The Risk Balancing Act

All firms are performing a difficult balancing act. They are balancing the need to go out and take risks by doing something to expand their businesses with the need to be safe and secure. Most firms have found a happy spot – at least for now – in that balancing act.

Firms in the risk business are doing a double balancing act. They always have the same sort of risk of failure that all businesses have – that is the risk that they will not have enough customers. In addition, they have the risk that the business that they have captured may just blow up in their faces with claims or losses far in excess of their expectations.

So when a firm in the risk taking business learns how to survive their dual balancing act, they will be very sensible if they are very, very reluctant to make changes to their process for balancing. They are going to be extremely skeptical if the advice for change comes from someone – a regulator or member of their own company’s risk management team – who has not real world experience of this balancing.

To most of the successful managers of risk taking firms, ERM seems like an awkward and unnatural process. To them, ERM manuals read like a book of detailed instructions on how to breathe.

That is because these firms all have plenty of risk management already.

However, the ERM imperative from the regulators and rating agencies requires that they explain that risk management and that they adopt some formal processes and documentation that was not, in their opinion, needed.

There are two approaches to achieving the ERM that is wanted by these outside forces:

Clean Slate – work to install a comprehensive ERM program as if on a clean slate, ignoring or replacing all existing risk management activities. This results in a complete ERM program that will fulfill all of the external requirements.
Augmentation – work to carefully understand the existing risk management system. Start by documenting the strengths of that system. Next move to identifying the weaknesses of that system and then making adjustments and additions to improve risk management performance in those areas of weakness.

RISKVIEWS strongly favors the second approach. RISKVIEWS has observed that many firms following the Clean Slate approach never complete the installation of the new ERM system, or if they do complete it, they abandon it after a short time period. Firms following the Augmentation approach also will falter with installation but they have usually added to their ability to explain what they already do well and may have added a few new risk management practices that actually enhance their business.

The first step in the Augmentation approach is to develop an understanding of the possibilities that an ERM program presents and to choose from those possibilities the practices that the firm will want to include in its ERM program. Those possibilities include:

A strict control process for risks that the firm has a zero tolerance for.
Risk measurement and tracking for control of the risks that the firm wants to limit exposures.
Risk based pricing for those risks that the firm takes to make its profits to assure that the sales that are one of the primary objectives of the firm are supporting the long term performance of the enterprise.
A risk profile that communicates the relationship between plans and risks taking over time.
A process for assessing and maintaining adequate capital for the risks taken by the firm.
Risk capital allocation to support the process of optimization of risk adjusted returns.
Communication of risk management processes for the board and outside audiences.
An assurance process regarding continuous implementation of the risk management program.

Once management selects the ERM practices that they want for their ERM program, they then need to go through the self assessment exercise.

Riskviews