There are dozens of risk managers working in corporate America today who sincerely believe they are executing enterprise risk management. Yet, when their practices come under the microscope, it turns out that they are doing nothing of the sort.
At the other end of the spectrum, there are plenty of risk managers around the country who are practicing the discipline without even knowing it, because what they are doing isn't called "enterprise risk management."
How do risk managers know whether their employer is involved in enterprise risk management in the first place?
For starters, they ought to stop watching comedian Bill Engvall Jr. on Comedy Central, who came up with the phrase, "Here's your sign," and proposed hanging signs on dimwits asking silly questions so others might steer clear. Instead, risk managers should tune into Bill Panning, executive vice president of Willis Re, leader of the broker's enterprise risk management initiative.
Though Panning and other ERM experts are unlikely to be as colorful as Engvall, Panning and company promise to be just as insightful, given their industry experience, perspective and the data with which they are familiar.
Panning, who marvels at the width of the gap between "what we know in principle and what we actually practice," isn't shy about reminding companies with ambitions of mounting an ERM initiative how easy it is to get caught up in details at the expense of why ERM projects are initiated in the first place.
"I know somebody who is in the business of consulting on ERM, and they worked with the client," says Panning, "and finally after all the presentation of the results and everything was all set . . . the CEO said, 'Well what does this mean we ought to do?' "
"And the answer was, 'It all depends on your utility function.' Well, we knew that beforehand, but that isn't a very helpful reply," says Panning.
More than a decade ago, corporations sank millions into what was then known as dynamic financial analysis, the precursor to enterprise risk management, in an attempt to understand risk more broadly than a collection of isolated exposures.
Some initiatives were successful but many failed, leaving frustrated managers to weed through disjointed sets of data with seemingly no connection to any of the corporation's products, services, customers, shareholders or employees.
"We kind of forgot what the question was," says Panning, who spoke in March at the annual Enterprise Risk Management Symposium hosted by the Casualty Actuarial Society. "And I think that's the real big danger in ERM."
ASKING THE QUESTIONS
Indeed, which is why it's time to sort through some of the confusion and find out if risk executives belong to an organization that's committed to and serious about enterprise risk management.
At the risk of incurring the derision of the comedian Engvall, risk managers and insurance company executives ought to be asking the following questions:
* "How much risk is your firm taking?" Panning says banks can answer that "with a specific number right off the top of their heads."
* "Is your firm taking more risk or less risk than a year ago, and how do you know?" Panning says.
* "Has your investment risk increased or decreased over the past three months, and how do you know?"
Dozens of insurance firms, says Panning, citing a special index tracked by the Chicago Mercantile Exchange, have seen their risk increase from January through March of this year.
* "How much investment risk are you taking relative to your underwriting risk?" Panning also asks. "How do you know?" On this question, in any given company, debate rages in the C-suite and among the cubicles of actuaries.
Yet for all the discussion and the occasional terse e-mail exchanges about the relation between investment and underwriting risk, few people within insurance companies ever pursue the question "because they have no way to answer," says Panning; unless, of course, you've got a reputable ERM program.
* And lastly, adds Panning, managers need to ask themselves the all-important question about capital at risk: "Do you have the right amount of capital to support the risk you are taking? How do you know?"
For the manager who can answer these questions, it's a good sign that her employer is practicing enterprise risk management. "If you can't answer these questions," Panning says, "I don't think you're doing ERM day to day."
Risk management departments need good reasons to convince the C-suite to invest in an ERM program, and they need to devote a minimum of 18 months to two years before they can expect to see some results, according to consultants and managers who implemented such initiatives.
These programs need the serious attention of the board and executive management. Without that, they're not worth doing. Companies should get going with ERM if they want to get a better handle of risk, learn to make better decisions, make more effective use of corporate capital and maintain financial ratings, experts say.
And now, the warning: If ERM is a strategy for getting rid of internal silos, if it's a technique to convince the board that the company is more confident about managing risk, or if the goal is simply to comply with U.S. and European regulators, then a prospective ERM program is already flawed, says Panning.
Implementing an ERM program because risk executives need to look good next month at the meeting with ratings analysts from A.M. Best and Standard & Poor's is not the reason companies should be starting ERM programs, he says.
"You have to have dedication to the process," says Thomas E. Hettinger, managing director, EMB America LLC, a nonlife consultancy. ERM programs with the best chances of success are those that are inclusive of other departments and divisions of companies such as finance, research and operations, he says.
ERM programs may originate in actuarial departments, but if other departments ignore it, the initiatives aren't going to fly. "If it has no external involvement, it will usually die pretty quickly," says Hettinger.
Mark Homan, assistant vice president at Hartford, Conn.-based The Hartford Financial Services Group, which some experts cite as having an exemplary ERM program, points to several reasons for the firm's success with ERM.
The first is that the ERM program is under centralized control. The second is that the program applies beyond risk management to pricing, monitoring and incentive compensation. The third is that several departments--"a wide base of people"--were involved in developing the program.
And lastly, managers were able to show that modeling risks simultaneously to reflect "diversification potential" meant the carrier required between 10 percent and 30 percent less surplus than if the risks were modeled in a silo.
In addition, The Hartford, which comprises three business units, a property/casualty unit, a life unit and an asset management division, was able to smash through the traditional fiefs that jealously guard information at the expense of other departments working on the same project.
"Hartford is great at sharing knowledge," says David Ruhm, assistant vice president with The Hartford's property/casualty unit's actuarial department. Implementing a solid ERM program, of course, wasn't without its challenges, according to Hartford managers.
Probably not, but so far the signs are that the carrier has followed the right steps in building an ERM program. There's little chance anyone will be laughing at signs dangling from the stag's antlers, Hartford's symbol of strength and reliability.
CYRIL TUOHY is managing editor of Risk & Insurance®.
READ MORE: Features | Special Reports | Industry Risk Reports | Columnists | In-Depth Series
July 1, 2007
Copyright 2007© LRP Publications