Enterprise Risk Management

Enterprise and Strategic Risk Management Gains Traction

DENVER / SAN FRANCISCO --- Preparations for RIMS’ 2014 annual conference are getting underway in Denver, as several thousand risk professionals prepare for four days of networking opportunities and professional education, interspersed with a bit of fun and public service.

Amongst 163 sessions on a wide variety of topics are 17 presentations focused on Enterprise Risk Management (ERM) and Strategic Risk Management (SRM). The ERM and SRM topics are extremely varied, and include discussions on a broad spectrum of perspectives on enterprise and strategic risk management. Session topics include Risk Appetite, Reputational Risk, Growing your business through strategic risk-taking, IT Risk, and the use of Monte Carlo Simulation to Build an Optimal Risk Portfolio. The total number of sessions at the 2014 RIMS National Conference has increased by 60% from the 2013 national conference held in Los Angeles.

Presenters include senior risk officers, leading educators, forward-thinking insurers, and ERM consultants. Some of the presentations extend the content of panel discussions which were well-received at RIMS’ Enterprise Risk Management November, 2013 conference in San Francisco.

At the ERM conference in San Francisco, John Phelps, director of Business Risk Solutions at Florida Blue, explained that “you must take risk to get reward” and that “risk-taking is the frontier of ERM.” Phelps displayed an excellent diagram showing “the politics of getting it done.”

Carol Fox, Director of Strategic and Enterprise Risk Practice, RIMS, elaborated that RIMS has created key documents, available at rims.org, including “Risk Appetite and Tolerance Statement,” an “Emerging Risk Report,” and “”Maturity Model: EMR Journey.” New RIMS reports include “Risk Reports and Perceptions” and “Understanding Reputational Risk.”

Alan Parisse, keynote speaker, referred to risk management as the “guardrail that allows an organization to move more quickly to its objectives.”

At the San Francisco conference, Laura Langone, Senior Director of Global Risk Management of Juniper Networks, equated strategic risk management with corporate agility, saying it’s critical to “be on top of disruptive technology.” At Juniper Networks, Langone oversees development of a digital platform for crisis planning and response, using “off-the-shelf” Microsoft Sharepoint, at a fraction of the cost of developing such programs from scratch. The platform performs stakeholder identification and outreach, by identifying internal and external audiences, assigning liasons and backup contacts, and identifying the preferred method of communication with each stakeholder. Laura will speak at the RIMS national conference in Denver, on “ERM in a Culture of Innovation.”

Linda Conrad, Director of Strategic Business Risk at Zurich Global Corporate, spoke at the San Francisco ERM conference on how to develop a “risk culture.” She explained how an operational unit of Zurich was able to reduce the amount of capital it required by more than 20%, by moving from “asset-based” operational risk quantification to a “risk-based” approach. The result was improved profitability. She will be participating on a panel in Denver on the topic: “Enterprise Cost of Risk: Gaining a Clearer View of What is at Stake.”

Mary Peter, Director of Enterprise Risk Management at consulting firm Eide Bailly LLP, reflected in San Francisco on risk appetite and tolerance, saying that “risk tolerance is always greater than risk tolerance.” She mentioned that COSO has published an excellent treatise on risk appetite.

Frank Fiorille, who heads a team of approximately 250 risk management specialists at payroll, HR and benefits service giant Paychex. He says key future risk events of consequence are likely to include interest rates, cyber- attack, germ warfare, food risk, and pandemic.

Fiorille’s words at the RIMS ERM conference in San Francisco may be regarded as prophetic, given recent disruptions to the world’s food supply. Beef prices are at a 30-year high, due to drought in the Midwest in 2012, and currently in California. Bananas, the eighth most important food crop in the world, and the fourth most important one for developing nations, are being attacked by TR-4, a fungal strain of Panama disease. Millions of people worldwide rely on the $8.9 billion banana industry for their livelihood. A bacterial disease, citrus greening, has significantly reduced production of oranges in Florida’s $9 billion citrus fruit industry. And more recently, PED virus has been killing young pigs, boosting prices in the $9 billion hog-futures market.

Phillip Van Saun, University of California Director of Risk, Security, and Resilience, spoke in San Francisco on “Conditioning for Disruption.” He says the university system works to prevent, respond, and recover from crises by risk-sensing, “micro-gaming”, vulnerability reduction, and developing “fast and frugal” crisis decision-making skills. The University’s ERM program emphasizes becoming “anti-fragile and resilient. “ One of the techniques used is “constructive paranoia.” An example of fast and frugal decision-making was the successful exit of all Dean Witter employees from Tower 1 of the World Trade Center. Disaster response plans alone are inadequate. “Enron had an ethics plan, and BP had a blowout plan.” He recommends the book “Signal and the Noise”

A number of presentations in San Francisco focused on limitations of quantitative analysis in risk reporting. A Miami University and RIMS Executive research paper, “Risk Reports and Perceptions” concludes that “… in the strategic risk setting the use of qualitative [rather than quantitative] data is positively related to the perceived reliability and relevance of the data …” Similar sentiments were echoed by Rob Gould, Harley-Davidson director of internal audit. He commented after receiving RIMS’ 2013 ERM Award of Distinction, for Harley-Davidson’s success in implementing ERM and in creating a risk-aware culture throughout its organization. He said that, at Harley-Davidson, risk issues are not overly-quantified to decimal point levels. Rather, he says, “Is it big or not? We don’t quantify.”

Dr. Paul Walker of St. Johns University in NYC presented “Good, Great, Going, Gone: Strategy Lessons for Risk professionals.” He spoke of how a company’s decision to move its manufacturing to China was followed by a slide in its share value, due to repeated supply-side problems, and delays in obtaining product. He says “Tactical input to strategy” would have been helpful in identifying alternatives to the decision to move production outside of the U.S. Dr. Walker will speak at the RIMS National Conference in Denver on Reputational Risk.

Morgan Keane, ?Manager, Enterprise Risk Management of Port Authority of New York and New Jersey, closed the San Francisco ERM conference, saying “You can’t change culture overnight.” She suggests “taking baby steps” to effect organizational change, and advised “you can’t be afraid to make mistakes.”

Just a few years ago, enterprise risk management was in its infancy in corporate America. From the depth and variety of educational programs at the conferences in San Francisco, Denver, and elsewhere, it is clear that the practice is rapidly gaining traction. In 2013, RIMS and New York-based Advisen Ltd. surveyed more than 1,000 risk professionals. 63% of respondents said they have “fully or partially integrated” ERM strategies into their risk management programs, compared with 54% of who said they were using ERM in RIMS' 2011 survey, and 36% in 2009. In viewing these results, of course, it is important to realize that the survey’s response rate was 8%, and that tens of thousands of small and mid-size organizations did not participate in the survey. But in any event it is clear that ERM and SRM are growing rapidly.

It will be interesting to see whether “traditional” risk management practices evolve toward embracing the precepts of ERM/SRM, particularly in melding “risk-taking” with such traditional practices as risk avoidance, risk finance, and risk transfer.

Allen Monroe
April 10, 2014

Enterprise Risk Management 2014. The Conference Board. Tuesday, April 1, 2014, Sheraton Centre Toronto Hotel, Toronto

Enterprise Risk Management has made it to the top of many senior leaders andBoard of Directors' lists in the aftermath of major corporate collapses in the past several months. The Conference Board's 2014 Enterprise Risk Management Conference will look at a variety of factors that companies must consider when undertaking risk management for the entire company including:

Information Technologies for Support of Enterprise Risk Management A presentation by Allen Monroe to Enterprise-wide Risk Management, a conference sponsored by International Quality and Productivity Council of Canada, December 12, 2001, Toronto.

The Evolving Role of the Chief Risk Officer A presentation by Allen Monroe to a conference sponsored by International Quality and Productivity Council, October 30, 1998 in San Francisco.

Global Association of Risk Professionals


Return to RiskINFO home page