Should we, employees, shareholders and members of society blindly accept the means in which a company becomes successful? Should a stockholder be given the ammunition to argue the process a business uses in spite of high quarterly profits? Does the end justify the means?
Thus far, we the investors for the most part have judged companies on their financial performance. Now we may get access to insight on their overall risk management performance as well. Standard & Poor's Ratings Services have fortified their focus on risk management for all organizations and deem it a critical dimension that shapes overall creditworthiness. Applause--it is about time.
Earlier this year, S&P announced its intent to broaden its review of ERM practices from financial and insurance companies to non-financial services companies. S&P began assessing insurance and financial companies' ERM practices in 2005-2006 and were always intent on including non-financial firms in their review.
It was a much less contentious undertaking with the financial and insurance sectors. Those sectors already were using ERM concepts in the trading and hedging arena. Many non-financial companies have yet to embrace ERM and expand its role beyond insurance and audit.
As such, S&P is planning a "soft launch" within the non-financial sector starting with an ERM benchmarking process which is expected to commence in the fourth quarter of 2008. The benchmarks are intended to help form the future basis of scores and assess relative performance levels within diverse sectors.
Thus far, S&P has remained impartial as to the actual form ERM should take. The basic anatomy of the ERM credit score will focus on four key ERM components. It will consider risk-management culture and governance, risk controls, emerging-risk preparation and strategic management. Scores will be identical to those already in place for the financial sector: from "weak"--indicating companies are void of controls for one or more major risks, to "excellent"--for companies that can tangibly demonstrate governance of an array of risks.
For now though, the benchmarking process will attempt to get a sense of management's ability to understand, articulate and successfully manage risk and gain insights as to its potential influence on the company's ability to repay debt obligations.
The underlying risk culture of organizations shall be derived principally from interviews with senior managers with questions such as: Does management intend to proactively manage key risks and are there sufficient resources allocated to achieve risk management objectives? Is the board involved and do managers understand the firm's tolerance for risk?
Enjoying a lower cost of debt as a result of a solid ERM program is no doubt a tantalizing benefit. Maybe now it can be said that the "means can boost the end." That being said, there is still much chatter around the subjectivity of the approach and S&P's ability to justly dissect a risk culture via interviews at a senior level. The true test will still remain--will S&P have the stomach to give a business with a strong financial position a lower rating as a result of their ERM assessment?
JOANNA MAKOMASKI, the former risk manager for a global energy company, is a leading specialist in innovative Enterprise Risk Management methods and implementation techniques for ERM Quickstart. She writes on risk management.
October 1, 2008
Copyright 2008© LRP Publications