ENTERPRISE RISK By: Alyssa

Gale
MANAGEMENT
 WHAT IS ENTERPRISE RISK
MANAGEMENT?
 A comprehensive risk management program that considers an
organization's pure risks, speculative risks, strategic risks,
and operational risks .
 The dif ference between ERM and traditional approaches is
that it takes a top-down, enterprise-wide notion of risk
exposures (as opposed to managing risk in silos).
 One way to think of ERM is through the “butterfly ef fect”
mentality. This is a theory that demonstrates how small
dif ferences lead to large, unforeseen consequences over time.
 ERM buzzwords: Comprehensive, proactive, and strategic.
 WHAT DOES A T YPICAL ERM PROCESS
LOOK LIKE?
1. Identify intended benefits of ERM.
2. Acquire a Board mandate.
3. Develop a common language for risk.
4. Plan the scope of the risk initiative.
5. Establish ERM logistics – strategy, framework, roles, and
responsibilities.
6. Adopt risk procedures.
7. Establish assessment techniques/benchmarks.
8. Determine appetite and tolerance.
9. Do a cost-benefit analysis.
10. Evoke a risk-oriented culture.
11. Report performance.
WHAT DOES A T YPICAL ENTERPRISE RISK
MANAGEMENT POLICY INCLUDE?
 Objectives imposed through governance.
 The organization’s attitude to risk ( strategy).
 Organization’s risk appetite.
 The risk arrangement of the company ( architecture).
 Detailed procedures for recognizing and ranking risk
(assessment).
 Detailed documentation of how risk is analyzed and reported
(protocols).
 Description of risk mitigation and control procedures (risk
response).
 Outline for role and resource allocation, training,
benchmarking, and future risk evaluation.
 WHO ARE THE ERM PLAYERS?

 This relates to our

discussion of corporate
governance.
 The Board’s role in ERM
is a vital one – the risk
management policy of a
company will not be
successful unless there
is a 100%, ongoing
commitment. This
involves updating the
risk management policy
in a dynamic fashion.

http://theirm.org/documents/SARM_FINAL.pdf
 ERM STATISTICS
* S T U DY D O N E B Y T H E E R M I N I T I AT I V E I N T H E P O O L E C O L L E G E O F M A N A G E M E N T AT
N O R T H C A R O L I N A S TAT E U N I V E R S I T Y I N C O N J U N C T I O N W I T H T H E A I C P A

 N a t u r e / E x te n t o f R i s k s :
 62% of respondents believe that the volume and complexity of risks have change “extensively”
or “mostly” in the past 5 years.

 A d o p t io n o f E R M :
 23.4% of all organizations sur veyed in 2012 say that they have a complete, formal ERM
process in place.
 This number is higher for large and public companies: Between 45 and 47%.
 However, 40% of all organizations sur veyed say that they have no ERM processes in place
(despite 2/3 saying that their organizational risk structure is risk averse.

 P r e s s u r e to i m p rove E R M :
 2/3 of companies sur veyed say they feel “somewhat” to “extensive” pressure from external
parties to provide more information about risk.
 Less than half of those sur veyed say their company has a formal ERM policy in place.

 C o m m un i c a t in g E R M - r e l a te d i s s u e s :
 Under half of the companies sur veyed say that they do not have a structured process for
reporting and identifying risks.
 63% of companies communicate risk on an ad hoc basis only.

 Fu t u r e o f E R M :
 90% of companies want to improve their companies ERM within the next 3 years.
 BARRIERS TO ERM

 Defining a company’s risk management appetite. Surveys

show that the top two priorities of ERM implementation are
risk management appetite (40%) and risk reporting and
monitoring (39%). Companies with risk management appetites
in place are twice as more likely to be satisfied with their
ERM implementation.

 Companies believing that risks are monitored in other ways

besides through ERM.

 “Too many other pressing needs.”

 “No requests to change our risk management approaches.”

 TANGIBLE EXAMPLE OF ERM BEING
APPLIED… 2012 SUPERBOWL
 Indianapolis was the first host city of the Super Bowl to apply
ERM tools and techniques on a broad scale.
 Every year, the Super Bowl exemplifies thousands of facets to
the production of the event in a highly complex structure.
 In turn, there are thousands of opportunities for someone to
fail at seeing the big picture.
 This calls for an enterprise -wide assessment of risk.
 For these reasons, the production of the Super Bowl mirrors
that of a business.
ERM LESSONS LEARNED FROM THE 2012
SUPERBOWL
 The challenge in quantifying intangibles (bad publicity)
 The Super Bowl had to become creative in measuring the impact of something
going awry, say an accident on site. They decided to do so in measuring the
exposure said event would receive. A low risk event would only be covered by
local news, while a medium risk event would be covered by ESPN or Sports
Illustrated. A high risk event would be covered by a top news source such as the
New York Times.
 Business lesson learned: Even though some risks cannot be readily monetized,
quantifying and categorizing them in some way is necessary for evaluation and
prioritization.
 Even the best risk avoidance plans may fail (weather woes)
 Super Bowls are almost held exclusively in cities where it does not snow (35 of
the 46 Super Bowls have been held in Florida, California, and New Orleans alone)
 With the event being held in Indianapolis, they had to quantify the difference
between 30 degrees with an inch of snow and 10 degree weather with a foot of
snow.
 However, an unforeseen aspect occurred when beautiful weather materialized:
nearly double the amount of people expected to be visiting the city came.
 Business lesson learned: Be ready for unexpected good news as well as bad.
 ERM techniques can contribute to an organization’s long -term success
 The favorable reviews of the Host Committee and talks of another host bid for
Indianapolis began even before the teardown committees got to work.
 Business lesson learned: ERM can produce extremely favorable results and
feedback if implemented correctly.
 FUTURE OF ERM

 Video inter viewing Steve Dr yer, the managing director at Standard &
Poor s.

http://www.youtube.com/watch?v=kcfG6vJbGGQ&feature=player_embedde
d#!

 Main takeaways:
 ERM is considered a “soft” aspect of organizations. Companies and analysts are
used to evaluating hard numbers and facts. Therefore, Dryer expects the adaption
of ERM to be slow (may take up to decades to become mainstream).
 S&P’s involvement in ERM:
 Initially viewed ERM as a component of financial analysis and looked at it alongside
numbers such as liquidity and capital structure.
 However, Dryer says they are abandoning that approach.
 They are rolling out what is called a “distinct management score” on companies. This
involves integrating ERM with previously acknowledged concepts in their ratings such
as a company’s use of derivatives, accounting reviews, and governance reviews.
 This will be highly subjective and therefore initially controversial.
 The goal will be for ERM to ultimately be second nature across organizations and
analysts.
 He says there is a chance that the term “ERM” may not survive, but the principles
behind it are here to stay.