What is Enterprise Risk Management?
Enterprise risk management (ERM) is the process of coordinated risk management that places a greater emphasis on cooperation among departments to manage the organization’s full range of risks as a whole. ERM offers a framework for effectively managing uncertainty, responding to risk, and harnessing opportunities as they arise.
Unlike previous risk management practices, the concept of enterprise risk management embodies the notion that risk analysis cuts across the entire organization. The goal of ERM is to better understand the shock resistance of the enterprise to its key risks and to better manage enterprise risk exposure to the level desired by senior management.
History of ERM
The concept of a holistic approach of risk management traces its roots to the early 1970s when Gustav Hamilton of Sweden’s Statsforetag proposed the “risk management circle” to describe the interaction of all elements in the risk management process (assessment, control, financing and communication).
In the 20th century, risk managers were primarily responsible for managing "pure" risks through the purchase of insurance, though the concept of risk management soon became associated with financial risk management with the use of derivative financial products.
There are several checkpoints that have driven the need for enterprise risk management. This includes an increase in:
- Greater transparency
- Financial disclosures with more strict reporting and control requirements
- Security and technology issues
- Business continuity and disaster preparedness in a post-9/11 world
- Focus from rating agencies
- Regulatory compliance
- Globalization in a continuously competitive environment
- Risk Management – the discipline by which an organization identifies, assesses, controls, measures and monitors various risks and opportunities for the purpose of achieving the entity’s strategic and financial objectives.
- Capital Management – the discipline by which capital is deployed within an organization based on management tolerance for risk, economic constraints, and performance objectives for the organization as a whole, while still satisfying regulatory and rating agency requirements.
- Financial Management – the discipline by which an organization evaluates its performance utilizing risk-adjusted measures that reflect returns, capital consumption and volatility on an enterprise and individual business unit basis.
- Risk Appetite – the level of aggregate risk that an organization can undertake and successfully manage over an extended period of time. According to Basel, risk appetite is the broad-based amount of risk an organization or other entity is willing to accept in pursuit of its mission or vision. Enterprise risk management enables an organization to determine what level of the risk it chooses to accept as it seeks to build shareholder value.
- Operational Risks – the risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems or from external events.
- Strategic Risks – potential damage to reputation, competition, demographic trends, technological innovation, capital availability and regulatory trends.
Role of Actuaries in the ERM Framework
No matter how well planned and executed, risk management procedures cannot always guarantee results. Nevertheless, using the enterprise risk management framework can increase an organization’s and its shareholders’ confidence that they will achieve their objectives.
Enterprise risk management offers a number of benefits:
- Aligns risk appetite and corporate strategy
- Links growth, risk and returns
- Improves risk responses
- Reduces operational surprises and losses
- Manages enterprise-wide risks
- Recognizes and acts upon opportunities
- Deploys resources effectively
Organizations have traditionally used the "silo" approach to risk management that looks at the individual performance of a business unit – risk management, capital management, and financial management – instead of a more holistic approach that looks at the long-term impact on risk and capital needs of the entire enterprise.
There is a growing need for organizations to permanently link their risks across business units and adopt a comprehensive framework to satisfy all stakeholders, manage diverse risks, allocate capital to areas that add value, and measure the organization’s performance.
With the increasingly complex and fast-changing business environment, organizations are seeking risk management professionals to join their teams. As these new roles continue to grow, actuaries are becoming leaders, taking a 360-degree view of an organization's risk profile.
Strong Professional Network
The SOA is an educational, research and professional organization dedicated to serving the public and its 23,000+ members.