Look Inside

Proactive risk identification and mitigation are a hot topic in the boardroom. Previously, companies were reluctant to delve into risks in case they found a material fact requiring disclosure that might alarm the market. However, most boards now realize that a strong Enterprise Risk Management (ERM) program offers significant advantages, not least helping to determine effective resource allocation.

"Transparency is an important aspect of  good corporate governance," says Ken Krenicky, Principal of Core Risks Ltd. (CRL), a Jardine Lloyd Thompson associated company.  Karen Bachman, Director of Risk Management and Privacy at Shire Pharmaceuticals, for example, says her board promoted ERM in the light of increasing regulation focusing on corporate governance such as Sarbanes-Oxley and the UK Code of Corporate Governance.

ERM is also part of how the market sees the business. Ratings agency Standard and Poor's says that ERM infrastructure and controls (or the lack thereof) can affect a company's credit status. Steve Dreyer, Practice Leader, Utilities and Infrastructure Ratings, explains: "We currently include a review of management capabilities in our credit ratings. ERM may help us make those reviews more forward-looking."

"Having good ERM means building a definition and process that fits your own business," says Andrew Tait, a Principal of CRL. However, there is a common approach to developing strategies. It begins with top level support, which feeds down and across the business.

An effective strategy?

It is vital to consult the wider business. Michelle Mason, a Partner at Jardine Lloyd Thompson says: "Beyond asystematic risk identification and monitoring process, it can also be beneficial to have a discussion around ad hoc support, such as risk workshops for new projects or strategic decisions, post-event risk evaluation and company learning."

The next challenge, Tait says, is to: "Work with your consultant to develop  a vocabulary, mission statement, priorities, approach, and scope that reflects your business." Choosing the right global framework (for example, COSO (Committee of Sponsoring Organizations of the Treadway Commission) or ISO (International Organization for Standardization)) on which to base your program depends on management culture and style. "Setting materiality - the thresholds at which losses matter - is important," stresses Tait. "Defining the break points allows you to ‘bucket' different types of risks."

One of the challenges is aligning ERM with business management processes. Neil Campbell, Head of Life Science and Chemicals at Jardine Lloyd Thompson, emphasizes: "You don't want to have two parallel processes dealing with different information."  There are off-the-shelf solutions available, but Ken Piña, a Principal at CRL warns: "The process has to be engrained in the organization and reflect its culture. If you adopt an off-the shelf solution, you're going to be pushing your organization to fit the process, rather than building a process to fit the organization." Bachman says in her experience, ERM evolves continually: "We've introduced ERM in stages. It's important to start at a level that works for the business and its units. It has been important not to do too much, but to tap in at the right spot to get them to report significant risks."

It is not necessary to roll this out across the organization simultaneously. Tait says: "Support of ERM has to be at the enterprise level, but you can pilot implementation in a division." Mason confirms: "A pilot can be a practical way to ensure the process is the right fit, particularly where a business has concerns."

What do you gain?

An effective ERM program breaks down silos, enhances understanding of fund allocation and provides a corporate perspective by improving understanding of problems and solutions.

There is also intrinsic value in ensuring your board understands the risks of the company and can report accurately to stakeholders. Bachman says: "We have a Risk Council that reviews risk reports and looks at mitigation plans, ensuring we're directing budget in the right place."  Managing a successful company implies taking risk. With good ERM, such  risks are understood by the business and the market. They can be planned for and mitigated. ERM clearly involves an investment at a time when resources are under pressure, but it is an investment that can deliver considerable benefits. Managing a successful company implies taking risk. With good ERM the risks are understood by the business and the market. They can be planned for and mitigated. ERM clearly involves an investment at a time when resources are under pressure, but it is an investment that can deliver considerable benefits.