The End of ERM
In essence, if ERM is to be implemented in a way which helps an entity get to where it wants to go, it needs to have a bias toward action which many applications currently lack. “The End of Enterprise Risk Management” David Martin and Michael Power
In 2007, Martin and Power argued that the regulatory based Enterprise Risk Management programs that were COSO based provided the illusion of control, without actually achieving anything. Now if you are an executive of a firm and you believe that things are being done just fine, thank you very much, then an ineffective ERM program is just what you want. But if you really want ERM, the something else is needed. Martin and Power suggest that the activities of ERM are focused much too much on activities that do not reault in actions to actually change the risks of the firm. This is a favorite topic of RISKVIEWS as well. See Beware the Risk Management Entertainment System.
RISKVIEWS always tells managers who are interested in developing ERM systems that if some part of an ERM program cannot be clearly linked to decisions to take actions that would not have been taken without ERM, then they are better off without that part of ERM.
Martin and Power go on to suggest that ERM that uses just one risk measure (usually VAR) is difficult to get right because of limitations of VAR. RISKVIEWS would add that an ERM program that uses only one risk measure, no matter what that measure is, will be prone to problems. See Law of Risk and Light.
It is very nice to find someone who says the same things that you say. Affirming. But even better to read something that you haven’t said. And Martin and Power provide that.
Finally, there is a call for risk management that is Reflexive. That reacts to the environment. Most ERM systems do not have this Reflexive element. Risk limits are set and risk positions are monitored most often assuming a static environment. The static environment presumption in a risk management system works if you are operating in an environment that changes fairly infrequently. In fact, it works best if the frequency of change to your environment is less then the frequency of your update to the risk factors that you use. That is, if your update includes studying the environment and majing environment driven changes.
RISKVIEWS has worked in ERM systems that were based upon risk assessment based upon “eternal” risk factors. Eternal Risk factors are assumed to be good “for all time”. The US RBC factors are such. Those factors are changed only when there is a belief that the prior factors were inadequate in representing the full range of risk “for all time”.
But firms would be better off looking at their risks in the light of a changing risk environment. Plural Rationality theory suggests that there are four different risk environments. If a company adopts this idea, then they need to look for signs that the environment is shifting and when it seems to be likely to be shifting, to consider how to change their risk acceptance and risk mitigation in the light of the expected new risk environment. The idea of repeatedly catching this wave and correctly shifting course is called Rational Adaptability.
So RISKVIEWS also strongly agrees with Martin and Powers that a risk management system needs to be reflexive.
In “The End of ERM” Martin and Powers really mean the end of static ERM that is not action oriented and not reflexive with the environment. With that RISKVIEWS can heartily agree.