Keys to ERM – Transparency

Posted November 16, 2016 by riskviews
Categories: Enterprise Risk Management

keys

There are four keys to ERM.  The first is Transparency.

In traditional risk management situations, the degree to which risk is tightly controlled or loosely allowed is often a personal decision made by the middle manager who “inherited” the responsibility for a particular risk. That person may make the best decision based on full knowledge of the nature of the risk and the availability and cost of mitigation of the risk, or they might just choose an approach based on poor or even inaccurate information because that is the best that they can find with the time they can spare.

Enterprise risk management (ERM) is a commitment to executive and board attention to the important risks of the firm. In a fully realized ERM, the risk profile of the firm and the plans to change or maintain that profile from one year to the next—while exploiting, managing, limiting or avoiding various risks in ways that are tied to the firm’s  strategy—are shared among the management team and with the board.

In the best programs, the risk profile and risk plans are not only shared, they are a topic of debate and challenge. These firms realize that a dollar of profit usually has the exact same value as a dollar of loss, so they conclude that risk management, well-chosen and executed, can be as important to success as marketing.

A clever math student may be able to just write down the answer, but teachers often insist that students show their work to get credit.

Take-Away:
“Show your work” is the idea of ERM
Show steps of and thinking behind risk management process.
Helps others understand intent and determine whether objectives are being met.

More about Transparency about risk and risk management and how it is important to executive management, to the board and to middle managers on Willis Towers Watson Wire.

Who is interested in ERM?

Posted October 20, 2016 by riskviews
Categories: Enterprise Risk Management

enterprise-rm-map

The map above is from Google Trends.  It shows the frequency of Google searches for the term ERM over the past year.  Darker blue means more searches.  No blue means no searches.

 

You can interpret the 12 states with no seaches two ways:

  • Folks in these states already know enough about ERM and have no need to search for more.
  • Folks in these states have no interest in ERM.

Either way, an interesting map.

Risk Trajectory – Do you know which way your risk is headed?

Posted July 25, 2016 by riskviews
Categories: Enterprise Risk Management, Risk Appetite, Risk Environment, Risk Management System

Tags: ,

Arrows

Which direction are you planning on taking?

  • Are you expecting your risk to grow faster than your capacity to bare risk?
  • Are you expecting your risk capacity to grow faster than your risk?
  • Or are you planning to keep growth of your risk and your capacity in balance?

If risk is your business, then the answer to this question is one of just a few statements that make up a basic risk strategy.

RISKVIEWS calls this the Risk Trajectory.  Risk Trajectory is not a permanent aspect of a businesses risk strategy.  Trajectory will change unpredictably and usually not each year.

There are four factors that have the most influence on Risk Trajectory:

  1. Your Risk Profile – often stated in terms of the potential losses from all risks at a particular likelihood (i.e. 1 in 200 years)
  2. Your capacity to bare risk – often stated in terms of capital
  3. Your preferred level of security (may be factored directly into the return period used for Risk Profile or stated as a buffer above Risk Profile)
  4. The likely rewards for accepting the risks in your Risk Profile

If you have a comfortable margin between your Risk Profile and your preferred level of security, then you might accept a risk trajectory of Risk Growing Faster than Capacity.

Or if the Likely Rewards seem very good, you might be willing to accept a little less security for the higher reward.

All four of the factors that influence Risk Trajectory are constantly moving.  Over time, anything other than carefully coordinated movements will result in occasional need to change trajectory.  In some cases, the need to change trajectory comes from an unexpected large loss that results in an abrupt change in your capacity.

For the balanced risk and capacity trajectory, you would need to maintain a level of profit as a percentage of the Risk Profile that is on the average over time equal to the growth in Risk Profile.

For Capacity to grow faster than Risk, the profit as a percentage of the Risk Profile would be greater than the growth in Risk Profile.

For Risk to grow faster than Capacity, Risk profile growth rate would be greater than the profit as a percentage of the Risk Profile.

RISKVIEWS would guess that all this is just as easy to do as juggling four balls that are a different and somewhat unpredictably different size, shape and weight when they come down compared to when you tossed them up.

 

Linking Strategy and ERM – The Final Frontier

Posted July 19, 2016 by riskviews
Categories: Enterprise Risk Management

4 steps to linking strategy and ERM

Many organizations have use the concepts and practices of Enterprise Risk Management to improve the control of their major risks. If applied properly, ERM will improve the transparency and discipline of risk management.  With a risk management regime that is transparent and disciplined, management should begin to notice whether it is aligned with company objectives…whether it is linked with strategy.  When linked with strategy, ERM can act like the crew on a catamaran who lean against the tilt of the boat in heavy wind.  Or to use another nautical analogy, can be the keel of the boat that helps to keep it upright.  The aligned ERM program will not be heavy cargo stacked on the deck, nor will it act like the passengers who run to the low side of the boat.

And better still, ERM can help the boat to get where it is going by helping to choose a path between or around the rocks.  But insurer strategies vary widely, so it seems logical that the linkage of ERM with strategy will vary.  And that may be the reason that there is so much difficulty with the process of aligning strategy and ERM.  Too much advice that focuses on just one way to accomplish that – one way that will work best with just one of the dozens of existing insurer strategies.

4 steps to linking strategy and ERM continues this discussion on the Willis Towers Watson blog.

You have to show up

Posted June 20, 2016 by riskviews
Categories: Chief Risk Officer, Enterprise Risk Management, ERM, Insurance Risk

Woody Allen’s adage that 80% of success is showing up is particularly difficult for some managers to take to heart regarding risk management.

When risk management is successful, there is no bell that rings.  There are no fireworks.  Usually, a successful risk management moment is evidenced by a lack of big surprises.

But most days, big surprises do not happen anyway.

So if risk managers want to be appreciated for their work, they have to do much more than just show up.  They need to build up the story around what a very good day looks like.

  • One such story would be that a very good day might happen when the world experiences a major catastrophe.  A catastrophe that is in the wheel house of the firm.  And because of a good risk management process, the firm finds that its losses are manageable within its capacity to handle losses.
  • In 2011, there were major earthquakes in New Zealand, Japan and Chile.  One reinsurer reported that they had exposures in all three zones but that they were still able to show a (very small) profit for the year.  They credited that result to a risk management process that had them limiting their exposure to any one zone.  A risk manager could work up a story of events like that happening (multi event stress scenarios) and preview the benefits of ERM.

With such stories in mind, when that big day comes when “Nothing Happens”, the risk managers can be ready to take credit!

But to do that, they need to be sure to show up.

 

Management by Onside Kick

Posted June 6, 2016 by riskviews
Categories: Credit Risk, Data, Decision Makng, Enterprise Risk Management, Hedging, Uncategorized

Tags:

Many American football fans can recall a game when their team drove the ball 80 or more yards in the waning moments of the game to pull within a touchdown of the team that had been dominating them. Then they call for the on side kick – recover the ball and charge to a win within a few more plays.

But according to NFL stats, that onside kick succeeds only 20% of the time in the waning minutes of the game.

Mid game onside kicks – that are surprises – work 60% of the time.

But mostly it is the successful onside kicks that make the highlights reel. RISKVIEWS guesses that on the highlights those kicks are 80% or more successful.

And if you look back on the games of the teams that make it to the Super Bowl, they probably were successful the few times that they called that play.

What does that mean for risk managers?

Be careful where you get your statistics. Big data is now very popular. Winners use Big Data. So many conclude that it will give better indications. But make sure that your data inputs are not from highlight reels or from the records of the best year for a company.

Many firms use default data collected by rating agencies for example to parameterize their credit models. But the rating agencies would point out that the data is from rated companies only. This makes little difference for rated Bonds. There the bonds are rated from issue to maturity or default. But if you want to build a default model of insurers or reinsurers then you need to know that many insurers and some reinsurers will drop their rating if it falls below a level where it hurts their business. So ratings transition statistics for insurers are more like the highlight reels below a certain level.

Some models of dynamic hedging strategies were in effect taking the mid game success rates and assuming that they would apply in bad times. But like the onside kick, things worked very different.

So realize that a business strategy and especially a risk mitigation strategy may work differently when things have gone all a mess.

And an onside kick is nothing more than putting the ball in play and praying that something good will happen.

Have you become “Nose Blind” to deficiencies in your ERM program?

Posted May 16, 2016 by riskviews
Categories: Enterprise Risk Management

You may have seen the commercial for the room freshener about becoming “Nose Blind” to odors.

Well, the same thing happens all the time, even in good ERM programs.

In the early days of ERM, the smart CRO is willing to take the victories that they can get and not let the “perfect be the enemy of the good”. And if they do it right, they will end up with an ERM program much faster then the perfectionist CRO and his two or three successors.

But, that CRO will eventually become “nose blind” to the weak spots in ERM. Just as a long term homeowner who goes to sell a house and has a hard time believing that new buyers cannot just step over that bad spot on the floor just as they have been doing for 10 years.

That is the reason that an outside audit of an ERM program is needed every so often.  The outside audit brings in a fresh nose.  But you need to be careful in charging the auditor.

There are two aspects of the ERM program that the auditor needs to look for:

  1. Poor execution of the ERM Framework
  2. Incomplete ERM Framework

And the nose blindness might apply in either aspect.  The CRO may have become nose blind to the places where someone is doing a weak job of execution.  Again, this may have been the area that was least supportive of ERM when the program was new.  So due to steady opposition, the CRO eventually just learns to live with whatever the managers in that area are willing to do, however minimal and ineffective.  And the CRO could be responsible to choosing to not attempt some normal parts of an ERM program when they are first making up the ERM Framework of the company.  Or, the standard that was initially used as the template for the ERM Framework might not have been very good for the types of risks that are taken by the company.  For example, the COSO ERM standard is intended to be applicable to all sorts of firms.  Its advise is fairly generic.  An insurer is a firm whose business it is to accept financial responsibility for other people’s risks.  There are a number of ERM standards developed specifically for insurers.  But an insurer that uses the COSO ERM standard as its sole guide will have difficulty achieving the level of ERM program maturity of those who followed insurance specific standards.

For those without the budget to hire an outside auditor can use two techniques can help you to clear the air and smell things with fresh nose:

  1. For execution issues, ask your folks to do peer audits of each other.  When people from your weakest area see the level of practice in another area, they will get some sense of what they are missing.  And when the people from the strongest execution area folks do an audit of another area, their best practices can be spread more widely.
  2. Review your ERM Framework against a different standard than the one that you used to create it.  Do not pull punches, if that different standard says to do something in a certain manner, mark your framework as potentially deficient if you are not operating in that manner.  Then work to honestly resolve these issues.  These alternate standards may have their own area of nose blindness, but they would never have risen to standard status unless they had some serious benefits for the users.

%d bloggers like this: