Founded in 2011, the Milliman Risk Institute provides scientific-based thought leadership on all facets of enterprise risk management (ERM). Composed of senior risk executives, actuaries, and university professors, the Milliman Risk Institute Advisory Board meets semiannually to discuss ERM trends, research, and key topics.
Risk-taking lies at the heart of all entrepreneurial activity, and monitoring management’s efforts to identify, monitor, and manage risk is a key responsibility of the board of directors that is closely linked to the board’s role in overseeing corporate strategy and performance. The board has a vital role to play in assisting management to:
• Focus on the risks associated with corporate strategies and the ever-changing business and geopolitical environment,
• Determine the company’s risk appetite
• Devote appropriate resources to risk identification and management activities.
Prudent risk-taking requires reliable information about the trade-offs in risk and reward and a fundamental understanding of risks associated with the drivers of corporate performance. Management is responsible for capturing this information with the assistance of the enterprise risk management (ERM) system it puts in place to help identify risks and their possible impacts.
Identifying and understanding both emerging and long-term risks can be difficult, and boards should press management to continually scan the environment and think about both the immediate future and the longer-term outlook. The challenge is to escape overreliance on data that by its nature is focused on the past.
The good news is that both boards and managements have become more savvy over recent years with respect to risk oversight, particularly since the global financial crisis. Many boards are currently focused on geopolitical risks relating to Brexit and the recent U.S. presidential election, and are grappling with what uncertainties may lie ahead and what the company can do to prepare. Boards are also beginning to pay more attention to risks relating to the Internet of Things—in addition to cybersecurity, which has been top of mind for many companies for some time now. Some boards have also added directors with specialized competencies to help navigate risks of particular concern to individual companies. For example, technology and/or cybersecurity expertise are on the “wish list” of new director backgrounds for many companies (per the Spencer Stuart Board Index 2016).
ERM professionals can help boards “look around corners” with respect to emerging risks and provide support to boards that are determining what to do next. They can also help boards understand the time horizons involved with respect to risks such as those relating to climate change and water rights that require longer-term thinking, and they can assist the boards in prioritizing discussions on longer-term issues. Boards should ensure that there is sufficient time on the agenda to discuss emerging and long-distance risks, in addition to more typical risks, and pay attention even when something might not seem mission-critical. The world is constantly changing at an ever-increasing pace and risk managers help boards stay in front.
Holly Gregory is a member of the Milliman Risk Institute Advisory Board. She is co-leader of Sidley Austin LLP’s Corporate Governance and Executive Compensation practice. As part of this blog series, we asked Holly to share her views on trending topics in ERM.