009

    Performance of leaders is increasingly being measured based on the extent to which they create economically, ethically, and socially sustainable organizations. Increased transparency is an important step for leaders making this shift. An improved culture of candor can benefit organizational performance and there are several steps outlined for leaders seeking to create increased transparency. There is no easy way to institutionalize candor. Positive steps towards increased transparency are described but true transparency will require ongoing effort, sustained attention, and constant vigilance.

  • Importance of Risk Management Mindset

    April 15, 2009

    Many companies that were unprepared for the current economic situation have become hesitant to make decisions regarding the future. For companies to regain confidence in making these decisions there needs to be a realization that risk management models are only as good as the decisions that are made based on the models. As a result, the risk management mindset is just as important as the model. Companies can focus on their risk management mindset by re-defining risk to include a more integrated view of risk and constructing a new ‘risk architecture’ that incorporates information external to the company and looks at interdependencies to help make better decisions and more successfully manage their risks.

  • Risk Culture of Companies

    April 15, 2009

    Risk culture is an area of risk management that has become a recent focus for many boards. Risk culture is the system of values and behaviors present in an organization that shapes risk decisions of management and employees. A first step to addressing the risk culture of an organization is a conversation among management and the board involving topics such as “tone at the top”, effective communication, and appropriate incentives. A strong risk culture will take time to develop in an organization and its presence will mean that employees know what a company stands for, the boundaries within which it can operate, and that they can openly discuss which risks should be taken in order to achieve the company’s long-term strategic goals.

  • Six Ways Companies Mismanage Risk

    March 01, 2009

    Effective risk management is difficult even in the best situations, and failure of risk management can cause large losses within an organization. There are six fundamental mistakes risk managers routinely make: relying on historical data, focusing on narrow measures, overlooking knowable risks, overlooking concealed risks, failing to communicate, and not managing in real time. Augmenting conventional risk modeling techniques with scenario analyses of catastrophic risks and strategies for surviving these risks can improve risk management effectiveness.

  • Internal Auditors Partnership with Management

    February 01, 2009

    Internal auditors in the past have been used to examine how well management is performing and how well the company is operating. Now there is a need for internal auditors to work in conjunction with management to oversee risks. CHAN Healthcare Auditors realized this change in internal audit and has developed an audit process and tool that allows for a more effective approach to risk management. Even though the approach is mainly geared towards the healthcare industry, it can be used in numerous industries to determine companywide and departmental vulnerabilities.

  • Optimism Thwarts Risk Identification

    January 31, 2009

    Many culprits have been identified as causes to the current financial crisis, from faulty risk models to basic human greed. Susan Webber takes a step back to examine the culture that underlies errors which led to the current climate. In this article, she examines how a “yes man” environment creates a dangerously optimistic decision-making process. Valuing good news and positive thinking over observing realistic restraints to business strategy can prove disastrous in the long run for a company.

  • Financial Industry Assesses Role of Risk in Credit Crisis

    January 01, 2009

    This global survey conducted by KPMG in conjunction with the Economist Intelligence Unit in October 2008 summarizes responses from over 500 world-wide risk management senior officers in the banking industry about the role risk management played in the current economic crisis and how enterprise risk management would be used going forward. The report based on this survey highlight several themes permeating banking culture’s utilization of risk management that helped allow the current credit crisis. The report provides insights as to possible solutions, which many of the respondents are planning to or are currently taking.

  • Board Oversight of Risk Management and Executive Compensation

    December 01, 2008

    Boards of directors have fiduciary responsibilities to shareholders and there are several “pressure points” they can address to ensure fulfillment of these duties. One pressure point for boards is risk oversight and boards should consider reassessing their existing risk management programs to ensure a top-down, enterprise-wide approach is being taken that helps achieve the long-term goals of the company. Another pressure point is executive compensation and boards can take several steps to strengthen the link among pay, performance, and accountability to better reflect the risk culture of the organization.

  • Aligning Risk Management and Executive Compensation

    December 01, 2008

    Boards of directors are charged with corporate governance tasks that include setting executive compensation and developing the corporation’s strategic agenda in light of its risk tolerance. Using short-term performance metrics, like stock price or earnings per share, to determine executive compensation may encourage executives to make decisions that are not aligned with the corporation’s strategic plan or overall risk appetite.

  • Enterprise Risk Management Benchmark Survey

    December 01, 2008

    Deloitte conducted a survey of 151 companies over 2006 and 2007 to gauge the current state of ERM implementation. The survey found that interest in ERM is growing, driven primarily by regulations. The status of ERM programs is such that the primary uses and benefits are in traditional risk management areas, with little integration into the business areas focused on growth where respondents expect to see benefits. Survey results indicate the biggest challenge to ERM is demonstrating its value to the organization. There were many findings related to ERM implementation according to industry, region, and listing status; ERM program organization; and ERM policies, processes, and systems. The survey demonstrated that many companies are implementing ERM but are not realizing its full potential because they are focusing on asset protection and have not yet moved to incorporating value creation in their ERM programs.

  • Emory University’s ERM Implementation

    December 01, 2008

    Leaders at Emory University began an ERM program to improve the university’s ability to manage risks, prepare for adverse events, improve principles and practices related to financial controls, and to communicate with managers across the university about key issues. The ERM effort was endorsed by the executive committee and the process was developed by an ERM steering committee, which consisted of operational vice presidents and senior administrators. Emory did not find an ERM model in higher education or one offered by consultants that suited its goals for ERM, so it began its efforts with a bottom-up inventory of operational risks.

  • Managing Risk Through GRC to Improve Financial Processes

    November 01, 2008

    The Economist Intelligence Unit surveyed 446 senior executives from nine industries about their views on how to improve internal financial processes. The September 2008 survey included multinational executives of companies with annual revenues generally over $500 million US dollars. The industries included were chemicals, consumer goods, energy, financial services, the public sector, life sciences, IT and retailing. The survey focused on companies’ attempts to streamline governance, risk and compliance (GRC) processes and the impact on the financial functions of the business. The primary conclusion was that a holistic GRC system could be instituted as a value-added activity and would result in streamlined financial processes. Trying to reduce costs and streamline financial processes as a bottom-up approach was not as effective and doesn’t fully assess risks.

  • Linkage between Executive Compensation and Financial Sector Meltdown

    October 14, 2008

    This article shows how executives can cause unintended harm and risk on a company by asking the question, “In our quest for pay-for-performance, have we—boards, executives, and shareowners alike—created pressure points that influence risk-taking behaviors in unintended ways?” To answer this question the authors use the analogy of driving a car in different environment’s to help readers better understand the amount the risk that should be taken and provides steps companies can take to prevent financial crisis.

  • C-suite Influence on Excellence in Risk Management

    October 01, 2008

    This abstract summarizes the 2008 Excellence in Risk Management Survey conducted by the Risk and Insurance Management Society (RIMS) and Marsh. This is the fifth year that they have conducted an Excellence in Risk Management Survey. They find that senior management’s attention has shifted to the value of a strategic, broad approach to risk management in the wake of the current financial crisis. The survey cites disconnect within a company between risk managers and C-suite executives. It also explores organizations’ objectives in implementing and maintaining an ERM system. These objectives include internal and external expectations for the ERM system, which risks to consider, who is responsible, and the impact on the company. While the desire for a strategic risk management process seems to have leveled-off, businesses who have undertaken ERM implementation continue strong development and have continued support from the senior level.