With pressure building to bolster oversight of emerging risks, boards of directors and C-Suite executives across the country are leaning on risk management professionals to help reduce total cost of risk and improve the bottom line.
From the SEC's new proxy rules requiring additional disclosures about the board's role in risk oversight to the latest man-made disasters, large and small, enterprise risk management (ERM), driven by an effective GRC (governance, risk and compliance) process, is taking center stage. And based on a recent survey of more than 300 senior executives, there is much work to be done.
For the study, a faculty team from North Carolina State University's ERM Initiative partnered with the American Institute of Certified Public Accountants' Business, Industry, & Government Team to survey more than 330 senior executives about their risk management processes in place today. Among other things, the researchers found that risk management processes within the organizations surveyed continue to be "relatively immature and ad hoc." Ironically, that finding is in direct contrast of the fact that 63 percent of those polled believe that the volume and complexity of risks have changed "extensively" or "a great deal" in the last five years.
Other key findings from the report include: more than 76 percent of respondents indicated that key risks are being communicated only on an ad hoc basis at management meetings; nearly 70 percent noted that management does not routinely report the entity's top risk exposures to the board of directors; and 48 percent admit that they are "not at all satisfied" or are "minimally" satisfied with the nature and extent of reporting to senior executives of key risk indicators. While not detailed in this report, it is becoming more evident that the quality of the data used in these reports is often unsupportable. Essentially, "junk in = junk out." The need to significantly improve the quality of data is becoming a major concern.
"As that study clearly demonstrates, the need for a technology-supported enterprise risk management strategy has never been stronger," says Bob Morrell, co-founder and CEO at Marietta, Ga.-based Riskonnect, a provider of cloud-based enterprise-class technology for the risk management industry. "The good news for the risk management industry - and ERM consultants in particular - those tools exist and are finally available."
In fact, Morrell says that to do successful ERM consulting today, a strong technical platform is a "must have," rather than a "nice to have" option.
Morrell explains that the ability to "connect the dots" and create an effective ERM process not only requires a technology platform, but also facilitates getting started.
Seattle-based Milliman, one of the world's largest actuarial and consulting firms, is one of Riskonnect's key Consulting Partners. As such, it works with Riskonnect to sell Milliman GRC, powered by Riskonnect. This product includes Milliman's unique ERM and GRC business processes and supports the integration of other tools and concepts developed by Milliman.
"Risk managers are pressured knowing they need to do something. You know you need a system, and unless you already have a mature ERM process, you know you need help. The Riskonnect/Milliman partnership is the only place you can get the best technology and consulting in one comprehensive package," Morrell continued.
"Consultants in the Riskonnect Partner Program provide customers with strategic risk management consulting, integration, and implementation services for the Riskonnect suite of enterprise-class software applications," he says. "Our partners can help deploy Riskonnect's risk management solutions to maximize value and return on investment."
Milliman's Risk Advisory Services (Milliman RAS) practice group delivers a portfolio of risk consulting services, including enterprise risk design, test and build projects, operational risk assessments, ERM education and training, and ERM technology evaluation. Plus, the Milliman ERM practice uses diagnostic consulting strategies to understand an organization's enterprise risk goals and challenges, and then customizes solutions to deliver required business results. Further, through the integration of data from other Milliman tools, such as its Risk DNA Analytics, clients are provided with the path to take their ERM program to higher levels in a cost effective manner.
According to Russell McGuire, Senior Consultant and Product Manager for Milliman RAS group, GRC technology is an enabler of ERM, not a replacement for it. But it is a critical component to move the client away from unstructured, unsustainable spreadsheet approaches to managing the multitude of data flows."
"Riskonnect's ERM platform is a suite of critical tools, but the most important aspect is that the sequence of use by which the various components of a GRC tool are applied is critical to avoid excessive governance and inappropriate or ineffective compliance activity," McGuire says. "Too many GRC tools start with governance, then compliance and then look at risk, but that's out of whack. You need to address risk as the first issue. Getting the sequence right is critical, and GRC is the process that can help get you there."
Milliman produces an exclusive configuration of the Riskonnect platform to meet the needs of the client. Riskonnect ERM is part of Milliman's service offering used to introduce and move ERM up the maturity scale for clients.
"There becomes a point in time where using Excel spreadsheets just won't cut it anymore," he says, referring to the more traditional way of trying to execute an ERM process.
Milliman's RAS practice consults around the implementation and ongoing use of the product to support the ERM process. McGuire explains that the critical function is for the GRC platform to be a "warehouse and not a replacement" for the ERM process.
"You do not want to replace embedded systems, but you do want it to import all the critical bits of data from the other systems," he says, adding that the Riskonnect suite of products including their RMIS and incident reporting solution form a significant component of an ERM process. "That way, the board, senior management, and direct reports to senior management can get a clear, concise enterprise-wide view of risk issues - the data is that is viewed in individualized dashboards with the underlying data accessible via drill down capabilities. With that, they can make the best decisions for the company regarding risk."
McGuire also is keen on the idea that Riskonnect's technology is cloud-based, meaning that it requires very little IT involvement, which translates into speed of implementation and support together with lower cost.
Milliman's Risk Advisory Services group, McGuire explains, goes well beyond advising clients on the more traditional role of reserving for losses.
"Once clients identify their top risks, we can do a deep dive on the top three to five risks that have the greatest expected impact on the organization's viability and deliver significant benefits to understanding those risks," he says, adding that Milliman clients include insurers and non insurers.
Finally, McGuire cites Riskonnect's major advantage of "speed to solution," which gives Milliman the ability to meet customer needs quickly, in a variety of ways.
"I have worked with other GRC solutions, and Riskonnect's visualization technology to view and organize hierarchy, for example, is outstanding," he says. Recently, McGuire says, a client requested an organizational chart of sorts that showed the risk level of each business division within a company, with the added ability to "drill down" into areas that showed red (indicating higher risk).
"Riskonnect delivered a way of viewing it, a visualization tool that gave the client the ability to discuss the risk issues and devise potential solutions. It was a fantastic, effective tool."
"The ability to use this type of tool - its forward looking, proactive ability - is completely amazing," he says. "With it, we can help clients focus on the things that really matter to the organization in terms of risk."
For its part, Riskonnect's relationship with Milliman is exactly what Morrell and his founding partner, Antonio Dabraio, had in mind when they launched the firm in 2007.
Morrell continues, "Working with partners like Milliman is a great way for a business to begin a formal ERM process or formalize a process that is not yet mature. What you get is a consultative engagement, but with our cloud computing platform there is no expensive, time-consuming system implementation, nor extensive learning curve."
"We know the technology and understand ERM and its drivers, but the Milliman RAS group brings its expertise to bear," he says. "When you have a market like ERM, and people don't know what to do, Milliman can help them determine what they need to do for their ERM program to work. With boards demanding it, senior leadership has to respond. And we've proven that through the right technology and talented consulting, there are solutions out there right now."
Morrell says companies have been struggling for more than a decade to get a valuable ERM program in place, In fact, some companies have tried to do it on their own and it sometimes works, but more often than not, they needed a jumpstart, so to speak. So they used consultants but often were left with a great report but a limited ongoing ERM process. Until recently, however, even the consultants didn't have the technology, so they handed over paper-filled binders, which were relatively worthless when it comes to board- and senior-management-level decision-making relative to risk, and ongoing ERM efforts.
"Today, our technology enables a pilot program and the power to keep it going enterprise-wide, delivering the dashboards and other tools that allow board and senior management to easily access the information and react," he says. "In simple terms, ERM is the right people, with the right technology-based tools, responding to the information provided by asking the right questions."
(The above piece is part of our continuing Insights series designed to highlight key products and services to our readers. This paid-for Insights was written and edited by Risk & Insurance®
on behalf of our marketing partner. Additional Insights can be found on our Web site at www.riskandinsurance.com/.)
July 28, 2010
Copyright 2010© LRP Publications