Is Enterprise Risk Management Worth It?

Is Enterprise Risk Management Worth It?
Guest Post by Max Rudolph, January 2016

Some say that risk practitioners have been managing risk forever, and enterprise risk management (ERM) is nothing new. Others contend that a new crisis every few years is crucial to avoiding cuts in funding during stable periods. These "happy times" are actually when risk exposures grow, only to be noticed when times are bad. As Warren Buffett has said, it is only when the tide goes out that we know who has been swimming naked.Ponzi schemes like the one run by Bernie Madoff are great case studies for this unfortunate reality.

As the researcher behind the annual Emerging Risk Survey, sponsored by the Joint Risk Management Section (Canadian Institute of Actuaries, Casualty Actuarial Society, Society of Actuaries), I try to include interesting questions about current topics. In the 2014 survey I asked, Does ERM improve returns relative to risk? Respondents were given the choices Yes/No/Not Sure, and provided the opportunity to comment. There is a wide range of knowledge from those who respond, and comments generally come from those with lots of experience. The results are fascinating, especially when mapped to the specific response.

More than half of respondents (57 percent) answered "yes," while 26% were Not Sure and 16% said No. In an evolving practice area this can be very helpful to see what others feel is working and what is not.

ERM is Working

Comments have been segmented based on how they answered the lead-in question. Some responses from those saying "Yes" used words like "awareness," "transparency," "discussions," "balance," "decreasing volatility" and "better decisions." Some specific comments were:

• Reduce likelihood of major losses
• Better able to chop off the tails of returns primarily through risk avoidance in product design
• Helps identify and mitigate some tail risk that might have otherwise been passively accepted
• ERM creates the framework, tools and metrics to evaluate return against risk.
• One business area is not working against another business unit on the same risk
• We have caught issues earlier because of ERM.
• Better understanding of marginal impacts of business decisions.

ERM is Not Working

Getting your hands around the nuances is worthwhile when dealing with an experienced group of risk managers. Here are some comments from those saying ERM has not improved returns relative to risk. Except for those fighting with a bureaucratic risk culture they don't sound much different than those saying "yes."

• Helps to understand the risks being taken. It would stabilize returns, so reduce volatility and not necessarily the absolute level.
• The purpose of ERM is to avoid the impact of the risks at a minor cost. There is a positive return relative to what would happen otherwise.
• Most activities have so far been regulatory measures.
• It is more a matter of focusing on the risk-return trade-off than it is about ERM.
• ERM is largely involved with quantifying risks; however, senior management doesn't understand and doesn't use any information.
• Creation of a top-heavy bureaucracy with too many unaccountable reviewers.

The comments from those answering "Not Sure" are even more interesting. Unlike most survey questions, here these responses may be the most thoughtful.

• Like buying insurance, poor deal in good times.
• Utimately it becomes part of how you do business and it is hard to identify the specific impact.
• You can't measure what didn't happen.

I certainly have my opinion of how a risk team should operate to be effective, but many others have good ideas too. There is no convergence of best practices at this point, although risk culture clearly is a primary driver. Learning and "borrowing" from other teams is encouraged. Sometimes interactions with ERM practices and failures in other industries can show you what to do as well as what not to do.

Culture drives expectations of a risk team. Some management teams look at risk in all forms as bad, and try to set up controls to eliminate any possibility of a risk. Others focus on risk in only certain sections of a distribution, either trying to optimize the common results around the mean or looking strictly in the tail. Each of these interpretations is important, but a focus on one ignores the other and is suboptimal.

Risk teams can leverage regulatory efforts like Own Risk and Solvency Assessment (ORSA) in the insurance industry to develop and improve internal ERM efforts. Firms can leverage techniques by seeing best practice tools that others are using, as regulators provide feedback. A regulatory requirement can provide funding that improves your decision making ability at the same time. Rightly or wrongly, budget is easier to allocate when there is a compliance aspect to it.

As companies buy in to the benefits of enterprise risk management, both from the top down and the bottom up, risk culture will drive value. ERM pays for itself when management becomes aware of its risk exposures and balances risk and return as it makes tactical and strategic decisions.

Opinions reflect the author and not Actex or the sponsors of the research cited.

About the Author: Max Rudolph, FSA CFA CERA MAAA is the founder of Rudolph Financial Consulting, LLC. He focuses on ERM and ALM topics as they are integrated with company strategy. He can be reached at max.rudolph@rudolph-financial.com.