Old Risk Management Programs – 10 ERM Questions from Investors – The Answer Key (7)
Riskviews was once asked by an insurance sector equity analyst for 10 questions that they could ask company CEOs and CFOs about ERM. Riskviews gave them 10 but they were trick questions. Each one would take an hour to answer properly. Not really what the analyst wanted. Here they are:
- What is the ﬁrm’s risk proﬁle?
- How much time does the board spend discussing risk with management each quarter?
- Who is responsible for risk management for the risk that has shown the largest percentage rise over the past year?
- What outside the box risks are of concern to management?
- What is driving the results that you are getting in the area with the highest risk adjusted returns?
- Describe a recent action taken to trim a risk position?
- How does management know that old risk management programs are still being followed?
- What were the largest positions held by company in excess of the risk limits in the last year?
- Where have your risk experts disagreed with your risk models in the past year?
- What are the areas where you see the ﬁrm being able to achieve better risk adjusted returns over the near term and long term?
They never come back and asked for the answer key. Here it is:
Every company has legacy risk management programs. Some are being dutifully followed, some have been abandoned and some are actually still alive and well. The best answer to this question would be that the company has a process for periodically assessing all of its ERM programs. That there is an aging metric for risk treatment processes and whenever a risk treatment process has gone three years without any changes or updates, that triggers a review. In that review, the risk staff assess whether the risk treatment is still needed, whether it is still effective and whether it can be updated to take advantage of new developments.
One particular concern is whether changes elsewhere in the company have created a need for major increases or decreases in the tolerance for the risk being treated. It is quite possible that changes elsewhere in the risk profile of the firm means that there now may be natural offsets to the old risk and risk treatment can be reduced. It is also possible that the risk treatment program was put in place assuming that the risk would grow to a size that would make it material to the risk profile of the firm. If that growth has not materialized, or if growth elsewhere in the firm has changes the scale considerations, then the materiality of the risk and the resulting need for the risk treatment program needs to be reassessed.
Of course, it also could be true that the level of risk treatment activities that were put in place in the past may be found to be inadequate and need to be increased. This could be because the understanding of the risk has changed and the risk treatment is less effective than initially thought. Or it may be that the risk environment has heightened and the risk per unit of activity is currently higher than assumed in determining the approach to risk treatment.
The cost of the risk treatment program should also be assessed. There may now be different alternatives for achieving the same effectiveness of risk treatment for a lower cost that were not available previously.
This is important because everyone tends to forget old risks. They just assume that since they have not been mentioned for some time that they have gone away. But in many cases, old risks of insurers tend to linger. And if the risk treatment programs that are supposed to be controlling those risks are being handled in an autopilot sort of mode, those risks might erupt into a totally unexpected problem if there is any stress.Explore posts in the same categories: Enterprise Risk Management, Risk Treatment comment below, or link to this permanent URL from your own site.