Keys to ERM – Adaptability

Posted April 3, 2017 by riskviews
Categories: Black Swan, Change Risk, Enterprise Risk Management, Resilience, Risk Management System

Tags: ,


Deliberately cultivating adaptability is how ERM reduces exposure to unexpected surprises.

There are four ways that an ERM program encourages adaptability:

  1. Risk Identification
  2. Emerging Risks
  3. Reaction step of Control Cycle
  4. Risk Learning

Many risk managers tell RISKVIEWS that their bosses say that their objective is “No Surprises”.  While that is an unrealistic ideal objective, cultivating Adaptability is the most likely way to approach that ideal.

More on Adaptability at WILLIS TOWERS WATSON WIRE.

Keys to ERM – Alignment

Posted February 15, 2017 by riskviews
Categories: Enterprise Risk Management

ERM is focused on Enterprise Risks. Enterprise Risks are those risks that could result in losses that would require the firm to make major, unexpected changes to plans or that would disrupt the firm (without necessarily causing losses) in such a way that the firm cannot successfully execute its plans.  Enterprise Risks need to be a major consideration in setting plans.  Through discussions of Risk Appetite and Tolerance and returns for risks and the costs of risk mitigations, ERM provides a path for alignment of the risk management with the strategic objectives of the firm.

Read More about ERM Tools for Alignment at WillisTowersWatsonWire Blog.

And on RISKVIEWS with

Linking Strategy and ERM – The Final Frontier

Risk Appetite is the Boundary

Updating your Risk Register

Posted January 26, 2017 by riskviews
Categories: Enterprise Risk Management, Risk Identification

Tags: , ,

It is quite easy for an ERM program to become irrelevant.  All it takes is for it to stay the same for several years.  After just a few years, you will find that you risk management processes are focused upon the issues of several years ago.  You may be missing new wrinkles to your risks and also repeating mitigation exercises that are no longer effective or needed.

That is because the risk environment is constantly changing.  Some risks are become more dangerous while for others the danger is receding.  No firm anywhere has an unlimited budget for risk management.  So to remain effective, you need to constantly reshuffle priorities.

One place where that reshuffling is very much needed is in the risk register.  That is a hard message to sell.  Risk Identification is seen by most as the first baby step in initiating and ERM program.  How could a well developed, sophisticated ERM program need to go back to the first baby step.

But we do need to go back and somehow get people to seriously re-evaluate the Risks on the Risk Register.  That is because risk management is fundamentally a cycle rather than a a one way development process.  We are all brainwashed that constant growth and steady improvement is the fundamental nature of human enterprise.  For risk management to really work, we need that cycle model where we go back and do all of the same steps as last year all over again.

One way to freshen up the process of reviewing the risk register is to bring in outside information.  The link below provides some good outside information that you can use to stimulate your own review.

Willis Re took the top 15 risks from a dozen insurer risk registers and combined them to get 50+ unique risks.  Then over 100 insurer executives and risk management staff helped to rank those 50 risks.

2017’s most dangerous risks for insurers

We took a list of over 50 risks commonly found on insurer risk registers, and asked, “Which risks present the most danger to your firm in 2017?”

Take a look.  How does the resulting ranking look compared to your risk register?  Do any of the top 10 risks show up as middling priority in your program?  Are any of the bottom ten risks near the top of your priority ranking?  So your review can focus on a discussion of the most significant deviations between your ranking and the ranking from the link above. You need to convince yourself that you have good reasons for different priorities or change your priorities.

Keys to ERM – Discipline

Posted January 11, 2017 by riskviews
Categories: Enterprise Risk Management


There are four keys to ERM – The second is Discipline

Discipline is tightly linked with Transparency, another Key to ERM.  Transparency helps to encourage and enforce Discipline.

There are three ways that Discipline is Key to ERM.

Enterprise risk management brings discipline to the mitigation of individual risks, to aggregate risk management and ERM also promotes a disciplined commitment to a comprehensive approach to risk management.

Enterprise risk management brings the discipline to risk management by making explicit plans for managing risk and then following up, checking on the execution of those plans, and reporting the results of those checks. To some, this seems like lots and lots of needless redundancy, but they miss the point. Discipline makes risk management reliable instead of being another wild card in an uncertain world.

ERM encourages insurers to clearly state their approach to risk as well as the amount and types of risks that they will accept. Clear and coherent communication is an often-underappreciated discipline that is much more difficult than it appears. ERM provides a script and outline that makes it easier to speak clearly about risk and risk management.

ERM always starts with a risk identification and prioritization step, so that while all risks are considered, time and resources are used wisely by focusing only on the most significant risks.

Discipline is unlikely to be maintained in secret. Because of Transparency, is is easily and widely known when Discipline falters.   Insurers that want to have an effective and Disciplined ERM program will have both Discipline AND Transparency.

This is an excerpt from Discipline is key to ERM on the WTW Wire Blog.

Keys to ERM – Transparency

Posted November 16, 2016 by riskviews
Categories: Enterprise Risk Management


There are four keys to ERM.  The first is Transparency.

In traditional risk management situations, the degree to which risk is tightly controlled or loosely allowed is often a personal decision made by the middle manager who “inherited” the responsibility for a particular risk. That person may make the best decision based on full knowledge of the nature of the risk and the availability and cost of mitigation of the risk, or they might just choose an approach based on poor or even inaccurate information because that is the best that they can find with the time they can spare.

Enterprise risk management (ERM) is a commitment to executive and board attention to the important risks of the firm. In a fully realized ERM, the risk profile of the firm and the plans to change or maintain that profile from one year to the next—while exploiting, managing, limiting or avoiding various risks in ways that are tied to the firm’s  strategy—are shared among the management team and with the board.

In the best programs, the risk profile and risk plans are not only shared, they are a topic of debate and challenge. These firms realize that a dollar of profit usually has the exact same value as a dollar of loss, so they conclude that risk management, well-chosen and executed, can be as important to success as marketing.

A clever math student may be able to just write down the answer, but teachers often insist that students show their work to get credit.

“Show your work” is the idea of ERM
Show steps of and thinking behind risk management process.
Helps others understand intent and determine whether objectives are being met.

More about Transparency about risk and risk management and how it is important to executive management, to the board and to middle managers on Willis Towers Watson Wire.

Who is interested in ERM?

Posted October 20, 2016 by riskviews
Categories: Enterprise Risk Management


The map above is from Google Trends.  It shows the frequency of Google searches for the term ERM over the past year.  Darker blue means more searches.  No blue means no searches.


You can interpret the 12 states with no seaches two ways:

  • Folks in these states already know enough about ERM and have no need to search for more.
  • Folks in these states have no interest in ERM.

Either way, an interesting map.

Risk Trajectory – Do you know which way your risk is headed?

Posted July 25, 2016 by riskviews
Categories: Enterprise Risk Management, Risk Appetite, Risk Environment, Risk Management System

Tags: ,


Which direction are you planning on taking?

  • Are you expecting your risk to grow faster than your capacity to bare risk?
  • Are you expecting your risk capacity to grow faster than your risk?
  • Or are you planning to keep growth of your risk and your capacity in balance?

If risk is your business, then the answer to this question is one of just a few statements that make up a basic risk strategy.

RISKVIEWS calls this the Risk Trajectory.  Risk Trajectory is not a permanent aspect of a businesses risk strategy.  Trajectory will change unpredictably and usually not each year.

There are four factors that have the most influence on Risk Trajectory:

  1. Your Risk Profile – often stated in terms of the potential losses from all risks at a particular likelihood (i.e. 1 in 200 years)
  2. Your capacity to bare risk – often stated in terms of capital
  3. Your preferred level of security (may be factored directly into the return period used for Risk Profile or stated as a buffer above Risk Profile)
  4. The likely rewards for accepting the risks in your Risk Profile

If you have a comfortable margin between your Risk Profile and your preferred level of security, then you might accept a risk trajectory of Risk Growing Faster than Capacity.

Or if the Likely Rewards seem very good, you might be willing to accept a little less security for the higher reward.

All four of the factors that influence Risk Trajectory are constantly moving.  Over time, anything other than carefully coordinated movements will result in occasional need to change trajectory.  In some cases, the need to change trajectory comes from an unexpected large loss that results in an abrupt change in your capacity.

For the balanced risk and capacity trajectory, you would need to maintain a level of profit as a percentage of the Risk Profile that is on the average over time equal to the growth in Risk Profile.

For Capacity to grow faster than Risk, the profit as a percentage of the Risk Profile would be greater than the growth in Risk Profile.

For Risk to grow faster than Capacity, Risk profile growth rate would be greater than the profit as a percentage of the Risk Profile.

RISKVIEWS would guess that all this is just as easy to do as juggling four balls that are a different and somewhat unpredictably different size, shape and weight when they come down compared to when you tossed them up.


%d bloggers like this: