An investment in enterprise risk management is necessary and vital for all corporations large and small because the ability of companies to transfer risk using insurance is limited and often unpredictable.
Lacking a mechanism to transfer 100 percent of the risks places the onus on that very corporation, not its insurance partner. Ultimately, corporations are responsible for managing and minimizing their own risks, either via loss control, higher retentions or through an enterprise risk management program.
Risk today is too complex, changing and costly to be treated as just another insurance purchase, and companies ought not lay that responsibility onto someone else. Carriers are in the business of covering known risks, which is to say risks with a long and well-documented loss history. They are not in the business of covering emerging risks, the proverbial "unknown unknowns," that seen to be pelting companies from all sides.
Even small companies are in some ways more vulnerable than large companies. Cyberleaks and data breaches present exposures that small companies would not have had to worry about 20 years ago. New risks emerge all the time, and enterprise risk management programs can be tailored as companies see fit.
An enterprise risk management program consists of building a framework to address "high-level" C-suite discussions about risks that are expected to emerge three to five years down the road. As such, it is a kind of planning blueprint helping management calculate its total cost of risk.
Enterprise risk management plays a vital part in giving the board an overall view of a company's total cost of risk. Breaking down the corporate silos allows senior managers to reallocate capital more efficiently to hedge against niches of likely corporate exposures.
One can quibble over whether an enterprise risk management program should focus on compliance and financial reporting. Or, one can argue about whether an enterprise risk management program is better off focusing on results, or collecting qualitative and quantitative assessments necessary for regulatory requirements.
But there's no question that imbuing the enterprise large and small with risk management thinking and operating a company within a risk management framework is vital to the survival of the corporation.
The Risk and Insurance Management Society Inc.'s inaugural Enterprise Risk Management Conference last fall, was an affirmation that risk management as a discipline is moving ahead with managing risk using a corporate framework.
CYRIL TUOHY is a managing editor of Risk & Insurance®. He can be reached at firstname.lastname@example.org.
April 13, 2012
Copyright 2012© LRP Publications