Although the term “enterprise risk management” has been with us for over a decade, only in the past few years–as businesses cope with the reality of operating in a post-9/11 and Sarbanes-Oxley-compliant era–has the concept evolved from “buzz terminology” to an accepted practice in the market.
ERM has been propelled into the limelight by a growing appreciation of the critical need to recognize and react to some of today’s challenges and tomorrow’s uncertainties. These include an expanding breadth of individual risks (and the sometimes unapparent interconnectivity), globalization, ratings agency requirements, financial disclosures and continued attention from boards of directors.
As an actuary and the chief risk officer at The Hartford Financial Services Group Inc., I have learned to appreciate the power of an effective ERM program and the opportunities that can be missed in implementation.
Without a set of guiding principles, businesses may find themselves at a perilous crossroads in defining and managing their risks. Instead, they may overmitigate risks, underestimate exposures, or altogether miss opportunities to understand and capitalize on risk management.
There is no “one-size-fits-all” approach for developing and implementing an ERM framework. Recognizing that businesses are failing to deliver on the promise of ERM, leading actuaries within the field–in partnership with the Society of Actuaries–recently developed five guiding principles of ERM (see accompanying infographic).
The impact of these guiding principles can be seen in the successful implementation of ERM at The Hartford. In 2004, we embarked on this mission, facing head-on the challenge of getting our corporate culture to embrace ERM and to show direct value for this decision.
Based on the premise that certain key risks cut across the entire organization, the obvious first step was to ensure that disparate departments were in the same room, and on the same page, regarding our organization’s risks.
Using the first guiding principle of establishing a qualified leader, The Hartford formally created a new enterprisewide chief risk officer position.
Although many of us were initially skeptical, the necessity of having an experienced, senior-level risk professional dedicated to this effort full time became readily apparent.
As the newly appointed CRO, the challenge for me was to understand the strengths of the existing practices and establish the bridges and support necessary to leverage those strengths into an effective enterprisewide view of risk.
To properly and effectively establish an ERM process and communicate the importance of an ERM framework across the organization, The Hartford had to embrace the second guiding principle–clear communication.
Communication lines need to stretch in all directions–down to line employees making daily business calls, across all business line leadership making decisions on initiatives and direction, and up to the board, which is making judgments on strategy.
Effective ERM requires the translation of highly complex and technical information issues into digestible, understandable, actionable information to enable smarter, more confident decisions throughout the organization.
To facilitate this, The Hartford established business unit chief risk officers (life, property and casualty, investments), most of whom are actuaries, assigned to work with the CRO and business units in developing an enterprisewide framework to manage risks and maximize opportunities.
As an actuary, I have always believed business leaders must “own” the risks of their businesses and understand the need to effectively manage these risks.
It is equally important, however, that a corporate culture exists that fosters an awareness of enterprisewide issues and the need for all business leaders to remain sensitive to their businesses’ impacts on these issues. That was and still is our team’s mission for The Hartford.
Satisfying the third guiding principle of using a combination of qualitative and quantitative information to develop a comprehensive ERM framework, The Hartford reached out to its actuaries–who, through actuarial modeling of risks and a deep understanding of the interconnectivity of risks, were able to translate complex data into meaningful and actionable information for senior management.
The team identified the greatest threats and key risks that could impact the company’s value and worked through potential frameworks for managing them.
Supported by analysis from chief risk officers, actuaries and other leading team members, The Hartford developed a risk-tolerance level, which serves as a guiding structure for establishing qualitative and quantitative tools for senior management to determine how each risk will be limited and managed by The Hartford as an enterprise.
Following the collection of qualitative and quantitative information for the implementation of an ERM framework, The Hartford knew that it needed to satisfy the fourth guiding principle of establishing a broader focus.
This included an enterprisewide economic capital model for the attribution of capital, an improved capital management process, integration of risk management processes across different business lines, and consistent measurement of adjusted returns and enhanced management reporting.
Accomplishing this involved breaking down walls across the enterprise and creating a consistent view of risk, capital and returns. By involving a wide range of expertise from throughout the enterprise, The Hartford was able to leverage the best of the existing processes and knowledge, while establishing the enterprisewide risk framework.
As a result of establishing an ERM framework using the first four guiding principles, senior-level staff now have an improved level of understanding of risks currently on the books–including improved identification of events that trigger losses, strategy needed to mitigate these risks, and the support needed to create timely reports on these risks and related limits.
Three years after the creation of the enterprisewide risk framework, The Hartford’s senior management, business units and employees overall have embraced ERM and its embedded value within the corporate culture. This satisfies the fifth guiding principle of experiencing an attitude adjustment.
It’s evident that no matter how you tackle the issue of risk, these five guiding principles can lay the groundwork for success. Leadership, communication, comprehensive data, a broader perspective and an open-minded corporate culture are the key pieces to the puzzle.
While ERM’s goal is not to eliminate risks, the best combination of skills and practices can provide a framework that helps businesses optimize the balance between minimizing risks and maximizing opportunities.