Articles: ERM Tools and Techniques

  • Five Basics to Managing Innovation Risk

    April 01, 2013

    As organizations seek growth through value creation, they often invest in research and development to generate innovations that can propel significant changes and new demand in the marketplace. In the rush to capitalize on the benefits of emerging innovations, organizations often rush to the market based without thinking through the limitations in the models upon which they have based their decision to act. Said differently, innovation carries risks that need to adequately evaluated. A recent Harvard Business Review article by Nobel prize winner, Robert Merton proposes that businesses should adopt five rules of thumb before haphazardly introducing innovations into the market.

  • Q & A: Controlling Spreadsheet Risk

    January 10, 2013

    Spreadsheets are widely used in today’s business environment, and rightly so – they provide users with a powerful, flexible solution for getting things done. However, there is a difficult truth about spreadsheets: as they become more prevalent and more complex in their functionality, spreadsheets can generate significant risks for any organization if not properly managed. This publication from Protiviti Inc. delves into the topic of spreadsheet risk with answers to over fifty frequently asked questions about spreadsheets. Collectively, these answers provide guidance for evaluating and controlling spreadsheet risk.

  • Making the Connection Between Strategy-setting and Risk

    December 21, 2012

    Organizations invest a great deal of effort in developing and executing their business strategies. Even so, winning business models are all-too-often subject to catastrophic failures in the blink of an eye. Didn’t these companies see trouble coming? The answer: probably not, but only because executive managers did not think hard enough about risk during the strategy-setting process. This white paper from Protiviti Inc. explores the concept of strategic risk and provides an approach for incorporating risk assessment into the process of strategy-setting. By combining these processes, managers will be better equipped to make decisions for their organizations now and in the unknown future.

  • Engaging Business Unit Leaders in Discussing Enterprise Risks

    October 02, 2012

    Paul Zavolta, Director of ERM at Alpha Natural Resources, provides an overview of how ERM is treated at Alpha Natural Resources. He speaks of how he feels the company’s top-down and bottom-up approach has been most effective in assessing all risks to the company, whether they be faced by people at the top or bottom of the organization. He also speaks to the day-long workshops that Alpha does to ensure that risk is talked about among all aspects of the business.

  • Getting Started with ERM

    October 02, 2012

    Often times executives brush off any ERM initiative by stating they have smart people on the board or on management teams. David Hughes, Assistant VP of ERM and Business Continuity Planning at Hospital Corporation of America (HCA) explains how boards and senior executive may miss the identification of certain strategic risks because they are not “on the ground” interacting with customers and business operations. He emphasizes the importance of obtaining input about risk exposures from multiple levels of management to ensure the identification of the entity’s most significant strategic risks. He also speaks about how important it is for CEOs to embrace an ERM process and see the value in taking time to look at risk through a strategic lens.

  • Applying “Big Data” to Risk Management

    October 01, 2012

    “Big data” is quickly building a following as a useful tool for helping managers make decisions. But what exactly is big data, and is its use actually beneficial to a business? This article from Harvard Business Review answers these two questions and more. The authors explain why digital data is perhaps more useful than ever before, and also provide real-life examples of companies using big data to make better decisions. The article also discusses five ingredients that are critical to using big data successfully in any company. Ultimately, big data could provide managers with insights into the risks facing their organizations.

  • Four Steps to Better Statistical Performance Measures

    October 01, 2012

    Managers hinder their performance insight by focusing on sexy performance metrics that may be persistent but not predictive, and vice versa. These popular key performance indicators (e.g., EPS growth) are loosely connected with long term value creation, based on empirical research. By using the author’s method for determining a measure that is both persistent and predictive, the company will enhance both past and future performance insight and management may be in a better position to identify risk areas that are more closely connected with strategic objectives such as shareholder value.

  • Managing Risks of the Mobile Enterprise

    October 01, 2012

    Mobile devices are becoming more and more integral in the workplace today, as they are used for field work, file-sharing, and business processes. With the widespread use of mobiles, and the delicate intertwined relationship of such devices with both personal and professional lives, substantial number of risks arise that need to be managed properly in order to reap the benefits of these devices. To help organizations think about risks associated with the use of mobile devices, the Security for Business Innovation Council (SBIC) has issued an in-depth analysis of consumer mobile devices in the enterprise along with various risks that arise with the evolving technology. Furthermore, the report also provides various recommendations to manage such risks effectively over time. The following provides a summary of the report.

  • Confronting Risk Culture at the Board Level

    October 01, 2012

    Tackling risk culture head-on – that is, the collective way in which personnel within an organization think about, communicate about, and behave in relation to risk – may be one of the most overlooked critical elements of an organization’s risk management processes. A recent thought paper by the Institute of Risk Management (IRM) tackles the topic of risk culture, arguing that a healthy risk culture is critical to successful risk management because it forms the foundation upon which all risk management practices are built. The thought paper highlights several approaches and tools for boards to use in fulfilling this important function in governing risk management, given that boards are ultimately responsible for understanding and guiding an organization’s risk culture.

  • Managing Supply Chain Risks for Conflict Minerals

    September 15, 2012

    The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 places new regulations on companies reporting to the SEC. In particular, Section 1502 of the Dodd-Frank Act concerns the use of conflict minerals in manufacturing supply chains. SEC issuers must now perform due-diligence on their supply chains in order to determine and disclose whether or not their manufactured products contain conflict minerals. This KPMG report is the first publication in a four-part series on Section 1502 of the Dodd-Frank Act. In the report, KPMG discusses how companies can begin to build a framework for compliance and risk management with regard to conflict minerals and the supply chain in general. KPMG believes that companies will reap significant future benefits by gaining a better understanding of supply chain risks now.

  • Minimizing Risks through Creative Strategy Setting

    September 01, 2012

    Strategic planners often go through a rigorous process of extensive analysis of past performance and forecasts to come up with a robust strategic plan. They attempt to check their biases, preconceived notions, and judgments during this process. However, the reality of the outcome of its execution of strategy provides little comfort on the efficiency of the strategic planning process and in identifying the risks associated with that strategy. This article from the Harvard Business Review recommends a “truly scientific” approach to strategic planning by providing seven key steps for leaders to consider while designing strategies so that they may be in a better position to address risks proactively as the strategy is built rather than after the strategy’s execution. In this way, organizations are better positioned to identify risks before they emerge, thereby enhancing the likelihood of strategic success through more effective risk oversight.

  • Mature Risk Management Drives Financial Performance

    July 27, 2012

    In a recent survey, Ernst & Young assessed the maturity level of risk management practices and found a positive relationship between risk management maturity and financial performance. It was revealed that specific risk practices were consistently present in the top performers (i.e., top 20% based on risk maturity), but were not present in the bottom 20%. The survey report organizes these practices into specific risk components the firm believes are critical to transforming risk management and driving better business performance.

  • The Importance of Board Support for Enterprise Risk Management: Part 2

    July 06, 2012

    A critical element for the success of any ERM effort is the involvement and "buy-in" of the board of directors. Michael Somich, Executive Director of Internal Audit at Duke University, discusses the involvement of the board at Duke and how they have bought into the ERM process and how they see the value it brings to the table when discussing risks on a macro-level.

  • The Importance of Board Support for Enterprise Risk Management: Part 1

    June 04, 2012

    A critical element for the success of any ERM effort is the involvement and "buy-in" of the board of directors. Michael Somich, Executive Director of Internal Audit at Duke University, discusses the involvement of the board at Duke and how they have bought into the ERM process and how they see the value it brings to the table when discussing risks on a macro-level.

  • Executives Take on Enterprise Risk Management Post- Recent Crisis

    June 01, 2012

    In spring of 2012, a survey of 192 U.S. executives from various industries was conducted by Forbes Insights in association with Deloitte that revealed findings vital to the business world that put enterprise risk management (ERM) in perspective. The overriding theme is that most executives (over 90%) are planning to re-organize and reprioritize their approaches to risk management. And, they sense that many of the risks recently experienced will only increase in volatility. Many of the respondents are turning to ERM with an even greater commitment to find better ways to continuously monitor key risks. This Deloitte thought paper highlights several considerations executives will want to have as they seek to strengthen their organization’s enterprise-wide risk management to ensure it is providing strategic value as the world becomes more complex.

  • Categorizing Risks for More Effective Risk Management

    June 01, 2012

    Organizations often employ a rules-based model to manage risk; however history suggests that such an approach may not be an effective way to manage all types of risk. This Harvard Business Review article provides a framework for thinking about risk management that is centered on breaking an organization’s risks into three categories. The authors demonstrate, through real-world examples, how each category of risk is best managed through certain types of risk management mechanisms. Each of these mechanisms plays a role in strengthening the organization’s overall risk management function.

  • Managing Levels of Innovation Risk

    May 01, 2012

    The highly competitive landscape and the rapid pace of change means organizations must continually seek to innovate to survive and grow. For many, their rush to get new innovations to market overlooks critical risks that threaten the success of those initiatives. More organizations are seeing first-hand how difficult of a task it is to mitigate innovation risk. A recent Harvard Business Review (HBR) article highlights how organizations can, through the balance of diversifying and appropriately focusing efforts within their innovation portfolios, achieve higher returns over their long-term innovation investments. The authors of this article discuss issues dealing with managing innovation and ways to initially guide management.

  • Risks Associated with Product Development

    May 01, 2012

    With over 50 years of experience in advising companies on product development efforts, the authors of this Harvard Business Review article present six flawed assumptions that bring rise to risks associated with product development. Product development managers often follow conventional assumptions to execute their projects effectively and efficiently based on the belief that these lead to the most productive approach. But often, risks associated with product development rise due to fallacies in these assumptions causing major delays, glacial progress, and costly failures.

  • Leading a Risk Team

    April 01, 2012

    Despite the attempts by many organizations to strengthen their risk oversight efforts, many organizations’ approach to strengthen their corporate risk management are still missing the mark. Unfortunately, many attack the challenge by focusing on pockets of risks, such as insurance, compliance, and fraud prevention, and they fail to focus on those risks most likely to impact the value of the business – strategic risks. Furthermore, some organizations have over-complicated their risk oversight processes by focusing on a form-over-substance approach to what they are trying to achieve. A recent article in CFO.com highlights ways to increase the relevance of a risk management program.

  • Competitive Intelligence: Managing Industry Dissonance Risk and Enhancing Foresight Capabilities

    March 01, 2012

    As the hyper-competitive nature of the business environment continues to persist, companies find themselves experiencing more and more strategic surprises generated across the competitive landscape. A recent Protiviti thought paper argues for the need to strengthen an organization’s competitive (versus competitor) intelligence to enhance management’s ability to identify and assess risks associated with the competitive landscape. Competitive intelligence, contains multiple elements and considers any factor that may hinder or enhance the progression of a company’s ability to compete. The paper suggests that organizations can no longer monitor, assess, communicate, and act upon competitor intelligence alone. Alternatively, managers should consider all external factors that have the potential to impact their ability to compete.

  • Responding to Shifting Global Risk Trends

    March 01, 2012

    The experiences associated with natural disasters and political events that occurred in 2011 are have implications for the kinds of risks organizations may need to consider in the near future. Lessons learned from prior events help challenge boards and senior executives as they think about the need to restructure their approach to risk management and their design of responses to these types of risks, according to a recent report by PricewaterhouseCoopers (PwC), Risk in Review: Rethinking risk management for new market realities. This report is based on the results of PwC’s 15th annual Global CEO Survey, in which more than 1,000 executives and risk management leaders responded on which risks are most significant to their company and how they plan to mitigate those risks.

  • Understanding and Communicating Risk Appetite

    February 01, 2012

    Risk appetite, as defined by COSO, is the “amount of risk, on a broad level, an organization is willing to accept in pursuit of value.” While the overall concept of risk appetite makes sense, organizational leaders find it difficult to find practical ways to articulate the organization’s appetite for risk-taking. As a result, risk appetite is often not discussed in many organizations. However, many are realizing that as their ERM processes mature, they need to tackling articulating risk appetite. Developing and articulating risk appetite needs to be engrained into the culture of an organization.COSO has developed this thought paper on Risk Appetite to provide practical illustrations of effective ways boards and senior executives can identify and communicate its appetite for risk taking across the enterprise.

  • Is it Necessary to Have a Separate Risk Committee?

    February 01, 2012

    A hot topic in risk management discussions within organizations is the debate about whether a separate risk committee is necessary for a company to have effective enterprise risk management processes. The authors of this Conference Board article believe“It depends.” The risk management process is a very individualized process. Organizations need to take a long look in the mirror to ensure that a separate risk committee would not create more unnecessary bureaucracy. By learning the business and its strategies more intimately, the organization can determine the risk environment of the firm at a higher level, which in turn will give insights into the necessity/requirement of having a separate risk committee.

  • The LEGO Group’s Four Elements of Risk Management

    February 01, 2012

    Integrating risk management with strategy development and execution is one way that organizations can manage their strategic risks in a volatile business environment. One company that has done so is the LEGO Group- a family-owned company that is the third-largest toy manufacturer in the world in terms of sales. To better prepare itself in mitigating strategic risks, the company developed its strategic risk management through four elements: (1) Enterprise Risk Management, (2) Monte Carlo Simulations, (3) Active Risk and Opportunity Planning (AROP), and (4) Preparing for Uncertainty. This four-step approach was started in 2006 and led by Hans Læssøe, senior director of strategic risk management at LEGO System A/S. LEGO’s strategic risk management is a good illustration of how organizations can develop their risk management capabilities and processes in incremental steps. This article describes the four elements of LEGO’s risk management, as well as the PAPA model used to prioritize risks.

  • Compiling and Presenting Interview Data from Risk Interviews

    January 10, 2012

    After conducting 80-90 interviews seeking the identification of major risk exposures facing the company, David Hughes, Assistant VP of ERM and Business Continuity Planning at Hospital Corporation of America (HCA) has a massive amount of data to compile and disseminate. During our interview of David, he speaks about how HCA breaks down the top ten risks by the type of risk and by level of management who identifies a risk to be a major risk. Hughes also tells how HCA informs its board members about what the top risks that the corporation faces as a whole.

  • Managing Reputational Risk

    January 01, 2012

    Negative events that damage an entity’s reputation can be extremely difficult and costly to overcome. Generally, once an organization’s reputation is scarred, it remains that way for life.Deloitte issued a thought paper to help organizational leaders think about and manage risks that might impact the entity’s reputation. While challenging to manage, there are steps organizations can take to keep their pulse on events that might trigger a negative reputational image.

  • Risk Committees

    January 01, 2012

    While most often the board of directors delegates risk oversight to the audit committee, increasingly boards of creating separate board level risk committees charged with that responsibility. This is particularly true for financial services firms, given requirements imposed by the Dodd-Frank legislation for larger banks to form separate risk committees. In an effort to assist companies who are considering the establishment of a board risk committee, Deloitte has organized a resource guide of ideas, recommendations, and specific tools. This resource will help assist those entities that will need to be in compliance with the Federal Reserve’s requirements developed to implement the provisions of Dodd-Frank. Although the guide is helpful for companies that must comply with the new Dodd-Frank regulations, it can be useful for any company that wishes to obtain more information on risk governance and oversight.

  • Interviewing as a Technique for Risk Identification

    November 02, 2011

    Director of the ERM Initiative at NC State, Dr. Mark Beasley, speaks with David Hughes, Assistant VP of ERM and Business Continuity Planning at Hospital Corporation of America, about the interviewing process the company employs to identify top strategic risks at HCA. They speak about the timing, frequency, and content of these interviews and how the interviews have evolved over time. Measurement tools are also discussed briefly during this segment.

  • Proactively Managing External Relationship Risk

    November 01, 2011

    The focus on managing third-party risk is becoming prevalent in the current business environment as more organizations turn to external providers to gain access to needed services, reduce costs, or achieve other strategic advantages. While most executives recognize the importance of thinking through risks associated with delegating key tasks to external parties, several studies suggest the extent of vendor risk assessments is lacking and they fail to be adequately resilient in holding vendors to certain risk management standards. A recent thought paper by Crowe Horwath presents a process for managing third-party relationship risks by utilizing a risk landscape framework. They highlight three steps to implement a successful third party risk management program.

  • The ERM Process at Xerium Technologies Part 1

    November 01, 2011

    Bonnie Hancock speaks with Fred Caloggero, VP of Audit Services at Xerium Technology, about the ERM process that he helps lead at the company. Many companies look at risk on a two scale plane, considering likelihood and impact; however, Xerium adds in the aspect of velocity – the speed of which a risk can be onset at a company. By looking at things like Key Performance Indicators and Key Risk Indicators, a company can be more aware of the velocities of various risks.

  • Risk Oversight Improving: 2011 Proxy Disclosures

    August 30, 2011

    After conducting a second analysis of risk-related proxy disclosures of S&P 200 companies, Deloitte found that overall risk practices improved between 2010 and 2011. There were percentage increases in 11 out of the 12 considerations used in the research. In 2011, more companies disclosed that their risk oversight/management processes were aligned with the corporate strategy. In addition, more companies disclosed that other board committees, than solely the audit committee, are involved in risk oversight.

  • Risk Identification through “Rooted Maps”

    August 01, 2011

    This article published by the McKinsey Quarterly introduces “rooted maps” to help executives adjust their thinking in regards to developing global strategies. These maps, which depict the world from a specific perspective and purpose, reveal the impact that borders, distances, and differences in culture and policy have on a company. The article also addresses how executives can connect this tool to thinking about looming risks.

  • A Comprehensive Guide to Risk Appetite and Risk Tolerance

    May 01, 2011

    With the scarcity of useful guidance to help organizations determine risk appetite and risk tolerance, the Institute of Risk Management (IRM) is seeking to clarify and produce guidance to more effectively communicate an understanding of risk appetite. As a result, IRM released a consultation paper with detailed approaches for developing and using risk appetite and risk tolerance in risk management. In addition to the guidance provided, questions are listed throughout the document with the suggestion that they be asked in the boardroom to ensure that risk appetite and risk tolerance are being adequately addressed.

  • Case Study Illustrations of Launching ERM

    December 21, 2010

    The AICPA’s Business, Industry & Government Team commissioned faculty in the ERM Initiative to develop case study illustrations of how organizations have successfully launched ERM. Case Studies on ERM Implementations: Practical Illustrations for Launching Effective Enterprise Risk Oversight takes readers directly into the experience of a company as it is starting ERM and details each step of initiating and implementing enterprise-wide risk oversight. The central case study highlights several practical illustrations for jump-starting ERM. The guide also includes two shorter case studies to further enhance your understanding of ERM implementation.

  • Five Secrets to Achieve Effective Risk Management

    December 01, 2010

    A whitepaper published by Protiviti introduces five secrets to help organizations build risk management as an effective and strategic contributor to the success of their business. With the deployment of all five secrets, chief risk officers will be able to advise management when to act or pass on potential great opportunities based on the risks involved. Additionally, the organization’s culture will be aligned with the performance and risk management methodology if all five secrets are applied.

  • Avoid Being Blindsided by Risks: Focus on Key Assumptions

    December 01, 2010

    Strategic risks and opportunities are constantly changing in the business environment, especially in the current volatile economic climate. The roller coaster of uncertainty often results in organizational leaders being blindsided by unexpected emerging risks that they did not consider in strategic planning. Sometimes that surprise is a result of management’s incomplete understanding of key assumptions underlying their strategic risks and opportunities. This Deloitte thought paper discusses some common reasons for this blind spot and presents a risk intelligent strategy to address this issue.

  • A Four-Step Risk Approach to Strategy Execution

    December 01, 2010

    Organizations are seeing the value of adopting a risk-based approach to execute strategies in order to survive in a post-recession world. This approach enables managers to focus on opportunities in strategic plans, as well as minimizing the potential impact of threats. A recent article in the Journal of Business Strategy outlines four steps to execute a strategy using a risk-based approach.

  • Evaluating Impact of Compensation Plans

    October 01, 2010

    The current economic climate is an opportune time for employers to determine if compensation practices are properly aligned with market practices and the organization’s business strategy. A six-step process is outlined for evaluating compensation plans in order to keep organizations’ compensation programs relevant and tied to strategy and value effective in a changing economy.

  • Guidelines for Effective Risk Oversight

    October 01, 2010

    The International Corporate Governance Network (ICGN) recently released Guidelines, designed to assess institutional investors in their evaluation of the board of directors’ effectiveness in risk oversight in organizations across the globe. The board, management, and shareholders each have distinctive roles and responsibilities over the risk management process. These guidelines assist investors in further defining these roles and responsibilities, which ultimately lead an organization to possessing a strong risk oversight program.

  • Reducing Risk Detection and Reaction Time

    July 01, 2010

    The recent credit crunch and economic downturns have caused businesses across the globe to face new, diverse risk-related challenges. Many companies are slow to detect and react to these risks that arise, which threatens their competitiveness and even their survival. This article explains how to shorten your company’s risk detection and reaction time through a company-wide risk “language.” This will enable your organization to be able to better protect and potentially create value and gain a competitive advantage for your organization.

  • Global Risk Technology Survey

    June 01, 2010

    Aon Analytics collected data in 2009 on the perspectives of risk professionals from leading organizations around the world to provide its first edition of the Global Risk Technology Survey. This report outlines the top ten benefits respondents found from utilizing risk technology or risk management information systems. Within the findings, respondents identified the increased accuracy and reliability of data as well as data consolidation and management as the most important benefits of risk technology.

  • Six Sigma and Risk Assessments

    December 01, 2009

    Textron Inc. is similar to many large companies today who look to their audit services group to provide risk assessment and assurance over a broad range of risks. However, Textron is unique in that the company has utilized the Textron Design for Six Sigma methodology as a way to create an optimum risk assessment process for the company. Six Sigma tools provide a data-driven approach that allows decision makers to directly compare and contrast conflicting opinions.

  • Enterprise Risk Management: Meeting Today’s Challenges

    December 01, 2009

    Changes in technology, globalization, and the nature of business transactions create challenges for organizations to assess and manage risks that may affect the accomplishment of business objectives. In order to meet today’s challenges, organizations are beginning to employ structured enterprise-wide risk management approaches to balance risk and opportunity. An AICPA Audit Committee Brief emphasizes the importance of an enterprise-wide risk management approach and describes the steps to achieve effective ERM processes.

  • The Updated Balanced Risk Scorecard in Your Workplace

    December 01, 2009

    Many companies are trying to implement a more in-depth, holistic risk management effort across their corporation. To move toward this, most must update their means of measuring risks and determine the most efficient way to balance those risks. This must involve taking into consideration not only the numbers involved with these risks, but also how the risks could affect the quality of the organization’s performance.

  • The Six Mistakes Executives Make in Risk Management

    October 01, 2009

    This article in the October 2009 issue of Harvard Business Review outlines six key mistakes that are often made in risk management. It was written by three experienced risk professionals: Nassim Taleb, Daniel Goldstein, and Mark W. Spitznagel. The article focuses on the occurrence of black swan events and how they are becoming more prevalent in today’s business environment. These events are virtually impossible to predict; therefore, the only thing businesses can do is decrease their vulnerability by developing sophisticated risk management techniques. The first step is changing society’s view of risks. In order to do so, it is important for business managers to realize and correct the six mistakes outlined in the article.

  • Integrating Risks and Strategies to Foster Stakeholder Value Growth

    October 01, 2009

    Every strategy that an organization undertakes in order to grow stakeholder value has risks and opportunities associated with it. There can be opportunity encompassed in a strategic plan that will increase stakeholder value, but the pursuit for this opportunity also brings risks that may decrease stakeholder value. Unfortunately, most organizations today do not integrate these two aspects into their strategic planning process. This white paper outlines tools that will help boards maximize stakeholder value by incorporating opportunities and risks into the strategic planning process.

  • Scenario Planning: Worth the Benefits

    September 01, 2009

    The Conference Board recently issued thought guidance designed to highlight the benefits of conducting robust and value-adding scenario planning sessions. While scenario planning may appear relatively simple, there are certain steps that are worth considering in order to maximize the benefits of conducting scenario planning sessions.

  • Risk Intelligent Governance: A Practical Guide for Boards

    August 20, 2009

    A recent whitepaper issued by Deloitte LLP provides practical guidance for boards of directors to follow when enabling and executing “risk intelligent” governance. This whitepaper provides approaches to create value by implementing effective risk governance and to integrate different organizational sectors so that risks can be communicated and addressed at an entity level. Rather than being a comprehensive framework or set of risk management rules, this guidance provides a means to provoke thought on risk governance and provide the board with a reference point for implementing the appropriate risk oversight and governance procedures.

  • Enterprise Governance, Risk and Compliance Platforms

    July 01, 2009

    As enterprise-wide risk management concerns have grown, so too has the market for enterprise governance, risk and compliance GRC platform vendors. This article not only describes the underlying technologies of these platforms, but provides the detailed results of Forrester Research Inc.’s product evaluation of fourteen GRC platform vendors.

  • Balancing Enterprise Risk Management and Enterprise Performance Management

    June 01, 2009

    Poorly planned and executed risk management capabilities contributed to the collapse, and they are likewise impeding the recovery as companies have shifted from taking too many risks to taking too few. Companies that are able to effectively balance enterprise risk management and enterprise performance management will have more robust risk management capabilities and be poised to make better decisions and drive improved company performance.

  • Seven Question Guide to Assess ERM

    May 01, 2009

    Risk professionals should consider seven questions in evaluating risk management tools, improving risk management practices, and assessing the state of ERM in an organization. Professionals should ask these seven questions: (1) if the risk management process really assesses risk; (2) if the risk assessment is context-driven; (3) if the risk management process address root causes of failure; (4) what business performance says about risk; (5) what the organization’s risks say about its controls; (6) what the organization’s controls say about its risks; and (7) if the professionals and their organizations are up for the task of risk management.

  • Importance of Risk Management Mindset

    April 15, 2009

    Many companies that were unprepared for the current economic situation have become hesitant to make decisions regarding the future. For companies to regain confidence in making these decisions there needs to be a realization that risk management models are only as good as the decisions that are made based on the models. As a result, the risk management mindset is just as important as the model. Companies can focus on their risk management mindset by re-defining risk to include a more integrated view of risk and constructing a new ‘risk architecture’ that incorporates information external to the company and looks at interdependencies to help make better decisions and more successfully manage their risks.

  • Six Ways Companies Mismanage Risk

    March 01, 2009

    Effective risk management is difficult even in the best situations, and failure of risk management can cause large losses within an organization. There are six fundamental mistakes risk managers routinely make: relying on historical data, focusing on narrow measures, overlooking knowable risks, overlooking concealed risks, failing to communicate, and not managing in real time. Augmenting conventional risk modeling techniques with scenario analyses of catastrophic risks and strategies for surviving these risks can improve risk management effectiveness.

  • Ten Practical Lessons for Risk Management

    March 01, 2009

    Recent events have uncovered significant deficiencies in the way risks are managed at financial institutions and many other companies. Research into these deficiencies shows ten practical lessons companies can apply to address current weaknesses and strengthen risk management systems. By wielding appropriate authority, gaining support from senior management, and thoroughly examining the models and incentive systems used, risk managers can greatly improve companies’ risk management systems.

  • Optimism Thwarts Risk Identification

    January 31, 2009

    Many culprits have been identified as causes to the current financial crisis, from faulty risk models to basic human greed. Susan Webber takes a step back to examine the culture that underlies errors which led to the current climate. In this article, she examines how a “yes man” environment creates a dangerously optimistic decision-making process. Valuing good news and positive thinking over observing realistic restraints to business strategy can prove disastrous in the long run for a company.

  • Risk Mis-Management

    January 04, 2009

    The largest banks and investment firms in the United States took excessive risks over the past few years, contributing to the current financial crisis; however, there was little indication to many that these risks existed. This is partially due to widespread institutional reliance on Value at Risk (VaR) models to measure the amount of risk in company portfolios. VaR can measure the boundaries of risk in a portfolio over a short duration in a normal market, but it does have some limitations. VaR input includes only recent events and not data from historic times of stress, it does not measure the largest risks that have a small probability of occurrence, it has problems properly accounting for leverage, and its overall measure can be manipulated. Despite these shortcomings, VaR and other risk models can still be useful when they are not relied on alone but combined with human judgment.

  • ERM is Vital for Businesses and the Economy

    January 01, 2009

    With the recent financial crisis many wonder if risk management could have prevented or minimized the fall out. The answer is yes. However many companies fail to properly implement risk management and therefore they do not fully understand the risk they are undertaking. Failures occurred because companies don’t fully understand the proper steps for effective risk management. This report addresses where companies failed and the areas companies need to improve to prevent another financial crisis.

  • Limitations of Traditional Risk Models in Forecasting Risk

    January 01, 2009

    The current economic crisis has upset many common assumptions about the global financial system and shaken investor confidence. While there are unique aspects to this crisis, it is important to understand that severe economic crises in general are not rare events. Traditional methods of modeling risk often fail to reflect the frequency of declines and when these declines will occur. It is important for investors to rely on more than the output from traditional risk models in assessing the potential risk associated with investments.

  • Aligning Risk Management and Executive Compensation

    December 01, 2008

    Boards of directors are charged with corporate governance tasks that include setting executive compensation and developing the corporation’s strategic agenda in light of its risk tolerance. Using short-term performance metrics, like stock price or earnings per share, to determine executive compensation may encourage executives to make decisions that are not aligned with the corporation’s strategic plan or overall risk appetite.

  • Keeping ERM implementation Simple

    December 01, 2008

    ERM has gained increasing attention in the current economic environment. Investors, regulators and chief officers alike look to managing enterprise-wide risks as a magic bullet to rebuild trust and prevent future major events like the credit crisis. In this article, Neil Baker looks to companies who have been engaged in ERM for the past several years. These companies appreciate the benefits, but site obstacles to implementation.