The Economist Risk Intelligence Report

2010-12-09 / How to Implement ERM / 0 Comments

Managing innovationRisk management surveys
The Economist Intelligence Unit has released a report entitled “Fall guys: Risk management in the front line”. It is based on a survey of banking and insurance executives both within and outside the risk function, supplemented by interviews with other risk experts.

The report paints a picture, on one hand, of an increased appreciation for risk managers, where many have acquired more authority within improved risk governance structures. This is a response to the economic crisis. On the other hand, respondents who believe their firms are effective in detecting emerging risks are still in the minority (35% – p.3. para.7). This same discrepancy – the risk function’s high importance but low perceived effectiveness –  appears in previous risk management surveys (see summary in this online introductory presentation).

Risk managers’ role
I found it encouraging that, according to this new report, risk managers wish to broaden their role by being “constructive”, “enabling”, and assisting managers to “achieve their business objectives” (p.4 para.2). Helping risk managers do just that is pretty much my whole mission in ERM! But relatively few firms even have risk managers participating in important business and strategic decision-making (p.4 para.1) The authors lament:

…there continues to be a perception among some senior managers that it is a support function staffed with narrowly focused specialists, such as business continuity planners, insurance buyers, or health and safety officers. Risk managers can find it difficult to break out of this mould and convince senior-level management that they have a contribution to make… (p.7 para.4).

This leads to the question: how can risk managers who aspire to support strategic planning and opportunity analysis move into that space? The authors regret a “cultural barrier”, and say it is a matter of better communication. But risk managers must prove they can actually help identify key business implementation risks, and can steward the innovation process, before they can be invited to fulfill those planning roles.

Risks and opportunity management: effective methods
They will not prove their value in planning by relying on the formalistic and bureaucratic aspects of the ERM program (PR, kick-off speeches, disseminating policy, etc.). Rather, they must demonstrate effective processes.  They must facilitate sessions dedicated to the analysis and mitigation of critical risks, and the identification of opportunities for innovation — in any context required by the internal client.

Risk managers must aggregate information for the board – but can they deliver insightful risk information that serves as a sound basis for strategic decision-making?

Risk managers must address long-term strategy and emerging risks. But do they know how to conduct a future scenario planning process? (See the report p.9 for a discussion of how the Lego senior director for strategic risk management uses risk scenarios.)

Risk managers must help identify opportunities. The authors report: “The average company’s risk register contains only threats, not opportunities” (p.8). My response is: should we really expect opportunities to show up within a risk register? To identify opportunities systematically, and subsequently develop them into sound business propositions and implement innovation — this all requires dedicated techniques. Risk managers are well-positioned to lead this process.

Conclusion: Managing innovation and opportunity is done incrementally
Risk managers who are aspiring to expand their roles can start with small pilot projects, even as experiments. I wrote a description of collaborative risk assessment in business (“No risk in collaboration”) in the September 2010 edition of Canadian Underwriter. You must have a sound process for identifying risks comprehensively as a basis. Principles of engendering and managing innovation are closely related. If you can help one client solve a critical business problem and meet objectives, then the next department will come knocking on your door.

Read More

Risk Management Surveys

2010-05-06 / How to Implement ERM / 0 Comments

Enterprise risk management is greatly helped by knowing how to do a risk assessment that obtains high quality results. I really think this is a key answer to difficulties reported in recent risk management surveys, and the best way to develop a culture that uses evidence-based and risk-optimized decision-making.

On my other site I’ve discussed the results of several risk management surveys 2008-2009, in an Introductory Presentation. It’s a veritable crisis, because many organizations don’t have confidence in their risk identification process, and implementation is often a dry compliance exercise. I’ve outlined a recommended approach in these posts:

The January 2010 Aon Global Enterprise Risk Management Survey (free download) reports improvement in overall ERM program maturity among 201 respondents, compared to results of three years ago (p.3). But is it the same target group? – 320 organizations participated in 2007. Selection bias would I think invalidate their conclusion. Anyway, the “hallmarks of top performing enterprise risk management programs” (p.3) are interesting even if only as exploratory research.

Well, 40% of this year’s respondents report “lack of tangible benefits” as an ERM implementation barrier; while lack of “skills and capability to embed ERM” (34%) and no “clear implementation plan” (28%) are also at fault (page 13).

In my next post I will give an example of a successful enterprise risk management plan. Comprehensive and rigorous risk ID and assessment are at the heart of it.

Read More