And while I was there as much for pursuing my business interests as anything, I am happy to report that enterprise risk management is alive and well. Why?
From the sessions to the roundtables to the modest exhibit hall, nearly 200 practitioners showed up at this conference to find solutions to obstacles in their implementation schemes, to investigate ways to move to the next level and to avoid the pitfalls of the pioneers. Even those who, some would say "have arrived," were willing to share their successes as well as their failures.
While I heard nothing earth- shattering, I did hear a buzz that affirmed that practitioners are moving the management of risk forward more aggressively, to satisfy more demanding stakeholders and to ultimately make their companies more successful.
I was inspired not because that's my laser focus these days, but because I knew instinctively from my early days of pursuing enterprise risk management in the Fortune 200 realm, that it really does all add up to the quality of corporate outcomes.
More pointedly, if a risk doesn't threaten or enhance the achievability of corporate objectives, I question whether it's a risk. Put another way, risk outcomes must find their way into the planning and decision-making processes of firms in order to be taken seriously, and in order that the function be properly resourced and affirmed.
It was clear to me through this forum that more and more practitioners and providers are getting this important construct. They are affirming the paradigm shift that will sustain these important efforts and finally lead to more stability in results for those that embrace it.
That's not to say that the many other reasons for enterprise risk management are not valid and useful. Whether it's compliance with financial reporting or other regulations like the Sarbanes-Oxley Act, or whether it's meeting the expectations of rating agencies or other external stakeholders, the ultimate driver for doing risk management well should be results. As I talked to attendees, both practitioners and providers, this emphasis was recurringly present.
The best news is that this focus will have the best chance of improving the dialogue with decision makers. That is, after all, what they're paid to deliver, the results.
Other important developments that were noted in this forum were a growing need to quantify risk outcomes and aggregate risk values for a clearer view of an organization's risk profile. This has been a big issue for risk managers for some time and remains a weak point for many.
Happily, there was a healthy dose of opinion that there is a place for qualitative assessment and measurement alongside the quantitative, as many strategic and business risks continue to resist quantitative measurement or assessment.
Managing risk to results then will certainly improve the reputation of enterprise risk management by generating more success in delivering the risk mission.
I predict the more serious practitioners will be the ones primed for great achievements as the discipline seeks a direction which is long overdue.
CHRIS MANDEL is the president, Excellence in Risk Management LLC, and executive vice president, rPM3 Solutions LLC, a long-term risk management leader and former president of RIMS.
December 1, 2011
Copyright 2011© LRP Publications