Professional Documents
Culture Documents
Reference 2 PDF
Reference 2 PDF
Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at .
http://www.jstor.org/page/info/about/policies/terms.jsp
.
JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide range of
content in a trusted digital archive. We use information technology and tools to increase productivity and facilitate new forms
of scholarship. For more information about JSTOR, please contact support@jstor.org.
Palgrave Macmillan Journals is collaborating with JSTOR to digitize, preserve and extend access to Risk
Management.
http://www.jstor.org
Richard B. Corbett1
There are several views of the future of risk management, some of which contrast greatly.
Whether the discussions involve the profession and practice of risk management in economic
entities, or risk management as an academic discipline, the views diverge. An extreme view is
that risk management is being de-emphasized as a separate notion in economic entities. As an
evolving discipline, risk management cannot be harmed by these discussions. Every discipline
faces periodic re-evaluations of its core assumptions and practices. Risk management is subject
to that same process.
Risk management is the identification, analysis, and treatmentof an economic entity's exposures
to loss. In this time of increasing technology and complexity, there are more things that can go
wrong, ie more exposures to loss. It stands to reason that risk management is a growth industry.
Risk management is a core value in many firms. Over 800 of the 'Fortune 1000' firms have
membership in the Risk and Insurance Management Society (RIMS). Peter Drucker lists the
practice of risk management as a hallmark of a developed economy. Clearly, there is something
of value inherent in the concept of risk management.
As is true of most disciplines, there are some underlying assumptions or beliefs, or 'givens',
about risk management. Some of the givens of current risk management practice are as follows:
? risk management has evolved into a profession and a set of concepts applicable in most
functional areas of business administration;
?
many risk managers perform their professional duties in relative isolation, ie without
being included in higher-level decision making;
?
many risk managers do not have authority commensurate with their responsibilities;
?
many risk managers are called upon to react to adverse events, rather than being involved
in the planning that might have prevented those events; and
?
many risk managers spend a disproportionate amount of their time on insurance issues,
rather than on more modern risk management topics.
Are these things indications that risk management has somehow failed as a discipline? We
believe that is not the case. In fact, risk management appears to have entered an era of much
greater visibility, which will have the effect of solving many of these perceived problems.
The movement to an enterprise-wide application of risk management has brought about some
very desirable changes.
Along period of laissez-faire corporate governance led to some large, and largely predictable,
both
corporate scandals. Enron and WorldCom are two examples of this phenomenon,
associated with 'fuzzy' financial reporting. The result of these scandals was, predictably,
action to require greater 'transparency' in corporate financial reporting, in essence, truth-in-
reporting. The Treadway Commission in the US, the Toronto Stock Exchange's Dey Report
in Canada, and the Cadbury Commission in the UK all moved toward the same goal: improved
financial reporting for publicly held firms. The formal name of the Treadway Commission,
the National Commission on Fraudulent Financial Reporting, gives all the information
necessary about the nature of the problem.
One of the offshoots of improved financial reporting is the notion that publicly held firms
should disclose clearly all 'threats to people, property, or profits'. This is the key tie-in to risk
management and to having risk management as a core value throughout an economic entity.
An enterprise-wide risk management program looks at the collective exposures that can affect
the value of an economic entity. There is a focus on three distinct areas: human resources,
physical resources, and financial resources. Currently, the RIMS has an 'initiative' attempting
to improve the constructs of enterprise-wide risk management and to guide its membership in
promoting the notion.
The concept of enterprise-wide risk management experienced some growing pains; some
might say those are still being experienced. First of all, there was the problem of terminology.
Is the correct term 'enterprise risk management'? Or is it 'integrated risk management'? Or
should we speak of 'enterprise-wide risk management'? The major problem, of course, is that
without standardized terminology, we are not sure that we are discussing the same thing.
Each of these terms has its advocates, and some of them are passionate about their viewpoints.
Interestingly, a major US university risk management and insurance program that secured
funding for an 'enterprise risk management center' has recently changed the name to 'strategic
risk management'.
Another problem that arose was an almost missionary focus on risk financing, at the expense of
risk control. Some of this was by persons, including some service vendors, who viewed enterprise
risk management as a risk financing product that they could sell, or install, or both. Persons with
experience in the broader aspects of risk management are troubled by this downplaying of risk
control. There will be furthercomment about this later in this paper.
There are many positive aspects of enterprise-wide risk management. First, and foremost, is
that the risk management process is validated because of the clear connection between risk
management activities and the value of the economic entity. Risk management is associated
with the maintenance of value of the human, physical, or financial resources of the entity.There
is a recognition that no decision is without a risk management aspect.
Another positive aspect of enterprise-wide risk management is the potential forincreased visibility
for both risk management and risk managers in economic entities. There is a greater attention to
risk-related issues at higher levels in organizations. Better-managed entities are taking the view
that it makes more sense to consider the risk dimensions of decisions early in the decision-
making process, ratherthan tryingto retrofitrisk management tools and techniques afterdecisions
have been implemented.
This has led to greater attention to risk issues throughout line management, especially in
areas such as IS/IT, marketing, and the protection of intellectual property. Risk managers are
consulting with line managers as consultants and facilitators in designing and implementing
risk management programs. Favorable offshoots of this activity include a new focus on
strategic
risk and operational risk exposures within the firm and increased attention to 'critical
dependencies'. As risk managers are consulted with regard to these strategic and operational
exposures, they increase their contacts with upper management, thereby increasing their
personal visibility and that of their discipline.
Another positive aspect of the concept of enterprise-wide risk management is that risk
managers have been allowed to be creative and that this creativity is being rewarded. New
risk-control initiatives are being formulated in an effortboth to protect the various resources
of the economic entity and to lower risk-financing costs. New risk-financing initiatives are
being formulated, ranging from securing insurance on hard-to-place exposures to setting
up non-traditional arrangements for uninsurable exposures. Some of these arrangements
have been very creative integrated risk-financing products, combining traditional pure risk
exposures with speculative risk exposures. Such initiatives are only possible when the risk
management staff has a close working relationship with top management.
Richard B. Corbett 53
Partly because enterprise-wide risk management is an evolving discipline, there are also some
prevalent myths about the concept and its practice. Some of these are potentially serious barriers
to good risk management practice, and some are easily overcome by a clearer understanding of
the objectives of risk management. Some of these myths are promoted by those with an economic
interestin keeping them alive. They are presented here with no particular viewpoint that any one
is more serious than another.
The firstmyth of enterprise-wide risk management is that this notion is for everyone. This is a
common sales pitch for most new ideas. We already recognize the segmentation of economic
entities into size categories. The concept of a 'middle-market entity' in risk management and in
insurance markets is well recognized. Some economic entities, because of their relative size and
financial resources, will focus on insurance as theircore risk-financing strategy.Their practice of
risk control will be mainly to reduce insurance premiums. This is all rational in risk-averse entities,
and thatrisk aversion is closely related to the size and financial resources of the entity.Interestingly,
some argue that small economic entities are more likely to practice enterprise-wide risk
management because management and the workers are often the same people.
demonstrating the existence of this fatal flaw. Can risk management practice be improved? Yes,
of course, but not on the basis of anecdotes.
a
Closely tied to the previous myth is the notion that every economic entity needs to employ
Chief Risk Officer (CRO). As usually expressed, this notion at least implies that the current risk
manager will not have the breadth of knowledge and experience to fill the job. This was heavily
promoted by entities with an interestingeconomic incentive?they proposed to provide outsourcing
for the CRO's duties. Again, the lack of objective studies with significant results demonstrating
the advantage of the new practice is a telling point. Many current risk managers are both
the
experienced in a wide variety of risk management practices and tools and capable of learning
mechanics of new ones.
Another myth of enterprise-wide risk management is that exposure identification is easy. This
notion was promoted mainly by vendors of quantitative risk analysis products. The idea being
promoted was that the solution was the important part and that the problem would easily appear
to the user. Years of experience, not all of it positive, have taught us that problem identification is
more important than problem solving. Exposure identification remains the core ongoing task of
most risk managers. It is a risk management truththat you cannot treat an exposure that you have
not identified.
Finally, there is a myth that is hard to overcome, because it is based in truth.That is the notion
that integrated risk-financing products are clearly the best answer, because the capital markets
have greater capacity than the insurance markets. This is the classic 'true, but not very meaningful'
proposition. Is insurance less useful because some exposures can be treated with capital-market
products? Capital markets are supposed to have greater capacity than insurance markets. One of
the essential beauties of insurance is that it allows those pooling their exposures and sharing their
losses to minimize thatpart of theirproductive resources in the loss-sharing pool, and to maximize
that part of their resources that are in productive use. Integrated products have their place, but it
is unlikely that they will replace insurance. (The less-than-enthusiastic response of investors to
catastrophe bonds seems to provide evidence of this.)
This consideration of the promise and myths of enterprise-wide risk management leads us to
consider the state of risk management and insurance as an academic discipline. All academic
disciplines within the domain of business administration face the classic dilemma of whether
they will lead or follow actual practice within the discipline. Risk management and insurance
certainly are subject to this, and professors in the discipline are well aware of the constant struggle.
In spite of the struggle, the future looks good for the discipline.
When potential recruiters are surveyed, they consistently cite four characteristics of potential
hires thatare most important to them: writing skills; speaking skills; the ability to work in groups;
and an ethical focus. In those surveys, actual course content ranks no better than fifth.This gives
academics great leeway with regard to their approach to course content. The approach ranges
from highly theoretical to highly practical. The best approach seems to be a well-organized
progression from the theoretical to the practical, bolstered by application exercises. This also
provides excellent preparation for continuing education, eg the examinations for the various
professional designations.
Some academics argue that, because the 'industry does not rate course content highly in the
surveys', distinct preparation in risk management and insurance is unnecessary. Actually, the
surveys seem to indicate a belief that, without certain core skills, specific knowledge is not
worth much. Reasonable people can disagree, and the survey results will be subject to different
interpretations. Many risk management and insurance academics are housed in departments of
finance, and many finance-discipline academics take the 'no distinct preparation' notion as
absolute truth.
Recently, however, there has been an increased appreciation for risk management as an academic
discipline. The concept of enterprise-wide risk management appeals to management scholars
viewing the relationships among strategic management, operational management, and risk
management. Integrated risk-financing products and derivatives used for risk-financing purposes
help finance scholars better understand the successful long-term operation of the insurance
enterprise. Clearly, the corporate success stories related to the World Trade Center/September 11
event have increased the visibility and respectability of risk management and have caused a
number of academics to understand the value of preparedness and pre-loss preparation.
The key task foracademics in the risk management and insurance field is to retain viable programs
in good universities. The key related task is to raise awareness among their colleagues with
regard to the risk management aspects of the various functional areas of business administration.
Even academics can understand that no strategic or operational decision in an economic entityis
without a risk management aspect. The higher visibility of risk managers, cited earlier as a strength
of enterprise-wide risk management, is a positive factor in this. A remaining challenge will be to
Richard B. Corbett 55
'educate' finance colleagues that 'financial risk management' is only a part of an overall risk
management strategy. This seems likely to be an ongoing task. Overall, university budgets and
demographics will be greater problems in the near future than narrow-minded colleagues.
The answer to this question is 'No, not actually', although a couple of the national brokers would
like to get credit for the idea. In 1960, Professor John Long of Indiana University published an
article in the journal of the American Risk and Insurance Association advocating an enterprise-
wide approach to risk management (Long, 1960). Sometimes a person has an idea whose time
has not yet come.
The future of risk management, both as a business function and as an academic discipline, seems
bright.Conditions are excellent forrisk management to improve its place in the corporate hierarchy.
World economic and political climates indicate that we will continue to live in interesting times.
These are some of the things that seem relatively certain:
?
Murphy's Law will continue to prevail as the fundamental law of risk management?the
increasing complexity of the world will ensure that more things will go wrong;
?
pre-loss preparation and well-organized response systems will be invaluable to economic
entities; and
? economic entities with risk management plans will continue to achieve the basic post-loss
objective?they will survive.
With regard to the 'givens' mentioned earlier, some will continue to be true for some economic
entities. Not everything will change in a day or two. Some risk managers will continue to struggle
to be recognized and to be consulted. In the better-managed firms, however, the positive
contributions of the risk manager and of the risk management function will be the givens.
Notes
References
Long, J.D. (1961) Proposal for a New Course: Risk in the Enterprise System. Journal of Insurance.
Vol. 28, No. 3, pp 55-63.