ERM Control Cycle
The seven principles of ERM for Insurers can be seen as forming an Enterprise Risk Control cycle.
Next to the steps of setting Considerations and Underwriting the risks. These steps are sometimes operated together and sometimes separate, usually depending upon the degree to which the risks are small and homogeneous or large and unique.
The Risk Control cycle is then applied to the risks that have been accepted. That step is needed because even if a risk is properly priced and appropriately accepted, the insurer will want to manage the aggregate amount of such risks. Within the risk control cycle, there is a risk mitigation step and within that step an insurer may choose to reduce their total risk or to increase their risk taking capacity.
Risks that have been accepted through the underwriting process and that the insurer is retaining after the risk control cycle process must be assessed for Provisioning, both for reserve and capital.
Finally, for this discussion of the ERM Cycle, the insurer needs to consider whether there are additional risks that have been unknowingly accepted that may emerge in the future. The Future risk principle provides a path for that step.
For the ERM Cycle, there is actually no such thing as FINALLY. As a cycle, it repeats infinitely. The picture above has many two headed arrows in addition to the one way arrows that represent a single circular process.
The ERM idea sits in the middle of these seven principles. The ERM idea is the idea that an insurer will follow a cycle like this for all of the risks of the insurer and in addition for the aggregation of all risks. This will be done to protect all of the stakeholders of the insurers, policyholders, stockholders, bondholders, management, employees and communities to the greatest extent that their sometimes contradictory interests allow.
Most firms will put different degrees of emphasis on different elements. Some will have very faint arrows between ERM and some of the other principles. Some insurers will neglect some of these principles completely.
It may be that the choice of which principles to emphasize are tightly linked with their view of the risk environment.