Economic Crisis: Why ERM Did Not Fail

economic-crisisRisk management controls: not implemented — or rather, subverted

We are continuing to experience economic turmoil. After the first severe and generalized wave of economic upheaval originating in the US recession, many in risk management circles were speaking of “the failure of Enterprise Risk Management”. First, let’s not characterize what happened in those terms, because failure depends upon one’s point of view; the failure was not universal. The people responsible for what Galbraith called the “seemingly imaginative, currently lucrative, and eventually disastrous innovation in financial structures” did not fail.  (He was writing back at the time prior to the October 1987 crash, about parallels to 1929 — but might just as well have been referring to collateralized debt obligations – CDOs).
Read the rest of this entry »

Read More

Financial Risk Modeling

2011-09-12 / Social, Economic and Financial Risk / 1 Comments

financial-risk-modelingDo financial models support corporate values?
“My goal for the workshop is to understand: How do data modelers view the question of risks that cannot be readily quantified?  It would be helpful to discuss how financial and statistical modeling should be related to strategic planning. It would be helpful, too, to examine critically the role that assumptions and corporate values plays in doing modeling.”

Those were the goals I set for myself not only for the RIMS workshop back in March 2009: ” Risk Analysis Tools” in Miami, but also for the May 2010 session held in Toronto: “Finance for Risk Managers”. Read the rest of this entry »

Read More

Risk Assessment: Manufacturing and Credit Risk

2010-06-10 / How to do Risk Assessment / 0 Comments

How should risk assessment in business be conducted? We might differentiate risk identification as an exercise in exposure analysis, using conventional categories of loss, from a more comprehensive concept of risk ID called for in Enterprise Risk Management.

An expanded idea of risk ID and assessment is useful in complex contexts.

In recent weeks I’ve been corresponding with a loss control expert based in Dubai who took my online course (How to Conduct High Quality Risk Assessment). We were trading notes on how risk assessment in business is done. He has particular challenges in risk assessment: construction and manufacturing firms are his specialty. He described credit risk analysis for manufacturing concerns:

“The most important factor is the collateral back up shown to the credit manager at the time of availing the credit, and the projected revenues after (supposed) infusion of the borrowed funds.”

He went on to say that the analyst has to check the deployment of the borrowed funds, using his/her knowledge of the manufacturing process, inputs and associated costs. The next task: “root cause analysis of failure (if the venture is on the red side ) and of the activity to generate the required revenues”, using both financial and technical engineering expertise.

I suggested: It seems to me that just here might be the right stage at which to conduct a comprehensive risk identification and assessment session, or a series of them, using a round table of experts. As long as the sessions are carefully prepared by establishing context, and the right visual and discussion aids are used, it is possible to identify risk reasonably comprehensively along several lines of inquiry in a systematic fashion:

  • strategic concept: macro-economic risk and market conditions;
  • cash flows and financial model: examine assumptions and probability estimates;
  • business continuity and resiliency;
  • manufacturing process flows and technical infrastructure;
  • management and HR; organizational culture;
  • supply chain: sole/single source and third party suppliers;

and so on, depending on the scope of the project and time available to conduct the analysis. As a rule, in past projects, I’ve been able to complete sessions with 6 to 8 participants on a particular risk context in 2 or 3 sessions of 3 hours each, assuming adequate preparation and follow-up by email.

This idea seemed to strike a chord with my correspondent:

“Yes, the 4th para of your second mail [multi-disciplinary risk ID session] is a good solution. The finance professional alone holding responsibility for the risk management of any organisation is definitely a misconstrued idea… Statistical data, models, assumptions and precedents can help to some extent only. A correct and responsible study of the risk exposures and arriving at mitigation is the correct and useful method. Many times the collateral is not properly and professionally assessed and is commonly over-stated /over-valued to satisfy the lender.”

Read More

Risk Management Surveys

2010-05-06 / How to Implement ERM / 0 Comments

Enterprise risk management is greatly helped by knowing how to do a risk assessment that obtains high quality results. I really think this is a key answer to difficulties reported in recent risk management surveys, and the best way to develop a culture that uses evidence-based and risk-optimized decision-making.

On my other site I’ve discussed the results of several risk management surveys 2008-2009, in an Introductory Presentation. It’s a veritable crisis, because many organizations don’t have confidence in their risk identification process, and implementation is often a dry compliance exercise. I’ve outlined a recommended approach in these posts:

The January 2010 Aon Global Enterprise Risk Management Survey (free download) reports improvement in overall ERM program maturity among 201 respondents, compared to results of three years ago (p.3). But is it the same target group? – 320 organizations participated in 2007. Selection bias would I think invalidate their conclusion. Anyway, the “hallmarks of top performing enterprise risk management programs” (p.3) are interesting even if only as exploratory research.

Well, 40% of this year’s respondents report “lack of tangible benefits” as an ERM implementation barrier; while lack of “skills and capability to embed ERM” (34%) and no “clear implementation plan” (28%) are also at fault (page 13).

In my next post I will give an example of a successful enterprise risk management plan. Comprehensive and rigorous risk ID and assessment are at the heart of it.

Read More