In order to understand their conclusions, one first has to understand how they define ERM. To the authors, it is a purely quantitative approach to managing risk--and only in financial institutions. To them, ERM does not exist outside of banks. It is true that many of the concepts that led to ERM came out of the financial realm. In the '80s, the concept of the Capital Allocation Pricing Model led to a desire to look at the risk attributes of the entire investment portfolio. Later concepts such as Value at Risk and Risk Adjusted Return on Capital, among others, led to an increasing focus on risk in the decision-making process.
These concepts of a portfoliowide risk assessment led to the concept of a holistic view of risk. Taking a cue from the financial sector, other segments of the economy sought to replicate this view. Currently, ERM is thriving in nonfinancial companies.
That Martin and Power limit the definition of ERM to financial institutions is not an error on their part; rather, it is the standard way that risk managers define risk management. Those in the actuarial field define ERM as an actuarial science. Those in governance-oriented fields define it as a form of governance. Every specialized niche in the risk management profession defines ERM within the confines of its own specialty.
If there is a weakness in the field of risk management, it is this tendency to remain within tightly defined loci. Felix Kloman, a retired principal of Stamford, Conn.-based Towers Perrin, refers to this as "regression to the silos."
The current state of risk management is similar to that of a group of medieval towns. One town might have perfected masonry but knows nothing of carpentry. Another is great at carpentry but has no understanding of architecture. Dotted across the countryside are small fiefdoms, each possessing one skill set, and lacking a host of others. Each remains blissfully unaware that a short distance away others have solved most of the major problems with which they still grapple. If only these fiefdoms could pool their knowledge, they could easily join forces to build a beautiful, architecturally advanced cathedral.
Likewise, the risk management fiefdoms most frequently focus only on what they already know and fail to avail themselves of the solutions already perfected by others. ERM does indeed have many shortcomings within certain silos. In the financial realm, the focus on the purely quantitative has left huge strategic and operational risks unaddressed.
It is clear to see from "The End of Enterprise Risk Management" that the financial world is struggling mightily with its ERM framework.
What the paper fails to state is that many have figured out how to solve numerous risk management problems. For those of us in the traditional risk management world, operational risks are not a challenge. We can easily manage natural disasters and business disruption. We can even put a value on such abstract things as pain and suffering. Let's see a bank do that with its quant models.
If only we could share our solutions across the different ERM specialties. We would readily find that the complete solution already exists. We can build a cathedral of ERM, if only we can learn to learn from others.
BEAUMONT VANCE is the risk management columnist for Risk & Insurance®. He manages risk for Sun Microsystems Inc.
October 15, 2007
Copyright 2007© LRP Publications