By MATTHEW BRODSKY, senior editor/Web editor of Risk & Insurance®
Sandeep Vishnu is being honest. In his report titled "Enterprise Friction," the partner in the Finance, Risk & Compliance Group at consultancy Capco wrote, "Fast forward to today, and risk management is still receiving short shrift because so many companies are scrambling to make ends meet."
He's referring specifically to financial services companies, but he could be just as easily referring to any sector.
When times are bad, he goes on to explain, company leaders avoid the additional costs of risk management because their balance sheet is already bleeding red. The problem is, in good times, these same leaders ignore risk management "because they're too busy counting their money," writes Vishnu.
Perhaps especially in the financial world, risk management is often seen as an (un)necessary evil that puts a hit on revenue and innovation and has no calculable return on investment.
Coming to the defense of one segment of financial services--insurance--is Howard Mills, former New York superintendent of insurance and current director and chief adviser of the Insurance Industry Group at Deloitte.
"From what I see, certainly in the insurance industry, risk management is really at the fore of people's thinking today," he said.
From his vantage, banking has some catching up to do in terms of program sophistication, yet all firms nowadays need to focus on ERM because of all the "pressure points" they have to respond to, according to Mills, such as investors, ratings agencies, the board and regulators.
One of Vishnu's primary solutions is for organizations to rethink their attitude toward risk management. Consider it a positive force, a "friction" that, when applied in the right amount, leads to resiliency and agility.
"In the end, creative tension between strategy and risk management should be seen as a positive development in organizations," the author writes.
Pulling this off could take the buy-in and active involvement of the CEO, the boards of directors and business-lines senior executives to change the organization's risk culture.
Mills agreed that the risk management plan must be imbedded into culture, with buy-in and investment up and down the organization. From insurance CFOs, he's heard that many companies have created distinct risk committees, besides audit and finance. That sends a great message, he added.
Not only will risk management's voice need to be heard throughout the enterprise--and risk mitigation considered equally as important as risk taking--but its effects will need to be considered outside of the quarterly-report ROI timeframe, according to Vishnu.
The Capco report offers ways for companies to get past ERM lip service and toward putting their money where their mouth is. One is aligning compensation practices with risk management, "so that they reward long-term value creation and not just short-term gains."
A couple other lessons from the financial meltdown of 2008 are: an enterprisewide approach to collecting and analyzing data, and the avoidance of simplistic, incomplete risk modeling.
"The dissolution of Lehman Brothers and the near collapse of AIG offer good examples of the shortcomings of traditional analytics," Vishnu writes.
Let's not forget reporting. A system must be installed to make sure the right people, both in-house and at regulators and investors, get the right information.
All in all, the concept of risk management friction is not too eye-opening, but should encourage fresh discussion--and reinforce the concept that ERM is serious business now.
"It's no longer good enough to come in with a neat diagram and chart," said Mills.
March 23, 2010
Copyright 2010© LRP Publications