I’m constantly praising the tangible business benefits of good ERM. A number of blogposts here and on other social media are testimony to this. Until a few month ago, I felt like the proverbial “lonely prophet”. A lot of ERM-related publications had a distinctive retro- / crisis-touch to it and nobody appeared to pay much attention to the strategic aspects of it.
Then things changed. First, COSO issued a compendium of “real business cases” in 2018, which was great. However, I was rather disappointed that this compendium required extra subscription, instead of providing it together with the release of the revised framework.
And now, academia is following suit. The NC State Poole College of Management released a study titled “The Value Proposition for ERM: From Intangible to Tangible”. When I spotted to article, I was elated to see the increased focus on the tangible benefits of ERM! Finally, I’m no longer the sole preacher in the desert.
The document is available here. They provide an executive summary, which really is a summary. Secondly, it is well written and concise. And most importantly, they cite a number of tangible, real life cases.
Two points stand out from that work:
the link between ERM and strategy. ERM is a forward-looking tool.
the identification of emerging risks and converting them into opportunities (vs only looking at the downside).
btw: the NC state university website is valuable resource for ERM matters in general. Suggest you head over and spend some time there.
I’ve shared some technical and practical considerations about ERM in a few previous blogposts. This episode addresses the most important topic: “ERM done – so what”. Whenever I talk about Enterprise Risk Management, I emphasize on its tangible benefits. ERM is about managing downside and creating opportunity.
The picture below displays a wide, although not complete, stakeholder landscape and the tangible benefits of good ERM. The regulatory, governance and credit rating agency related values are clear. Furthermore, an optimal alignment of risk appetite and capital possibly supports increased risk taking. So far, all so good.
IMHO Cyber Risk is one of the best cases in point to illustrate practical benefits of ERM; two aspects:
Firstly, the defensive angle: companies must prepare to deal with Cyber attacks as an “entirety”, silos don’t work. This is relatively new category of risk(s), hence it requires some subject matter expertise and a very diligent look “across” the entire organization. Megrow has done Cyber risk mapping with clients (and for its own good – just to state the obvious). I will not dwell on that here. However, if you are interested in good Cyber-webinars, I highly recommend FireEye.com – excellent!
Secondly, the opportunity angle. Let’s assume an insurer covers small and medium sized enterprises. Very many of these clients could and should do more to identify and manage Cyber risks. Buying Cyber insurance is only one mitigating factor. How can the insurer provide additional value and services for this type of risk? The principles of Cyber Risk management are rather universal. In other words, if an insurer has a good grip on its own Cyber risk landscape, this knowledge can become part of its service offering to insureds. This works exactly the same way as traditional loss prevention services that insurers offer their customers. Any sales person of that insurance company will be more than pleased to have an additional service ace in his/her sleeve!
In other words, we killed two birds with one ERM-stone. Thorough ERM helps this insurer manage potential downside risk of Cyber and enhances the company’s value proposition to its customers. It doesn’t get much better than this!
“The New Normal” is a popular theme in the insurance industry. What does it actually mean? And how do ERM and the New Normal go together?
The word “new” implies that matters have changed – so far so good. What about the term “normal”? One meaning of the word “normal” is “as expected”. Here it gets difficult when e.g. looking at data that indicates an ever-increasing frequency of hurricane landfall (cf ref below). In other words, the “new normal” is probably closer to the “new abnormal”.
I therefore coined the phrase “the ever-increasing volatility” to describe the challenge and opportunity of the re-/insurance industry.
How can businesses deal with increasing volatility? Portfolio planning and steering is one approach; in layperson’s terms it’s all about “take more different bites and take smaller bites”. A second solution is to harvest from good Enterprise Risk Management practice and a third approach leverages partnership between reinsurers and insurers that go beyond the provision of capacity.
Good Enterprise Risk Management creates a number of tangible benefits. Firstly, companies that practice good ERM are more robust to withstand shocks. Secondly, companies with strong ERM are more profitable than their peers with average or poor ERM-practice. And last but not least, companies with good ERM demand a higher valuation. Most recent data point at a 20% uplift in company valuation through good ERM!
Keen to know more about the benefits of ERM? Read my blog posts here.
AM Best was kind enough to interview me during the 14th Singapore Reinsurance Conference (“SIRC“) early November 2017.
Watch the 3+ minutes interview HERE. Thanks to AM Best for having me.
Of course ERM is not dead, much to the contrary: recent studies show a strong correlation between the quality of a company’s ERM and the stock price. The correlation appears to be worth up to 25% better company valuation. That is serious money!!
However, wide-spread perception associates something negative with the word “risk”. If you doubt this statement, have a look at Wikipedia’s “definition of risk”. The majority of descriptors have a negative connotation, such as “loss, injury, damage, negative occurrence, et cetera”.
I look at risk more broadly: my conversations about risk always encompass the upside and the downside. “Risk creates opportunity”, Megrow’s tag-line, reflects that mind-set. I ask: “what else can we do with the glass”, instead of “is it half full or half empty”?
Therefore, I propose to add the letter “O”, representing OPPORTUNITY, to the ERM terminology. Enterprise Risk and Opportunity Management (“EROM”) is born!
I was @PARIMA Conference in Kuala Lumpur: a great showcase of the industry’s capabilities and an inspiration for me with regards to the journey ahead of the risk management community in Asia. Have a look at the organiser’s website here.
Enterprise Risk Management is viewed favorably by rating agencies, stock exchanges, regulators and other stakeholders – this is all good news.
But some boards and CEOs remain skeptical about ERM’s value: sometimes a perception reigns that ERM is a pure cost, a governance exercise, some box-ticking event, doesn’t deliver any topline and produces nothing but a thick report that nobody reads. The ERM-journey up the risk maturity ladder requires board and management commitment, hence the question arises: what is the return on this investment, in other words how does a CRO convince the board and the CEO that ERM creates value for the company?
Over the past two years two independent, reasonably comprehensive studies have shown that there is a good correlation between good ERM-practice and a company’s valuation – in other words: it pays to do ERM !
Study No.1 says […our results suggest that ﬁrms that have reached mature levels of ERM are exhibiting a higher ﬁrm value ….] and study No. 2 comes to a similar conclusion stating that […results confirm a significant positive impact of ERM on shareholder value…].
This is very good news for all ERM practitioners, boards and executives of all companies!!