WHAT IS ENTERPRISE RISK MANAGEMENT?
Enterprise risk management (ERM) can be viewed as a natural evolution of the process of risk management. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) defines enterprise risk management as: â⌠a process, effected by an entityâs board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.â The COSO definition is intentionally broad and deals with risks and opportunities affecting value creation or preservation. Similarly, in this book, we take a broad view of ERM, or what we callâa holistic approach to ERM.
Some sources have referred to ERM as a new risk management paradigm. As in the past, many organizations continue to address risk in âsilos,â with the management of insurance, foreign exchange, operations, credit, and commodities each conducted as narrowly focused and fragmented activities. Under ERM, all risk areas would function as parts of an integrated, strategic, and enterprise-wide system. And while risk management is coordinated with senior-level oversight, employees at all levels of the organization using ERM are encouraged to view risk management as an integral and ongoing part of their jobs.
The purpose of this book is to provide a blend of academic and practical experience on ERM in order to educate practitioners and students alike about this evolving methodology. Furthermore, our goal is to provide a holistic coverage of ERM, and in this process, provide the ââwhat,â âwhy,â and âhowâ of ERM to assist firms with the successful implementation of ERM.
The chapters that follow are from some of the leading academics and practitioners of this new methodology, with the in-depth insights into what practitioners of this evolving business practice are actually doing, as well as anticipating what needs to be taught on this topic. The leading experts in this field clearly explain what enterprise risk management is and how you can teach, learn, or implement these leading practices within the context of your business activities.
Enterprise Risk Management introduces you to the wide range of concepts and techniques for managing risk in a holistic way, by correctly identifying risks and prioritizing the appropriate responses. It offers a broad overview of the different types of techniques: the role of the board, risk tolerances, risk profiles, risk workshops, and allocation of resources, while focusing on the principles that determine business success. This comprehensive resource also provides a thorough introduction to enterprise risk management as it relates to credit, market, and operational risks, and covers the evolving requirements of the rating agencies and their importance to the overall risk management in a corporate setting. As well, it offers a wealth of knowledge on the drivers, the techniques, the benefits, and the pitfalls to avoid, in successfully implementing enterprise risk management.
DRIVERS OF ENTERPRISE RISK MANAGEMENT
There are theoretical and practical arguments for the use of ERM. As outlined in Chapter 2 there has been an increasing consciousness in risk literature that a more holistic approach to managing risk makes good business sense.
External drivers for its implementation have been studies such as the Joint Australian/New Zealand Standard for Risk Management,1 the Committee of Sponsoring Organizations of the Treadway Commission (COSO),2 the Group of Thirty Report in the United States (following derivatives disasters in the early 1990s),3 CoCo (the Criteria of Control model developed by the Canadian Institute of Chartered Accountants),4 the Toronto Stock Exchange Dey Report in Canada following major bankruptcies,5 and the Cadbury report in the United Kingdom.6
Major legal developments such as the New York Stock Exchange Listing Standards and the interpretation of the recent Delaware case law on fiduciary duties, among others, have provided an additional force for ERM.7 In addition, large pension funds have become more vocal about the need for improved corporate governance, including risk management, and have stated their willingness to pay premiums for stocks of firms with strong independent board governance.8 ERM has also increased in importance due to the Sarbanes-Oxley Act of 2002âwhich places greater responsibility on the board of directors to understand and monitor an organizationâs risks.
Finally, it is important to note that ERM can increase firm value.9 Security rating agencies such as Moodyâs and Standard & Poorâs include whether a company has an ERM system as a factor in their ratings methodology for insurance, banking, and nonfinancial firms.
SUMMARY OF THE BOOK CHAPTERS
As mentioned earlier, the purpose of this book is to provide a blend of academic and practical experience on ERM in order to educate practitioners and students alike about this evolving methodology. Furthermore, our goal is to provide a holistic coverage of ERM, and in this process, provide the what, why, and how of ERM to assist firms with the successful implementation of ERM. To achieve this goal, the book is organized into the following sections.
- Overview
- ERM Management, Culture, and Control
- ERM Tools and Techniques
- Types of Risks
- Survey Evidence and Academic Research
- Special Topics and Case Studies
- A brief description of the author(s) and the chapters is provided below.
Overview
In Chapter 2, âA Brief History of Risk Management,â we ask Felix Klomanâretired risk management consultant, conceptual thinker, and lover of sailingâto provide the background and history of risk management and the evolution of enterprise risk management. Felix was ideally suited to do this as someone who has dedicated more than 30 years to sharing stories, raising interesting risk concepts, and generally enjoying the challenges of this entire field. There is no one we know who is better suited or knows more about this topic. He takes us right back literally to some of the earliest recorded thinking on risk management and brings us through the ages to current thinking. Felix goes back to the basic questions of âWhat is risk management? When and where did we begin applying its precepts? Who were the first to use it?â He provides a highly personal study of this disciplineâs past and present. It spans the millennia of human history and concludes with a detailed list of contributions in the past century. This is an ideal starting point for anyone new to the topic of risk management or the older scholars who wish to revisit this easy-to-read summary of risk. Felix is adamant in his view that risk must consider opportunities as well as threats.
âERM and Its Role in Strategic Planning and Strategy Executionâ is presented in Chapter 3 by Mark L. Frigo (Director, the Center for Strategy, Execution, and Valuation and Ledger & Quill Alumni Foundation, Distinguished Professor of Strategy and Leadership at the DePaul University Kellstadt Graduate School of Business and School of Accountancy, Chicago) and Mark S. Beasley (Deloitte Professor of Enterprise Risk Management and Professor of Accounting in the College of Management at North Carolina State University, and Director of North Carolina Stateâs Enterprise Risk Management Initiative). The authors have captured the essence of leading ERM and strategic risk management initiatives at their universities as well as their work with hundreds of practice leaders in enterprise risk management. They recognize that one of the major challenges in ensuring that risk management is adding value is to incorporate ERM in business and strategic planning of organizations. They explain how focusing on strategic risks serves as a filter for management and boards of directors to reduce the breadth of the risk playing field and ensure that they are focused on the right risks. These insights should help respond to the numerous calls following the recent credit crisis for improvements in overall risk oversight, with a particular emphasis on strategic risk management.
In Chapter 4, âThe Role of the Board of Directors and Senior Management in Enterprise Risk Management,â Bruce Branson (Professor and Associate Director, Enterprise Risk Management Initiative, North Carolina State College of Management) explains that the oversight of the enterprise risk management process employed by an organization is one of the most important and challenging functions of a corporationâs board of directors. He notes that a failure to adequately acknowledge and effectively manage risks associated with decisions being made throughout the organization can and often do lead to potentially catastrophic results. Bruce explains the shared responsibility between the members of the board and the senior management team to nurture a risk aware culture in the organization that embraces prudent risk taking within an appetite for risk that aligns with the organizationâs strategic plan. He identifies the legal and regulatory framework that drives the risk oversight responsibilities of the board. He also clarifies the separate roles of the board and its committees vis-Ă -vis...