ERM: A Fork In The Road For Risk Mgrs.

The U.S. risk management community appears to have settled into two distinct camps.

The first is a relatively small group of risk managers who have aggressively pushed the “outside of the envelope” in leading their organizations into the world of enterprise risk management. They have taken risks, expanded their knowledge and skill sets, and challenged their organizations to change–in an effort to build a better model for their companies and a more meaningful role for themselves.

Those in the second and larger camp appear comfortable with the status quo and are firmly tethered to their traditional, hazard risk and insurance-based roots. The unfortunate reality for some in this camp (certainly not all) is that by tying themselves to what is, without question, the most unpleasant and most misunderstood purchase any company makes during the year, they may–as I have heard over and over again during the last 35 years–be seen as a necessary evil, with little or no chance of upward mobility within the organization.

Worst yet, depending on what happens in the future, some may become irrelevant and expendable.

I think we can all agree that risk and its management is, and always has been a fundamental aspect of running any business, and should be a critical element in corporate governance. The focus on corporate governance is not a passing fad, and the demands and expectations of shareholders and the public on those responsible for corporate governance will only increase–no matter how slowly legislative and regulatory bodies move to codify those demands and expectations.

The ability to manage and finance risk efficiently will give companies a competitive advantage in a global market economy. In fact, globalization itself is creating new, different and more complex risks and begs for a more efficient risk management process.

It's my opinion that an organization's ability to effectively manage all the risks it faces on a consistent and efficient basis will become a key to its success–and in some instances its very survival.

The process may differ from company to company, and clearly there are some organizations where the culture is simply incompatible with the concept of ERM.

Some organizations have an unfortunate habit of going into denial when it comes to risk. For others it may be an issue of timing and/or the allocation of resources to a process that is not a one-time project, but a way of doing business. Last but not least, there are always internal politics.

The fact remains that ERM presents a tremendous opportunity for many risk managers to make a valuable contribution to their companies and to create a more meaningful role for themselves within the organization.

Many ERM concepts and much of the education process have been driven by the traditional risk management community. The skills they have employed in managing hazard risks are invaluable, and with additional education and skills development, risk managers are often the logical choice to lead an ERM initiative.

The window of opportunity is narrowing, however. While federal Sarbanes-Oxley mandates are focused on financial reporting, other aspects of corporate governance–including the “800 pound gorilla” of risk–are definitely in the same room.

In most organizations, practical responsibility for SOX compliance has fallen under the purview of finance and/or internal auditing. The next logical step, therefore, is that someone from finance or internal auditing becomes the de facto chief risk officer–which has already occurred in many organizations.

Interestingly, the ERM program at Wake Forest University is not intended for insurance and risk management majors at all. In fact, those programs aren't even offered there. Rather, it is focused on accounting and business majors or liberal arts majors with an interest in business. It's also starting to draw interest from professional schools.

So my advice to risk managers is this: Now may be a good time to determine whether you want to “lead, follow or get out of the way!”