Note: This is the 18th, and final, in a series of blog posts looking at key findings of a Milliman survey on enterprise risk management (ERM) sent to more than 1,000 CFOs, CROs, and ERM directors in the first quarter of 2012. More findings may be found here.

ERM is most frequently linked to risk transfer strategies, capital management, and strategy development. Linkage to performance management, product development, incentive management, and operating plans is lagging, as shown in Figure 18. It is interesting that some respondents indicated that their ERM programs are linked to risk transfer strategies because most operational and strategic risks cannot be mitigated with these strategies. The cost vs. value of ERM programs will appear more favorable once linkage is shown with operating plans, strategic planning, and incentive management.

It is well known that financial services firms use ERM strategies and techniques in conjunction with capital management, new product design, and strategy and financial planning. There is also increased linkage of ERM to operating plans for general corporates. This may signal more acceptance of ERM techniques around risk assessment by the operating companies and business units.

Note: This is the 17th in a series of blog posts looking at key findings of a Milliman survey on enterprise risk management (ERM) sent to more than 1,000 CFOs, CROs, and ERM directors in the first quarter of 2012. More findings may be found here.

As seen in Figure 17, future development of the maturity and value of ERM programs will consist of:

• Linking ERM with strategy development
• Developing an emerging risk process
• Moving from qualitative to quantitative risk assessments
• Integrating ERM with performance management

 
ERM, when done effectively, should support the decision-making process in organizations. Strategic plans should be risk adjusted. A risk-adjusted strategic planning session can be an important component of the annual budget process because it can highlight risks and opportunities not previously considered.

An emerging risk process should be an important component of any ERM program. A simple process to identify, analyze, monitor, report, and communicate future risk information should be developed in all organizations. A complete risk assessment may not be necessary unless the emerging risk impact grows from one assessment period to the next.

As organizations move from qualitative to more quantitative risk assessments, they will start to provide much better information to their decision makers. Not only will they be collecting data on expected loss, but also on unexpected loss, which most organizations do not assess. Many organizations budget for expected loss, but it is the unexpected loss, especially those tail-event losses, that can cripple an organization. Moving from single-loss-distribution to aggregated-loss-distribution modeling can assist organizations with their mitigation capital and strategies. Credit and market losses are modeled by most organizations, and projected losses can be mitigated through hedging and risk transfer strategies. Finally, understanding risk relationships will substantially improve an organization’s ability to understand expected and unexpected loss.

Note: This is the 16th in a series of blog posts looking at key findings of a Milliman survey on enterprise risk management (ERM) sent to more than 1,000 CFOs, CROs, and ERM directors in the first quarter of 2012. More findings may be found here.

Although compliance and BOD responsibilities for risk oversight still dominate ERM program benefits, risk reduction of likelihood/impact levels is growing quickly. The survey results shown in Figure 16 support this.

It is interesting to note that none of the respondents linked the benefits of their ERM programs to an increase in stock price or a reduction in stock price volatility. In February 2010, Standard and Poor’s (S&P) published the report “Enterprise Risk Management Continues to Show Its Value for North American and Bermudan Insurers,” which links effective ERM programs to increases in share value and reduced volatility in earnings. In the report, Howard Rosen, the primary credit analyst, says in part:

Although average stock prices declined among all public multiline insurers in 2008, companies with more advanced ERM programs experienced smaller stock price reductions. Those companies whose stock performance was better (i.e., those whose price declines were smaller) had received higher ERM scores. On the other hand, those companies whose stock prices had larger declines had lower ERM scores. This is consistent with Standard & Poor’s view that more robust ERM programs are the most valuable in times of more pronounced stress. Looking at ERM scores relative to stock performance in 2009 reveals a different pattern….

Companies with Excellent and Strong ERM scores—companies whose stock prices performed better during the more stressful 2008—still improved during 2009, but didn’t need to perform as well as companies with lower ERM scores to return to their pre-2008 levels of performance…

This report was updated in May 2011 with the same results.

Note: This is the 15th in a series of blog posts looking at key findings of a Milliman survey on enterprise risk management (ERM) sent to more than 1,000 CFOs, CROs, and ERM directors in the first quarter of 2012. More findings may be found here.

Most respondents had not calculated the cost versus the benefit of their organizations’ ERM programs. However, approximately 35% of financial services and 39% of general corporates responded that their ERM programs’ value exceeded their costs, as shown in Figure 15. As organizations move from using their enterprise risk assessment results solely for boards of directors (BODs) and compliance reporting, it is likely that we will see a trend to calculate the cost versus the benefit of ERM programs, especially as it relates to strategic decision-making and performance management.

In addition, some organizations are challenged to see risk reduction levels as a metric that might translate into return on investment. One organization constructed a total cost of risk calculation with several variables and tried to calculate a before and after view of benefit. Yet another company constructed a return-on-investment calculator that tried to compare ERM costs vs. ERM benefits. However you view or measure costs vs. benefits, the trend is that more and more organizations are perceiving a positive value in relation to cost. We think this trend will continue.

Note: This is the 14th in a series of blog posts looking at key findings of a Milliman survey on enterprise risk management (ERM) sent to more than 1,000 CFOs, CROs, and ERM directors in the first quarter of 2012. More findings may be found here.

Compliance and board reporting still dominate the use of enterprise risk assessments. This approach can create a foundational ERM program, but organizations are starting to use their enterprise risk assessments in other areas as well. Figure 14 shows that 21% of financial services respondents also use their enterprise risk assessments for compliance, board and agency reporting, and to drive strategic decision making. ERM programs might be more properly resourced if these programs created tangible business value and generated better results.

As ERM programs mature there is more emphasis on operational and capital benefits gained from these processes; as the programs mature there will be increased emphasis on reporting, regulatory requirements, and/or an audit focus. Risk assessments are more often utilized by individual business units to establish a basis for mitigation and control capital, because risk assessments use data and measurement to understand risk levels. Risk assessments are also used as the basis for risk-adjusting operating plans and capital requests at budget time. Finally, we see more risk assessment data and a stand-alone and an aggregated basis integrated into the strategic planning process.

Note: This is the 13th in a series of blog posts looking at key findings of a Milliman survey on enterprise risk management (ERM) sent to more than 1,000 CFOs, CROs, and ERM directors in the first quarter of 2012. More findings may be found here.

Figure 13 shows that only 14% of financial services respondents and 22% of general corporates respondents have a method to understand the return on investment (ROI) of mitigation and control activities. This is an important measure, which many companies do not assess with enough consistency. Measuring the return on mitigation and control activities could be a useful way for an organization to keep track of those activities that are positively impacting the organization versus those that are not. A successful ERM program can free up capital to spend in other business areas, and this is just one calculation that can show the value of an organization’s ERM program.

Mitigation and control capital is limited and has associated costs. Developing a framework to assess mitigation capital and ROI can be a key component of an organization’s ERM program, and we see that most organizations do not have such a framework or a way to assess their mitigation activities. In many cases, companies will have to establish a foundational risk metric framework in the assessment process that can give them a more complete understanding of:

• Inherent risk
• Expected loss
• Unexpected loss
• Managed risk
• Residual risk