Magazine article Risk Management

What Is Missing from the RMIS Designs? Why Enterprise Risk Management Is Not Working

Magazine article Risk Management

What Is Missing from the RMIS Designs? Why Enterprise Risk Management Is Not Working

Article excerpt

MANY RISK MANAGERS HAVE ATTEMPTED TO TAKE ENTERPRISE RISK MANAGEMENT (ERM) FROM A SLICK CONSULTING PITCH TO A PRACTICAL MANAGEMENT SYSTEM. BUT WHILE ERM HAS HELPED MANY OF THESE PROFESSIONALS IMPROVE THE STRATEGIC STRUCTURE OF THEIR RISK FINANCING PROGRAMS FEW HAVE FULLY ACHIEVED THEIR AMBITIONS. ONE OBSTACLE IS THE RISK MANAGEMENT INFORMATION SYSTEM (RMIS) BUILT WITHOUT AN ENTERPRISEWIDE ORIENTATION TOWARD RISK DATA.

For ERM programs to fulfill their potential, the RMIS must focus on the risk financing needs and processes of the entire company-i.e., reporting based on its specific financial and operational dynamics. It cannot just tally the insurance companies' claims and losses, as it does now. The system should incorporate occurrence descriptions and retained loss costs. It should support a range of risk financing methods and the financial analysis and reporting needs of the risk manager.

The recommendations that follow do not describe a total ERM system. (Indeed, building a separate ERM system would be like constructing an independent six sigma program. Both must be built into other enterprise processes to be effective.) Rather, the recommendations that follow offer suggestions for the next steps in the evolution of RMIS design, which will, if adopted, make RMIS an integral part of ERM practices.

ERM: Great Concept, Intractable Implementation?

Current professional and academic schools of thought dictate that ERM should achieve proper allocation of risk capital across three major risk categories-financial, credit and operational risk.

To this end, financial risk management is highly standardized. (This is possible because of the extensive statistical data available from large, open markets-equity, bond, currency, derivative and commodity trading systems-and the traders' interest in any analytical systems that provide a competitive advantage.) Credit risk management methods are less developed than those for financial risk management, but they are rapidly evolving. Operational risk is the least developed.

Operational risk includes traditional property/casualty risks, but it is also a catch-all term for any risk that is not financial- or credit-related. This includes risks that are typically beyond the scope of the traditional risk manager: business control risks, corporate governance risks and capital-intensive project risks. For these, we lack statistical data and validated statistical methods to gauge the risks, and therefore few transfer markets have developed for them.

Though we have accurate data on the actuarial dimensions of the frequency and severity of many risks, operational risks often are multidimensional. Across an enterprise, risks have widely varying time horizons, degrees of certainty and predictability. The nature of an occurrence or event can vary widely (e.g., discrete versus continuous occurrences, speculative versus fortuitous outcomes). And the correlations between risks typically are not well understood.

Operational risks frequently derive from specialized functions where evaluating the risks requires experience and expertise (e.g., information systems security, environmental health and safety, contractual risks). Within those business functions, specialists are often unwilling or unprepared to conform their risk assessment methods to a broader system. So while we may be able to get their participation in creating assessments, the assessments cannot be easily aggregated with other loss probability distributions across the organization. Even if we are somehow able to aggregate risk assessments, the credibility of the results may be questioned by the decision maker to whom it is presented because its method of calculation is not clear, or required assumptions are disputed.

All of this reflects a lack of commonly understood and accepted ERM principles, concepts and standards around which to build business processes and systems. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.