Just published the most recent episode of the Megrow podcast. I thoroughly enjoyed the conversation with Andreas Zell, the founder and owner of AKR Zell Consulting in Singapore. Specifically, we spoke about the future of the actuarial profession in Asia and how ILS can help to close the insurance protection gap.
Thanks for listening, stay safe and please subscribe to this podcast and stay tuned for the next episode.
This micro post focuses on “risk appetite” and its relations to risk bearing capacity, capital efficiency and the corresponding safety margins.
a glass well used
I use a glass to illustrate the total risk bearing capacity of an organization. In a first step, we set the total capacity of this glass to hold liquid as the organization’s maximum risk bearing capacity. The Board and Management need to have a solid, quantitative view of this capacity. For simplicity’s sake, we omit considerations of buying a second glass or putting the glass into the second larger container.
In a second step senior management and the board decide how far up they want to fill the glass. In other words, how much risk will the organization take. Theoretically, anything between empty and full is a go.
the glass is full
On the other hand, filling the glass up the top is very efficient. However, several stakeholders, such as shareholders, credit rating agencies and/or regulators might take a view that the firm should leave some buffer. Just in case anything causes turbulences to the liquid in the glass. Hence, organizations would under most circumstances leave some capacity unused.
the glass is empty
Having said that, if the glass is (almost) empty, then the company is not taking any risks. Hence, the organization is excessively risk averse and/or dormant. In other words, capacity (i.e. capital) usage is very low. This, over the long term, is inefficient.
The beauty about this concept is its flexibility. Should the business environment be very favorable, companies can decide to “fill up” the glass, ie increase revenue. Vice versa, if the environment is challenging, the glass remains less filled. Efficient capital management would then ask for a smaller glass – that is a topic of another blog.
Thank you very much for reading this post. Enjoy what you are doing and stay safe. For any questions pertaining to Enterprise Risk Management, please contact Megrow over LinkedIn or Twitter or the coordinates on the contact page.
Thank for reading the (almost) verbatim script of the recently released Megrow Podcast Episode 4. If you prefer listening to it, click on this link or the image just below. Otherwise enjoy the reading.
This episode, the forth one I’m releasing in 2019, is a little different from my previous ramblings. My favorite topic, ERM, is taking a breather for now. Instead, I will share some of the experiences I made setting up and running Megrow. Hopefully, my thoughts are helpful to others who are in a similar situation prior to a start-up journey or any other career move.
the why and the how
Often, I get asked “how and why did you choose to leave the corporate world and embark on this journey”? Before setting up Megrow, I went through a high-level, structured thought process designed to help me in answering the “what’s next” question. I wholeheartedly recommend this approach to anybody who is looking to make any career move.
This thought-process is about answering three related, yet different questions pertaining to your skills, your preferences and perceived opportunities. If there is overlap between answers, I consider the manifestation of this overlap as an attractive career move.
the three circles
First, think about what you are reallygood at. This can be any combination of hard and soft skills.
Second, reflect on your professional passion, in colloquial terms “what gets you out of bed in the morning”.
Third, you need to be very clear whether the intersection of your skills and passion has a “market” now and is likely to have a “market” in the future. I use the term “market” in the very widest sense of the word in this context. This can be anything from entrepreneurship to arts to charity work.
The intersection of the three circles – or more specifically the answers to the questions is a very good starting point to plan.
I came up with this three-realms-idea, when I helped a charity to guide young students along their journey. It is somewhat linked (but NOT a copy) to the well-known Japanese method of “Ikigai”. Ikigai is more complex and philosophical than my simple three circles method.
Whilst I find this approach very intuitive and extremely helpful, it is crucial to be open-minded for new ideas and opportunities that lay outside of the three realms. Sometimes a good opportunity comes along, hence it is important to stay alert and curious all the while. After all, outcomes matter not processes.
In my case, I am very passionate about Enterprise Risk Management, because it is a greatly undervalued strategic tool; secondly there is a current and future market for it and most humbly, I also think I acquired hard and soft skills necessary to support customers along their ERM-journey.
I’ll share a few examples from my Megrow journey where the three circles overlap well; and other cases where there was not even a touch point, let alone an overlap.
Often, people ask or challenge me about the benefits of entrepreneurial freedom. More casually put, “life must be wonderful without a boss”. This is the single, biggest misconception about a micro enterprise. I do agree that processes are lean and mean, and Megrow is nimble and efficient. I do have entrepreneurial freedom to manage my time and yes, nobody can “commandeer” me around. However, the pressure and expectation are of a totally different nature when running your own company. As a micro-entrepreneur I am acting in splendid isolation or in “intellectual loneliness”.
I realized this risk of being an eremite very early on and started building a network of like-minded professionals who are in similar situations. I’m grateful to Acacia Ltd in Hong Kong, AKR Zell Consulting and Covolve Pte Ltd in Singapore, Qalybrate in Malaysia and Dr. Bessant in Manila for being such great sparring and business partners over the years! We really do help each other as peers, idea reviewers, we share practicalities, sometimes act as mutual IT-helpdesks and much, much more.
“you are doing your current best and you keep improving”.
The most gratifying experience is direct, positive feedback from a client. Believe me, it doesn’t get better than this.
Clients have told me that my work or what I’ve delivered together with Megrow’s partners has made tangible impact to their bottom line, has solved some of their communication challenges, has opened new sources of revenues or drove their strategic thinking. This feedback is so valuable, especially since I use “outcomes matter” as a tagline very often. In other words, there were moments of grandiose joy and reasons to celebrate lavishly!
Having said that, there have been difficult and challenging periods.
For instance, at one moment in the not too distant past, my name card stock was gravitating towards zero. Despite ongoing and numerous sales efforts, not a single, new mandate was in-sight. At that stage, I was pondering for a very brief moment, whether I really need to print another stack of name cards or just let it all hit “zero”. Of course, I did print a new box of name cards, but still…
How do I deal with these challenges? I’d like to share a few points that certainly have helped me over the years.
first, never never never stop the marketing and the networking.
second, spread the marketing wider than the target client base; often, an indirect recommendation or source of information is most valuable.
third, it is OK to chill occasionally, but keeping a good professional routine combined with a balanced lifestyle is such a great baseline! Mens sana in corpore sano – the old Romans knew that already.
fourth, occasionally re-do the skills – preference – market thinking process. Especially in times of great innovation, a certain skill can lose its edge rapidly. Or another skill becomes a rare commodity overnight. Think of film cameras or radiologists. I emphasize on the “occasionally”, because if you feel the need to reevaluate your three circles several times a day, something isn’t right with at least one of them.
And last, but not least: reflect on your value proposition: is it really unique what and how you are delivering? You might have the greatest product or service on a stand-alone basis, but if somebody offers your service or product as (a free) part of another package, then the market simply isn’t there and, in all likelihood, will not return.
d.y.i. or ?
If you start out and remain a micro enterprise, you have to decide and regularly reevaluate what you will do your-self and what is best outsourced. I probably could do most “internal” tasks, such as accounting, statutory reporting, data management, compliance and logistics myself. However, how efficient is this “solo” approach? And secondly, will I achieve the best outcome if I really do – or try to learn how to do – all these things myself?
I’ll pick three examples to share my experience, the thought process behind my decision and the outcomes.
Almost every time I give a name card to somebody, I note from their facial expression and subsequent comments how much they like the Megrow logo. I think it is a stroke of genius. Did I design the logo? I wish I could create an item of such beauty – but no chance. The three-circle model that I described a few minutes back, led me very quickly to the conclusion that designing a logo is NOT something I should try to do myself or aspire to learn.
The detailed self-assessment reads as follows:
I really love creating visual things; hence circle No. 1 gets a tick mark
Secondly, there definitely is a market for well-designed logos. In other words, two boxes are ticked already.
However, do I have the skills to design a logo or could I acquire them within a meaningful time frame: the straightforward answer is “NO”. I realized the latter a long time ago, so I didn’t even bother thinking about designing a logo myself.
Luckily, my partner JC is very good with colors, shapes and designs, so all credit to her for designing this beauty of a logo. If you are interested in the history and “making of” the logo, head over to the “about” page.
In conclusion, the logo-design is a clear case, where a do-it-yourself approach would not have resulted in anything meaningful.
passion: yes; skills: yes; market: yes --> DYI
The Megrow website initially served a compliance purpose. I wanted potential clients to get background information about Megrow and myself. Furthermore, all stakeholders who visit the site should get the impression, that a real business, run by a professional, drives the content.
When I launched the website a few years ago, I wanted to have more and better content than just “what we do” and “about us”. Driven by this urge, back in 2015 I overdid it with the content. Hence, the web-page became bloated with duplicated and triplicated content. Over time, I have reduced the number of pages and most new content flows into the “blog” section, keeping the other pages stable. The “width” and “breadth” of the site feels very appropriate now.
The list of required features for the website was and remains straightforward: a light design that scales well on different devices, operating systems and browsers; standard fonts and colors; easy to manage, security taken care of; provides for “pages” and a platform for regular “blogging” and the basic social media buttons must be there. Lastly, the platform needs to be coding-free and WYSIWIG-style editing.
After a bit of trying and tinkering, I settled with the official WordPress theme in 2017 and its subsequent updates. I switched over to the controversial Gutenberg editor halfway through 2019, because I find it intuitive and easy to use. Very soon, I might consider migrating the layout to the official 2020 WordPress theme.
more on www
A few years into being webmaster and content creator, I feel comfortable making the following recommendations:
as long as your web-presence consists of a few static pages plus a blog, there really, really is NO need to invest in expensive web-design, plug-ins and other customisation.
get a proprietary URL for your company.
leave no stone “un”turned in finding a good class host; speed, reliability, security and service is of paramount importance no matter how big or small the business is. I chose Axac Pte in Singapore, because they flawlessly host my personal website for 15 years. Their service is excellent, I never had a security issue, back-ups are available, and support is as fast as I need it.
As a side note: if you are a WordPress user, there are meet-ups of the local WordPress community in most bigger cities, highly recommended events to network and learn. I got many an inspiration from such meetups.
The final example is a great learning out of an old-school marketing approach. Together with a partner company of Megrow, I spent a lot of time, using modernist templates, to compile a content-rich, hard-copy brochure outlining the “things we do”. We invested significant time and other resources on it, had our fun and our discontent, got it printed on high quality paper and distributed quite a few. Initially, we were quite elated with the outcome. Clients “took” the leaflets and stashed them away.
More recently, however, each time I pick up a copy in my office and look at it, my enthusiasm to take it to a client meeting gravitates closer to zero. To a point where I don’t use the brochures anymore. There should be much more “ooommmpf” in the leaflet. The more I think about it, the more obvious it gets: we should have outsourced the design and lay-outing. Hence, if I ever decide that Megrow needs a hard-copy brochure again, I will spend money on the design. A lesson learnt!
the journey continues
What are the plans for Megrow heading into year five and further? I’m closing this blog by going back to the “three circles” approach that I described earlier in the podcast.
ERM will remain a core offering of Megrow, because all three circles get a “tick” mark.
Secondly, I have rediscovered my passion for teaching and coaching; Asia remains knowledge hungry (allow me the generalization for now) and I have honed my teaching and coaching skills. Hopefully, knowledge and experience sharing will become a slightly stronger leg to stand on going forward.
And lastly, my track record as an executive, particularly in generating growth and positive results, is another valuable asset to Megrow’s clients in the form of strategy advice or an interim mandate as a C-level executive.
Hopefully, you got some helpful information for your own journey out of this blog-post.
You can contact me via social media, LinkedIn and Email. The respective buttons are at the bottom of the page. Thank you for reading.
Megrow Consulting has turned four. A big “THANK YOU” to all clients, business partners, advisers, service providers and supporters for another fruitful year! Time really flies. Sometimes it is hard to believe that Megrow now is in its fifth year of operation.
I am also quite humbled by the high click-rates my “Happy Birthday Megrow” post got on LinkedIn. Close to 2000 views after approximately 1 week!
I’m grateful to some of Megrow’s past and current customers who allow me to display their logos on our site. Head over to the client section of the site to get an impression of our past and current customers. Most notably, the list keeps getting longer every year.
The work my partners and myself have done over the past year has slightly shifted in nature compared to the previous period. ERM did remain a key activity and service. Teaching activities and a significant interim mandate as the Chief Executive of a Lloyd’s of London entity in Singapore complement the 2018/2019 palmares.
The analytics above are the result of a straightforward approach, i.e. I simply counted the number of contracts per category. More accurately, I should have used “hours spent” or “outcomes”. However, for the purpose of a high level view on how the portfolio is developing, this simplified approach is good enough.
I have launched the Megrow Podcast early 2019 and thus far published three episodes. A podcast or more precisely a VLOG on YouTube is a good complement to the other marketing and branding activities that I undertake. You can access the latest episode via the embedded link below.
The podcast is slowly getting traction, I’m happy with that. Episode 4 is scripted and ready for recording. Furthermore, ideas for a few more releases are ready. Stay tuned! However, all my “shout-outs” for interviews and guest contributors haven’t born fruit yet. Maybe I need to advertise the podcast a bit more emphasizing the high “click” rate the podcasts gets on LinkedIn.
if you would like to appear on the Megrow podcast, contact me via the links at the bottom of the page!
If you like the contents, please subscribe to the channel to stay current with the latest episode.
Business School teaching and common sense indicate that Megrow is at a stage of either “scale up” or “pack up”. Needless to say, the “scale up” challenge is what keeps me awake at night. From a more transactional perspective, both risk management and teaching are future-proof activities. Naturally, the contents and modes of delivery will evolve. Hence, I need and will “stay modern” in these aspects.
The more challenging consideration, however is the question “how to scale up a micro-enterprise”? Some early successes are emerging, but I’m not yet “at peace” with a more strategic and scalable approach. I’m sure the Happy Birthday Megrow! blog post in a years time will have interesting news to share. In the meantime, stay tuned for updates on this blog and on Megrow’s YouTube channel.
Episode 3 of the Megrow Podcast is live ! It focuses on the tangible benefits that good ERM brings to a company. If you like to listen to the video podcast, click the embedded link below. However, if you like to read the (almost) verbatim script, just scroll down and enjoy.
The Script of Episode 3
Megrow Podcast Episode 3 picks-up the topic trail where episode two ended. Back in episode 2, I scratched on the importance of making ERM a tangible benefit to any business. In this episode I will elaborate substantially more on this topic and most importantly share some examples to illustrate my point.
the evolution of the benefit slides
I start with a slide that is a core part of Megrow’s marketing materials since almost day 1 of the company. When I show this slide to colleagues and clients, the reactions are always very positive.
Everybody seems to see the message of “benefits to business” right away. Naturally, some people tell me that the looks of the slide is borderline childish and inappropriate for business. However, the many spontaneous, “eyes wide-open” positive reactions I got and keep getting from different audiences convince me that it is a good slide. Hence, it keeps its important spot in many of my presentations.
Having said that, as I keep acquiring and completing more mandates, I felt the need to give the slide a good second look and decided to overhaul it: more focus and a slightly more polished look. So, here is the new version of the slide:
The diverse, colorful head image is the best representation of the variety of stakeholders that benefit from good ERM. For the updated version, I reduced the number of “benefits boxes”. Furthermore, I significantly enlarged the “improved results”. The “improved results” text box now sits right below the image – simply to give it the importance it deserves!
On to the real topic now: I will focus on a few, very tangible benefits of good Enterprise Risk Management.
ERM and Credit Rating
I start with the lever that Enterprise Risk Management has on credit rating.
Credit rating is the combination of balance sheet strength analysis and a number of adjustment factors; ERM being a crucial adjustment factor to derive a final credit rating. I refer to AM Bests’ credit rating approach, because I’m most familiar with their method. Having said that, all credit rating agencies use similar ways to go about it.
AM Best increase their assessment by one “notch” for a leading ERM-approach and, most importantly, lower their rating by up to 4 “notches” for an nonexistent ERM-approach.
”Minus four notches” – that is very very significant. In other words, it pays off greatly to be at the “good practice level” for ERM. At the other end of the scale it is devastating to have a sub-standard ERM-output.
Higher credit rating means access to additional business, hence higher profits. Furthermore, a higher credit rating also lowers financing cost for a company. In reverse, a lowered credit rating closes some doors to business and makes access to some forms of capital more expensive. Hence, good ERM translates 1:1 to improved profit.
ERM Eases Communication
I’m very grateful to the CEO of a customer who “lifted” me onto the second “benefit” I highlight in this paragraph.
During a past mandate, the senior management team of the customer and I spent a lot of time compiling a good “risk appetite statement”. We managed to find a very sensible balance between some quantitative and a few, selective qualitative statements. In other words, we managed to define a tangible, yet flexible enough risk-appetite description. This enables the company to evaluate the up- and downside risks of some major strategic endeavors against its own perception of risk. I was very happy with that outcome.
The icing on the cake: what the CEO shared with me after the company’s next board meeting. According to the CEO, the revised risk appetite statement made the communication with the board so much more tangible, faster, efficient and easier. The bottom line: a significantly more efficient board of directors meeting!
ERM and Cyber
The risk landscape is continuously evolving; most risks are more interconnected and more challenging to mitigate than ever before. The entire realm of Cyber risk is a prime example. Exposures are interlinked, severity and frequency sometimes difficult to estimate and a plethora of mitigation efforts are deployed. ERM with its company-wide, consistent approach to identify and mitigate risk, is the best tool to “up” the defense for a company. It also is best suited to help a company finding additional business opportunities in the Cyber realm.
Thank you for reading through the transcript of the Megrow Podcast Episode 3. More episodes are in the making already. Megrow is here to make your ERM-journey fast and efficient. Contact details are at the bottom of the page.
I wrote about the “ideal” CRO Superhuman almost a year ago in a blogpost. Interestingly, this topic remains an evergreen. During almost all conversations about ERM sooner or later the question about the CRO’s ideal skill set come up.
In my earlier blog, I used the “decathlete” analogy quite frequently. Whilst this analogy is tangible, it probably isn’t the best explanation in a business context. Hence, I came up with a different, more business-relevant description. A good CRO has a “thorough understanding of the entire value chain” of the respective industry.
What does that mean? Taking the insurance industry as an example, a CRO must understand how risk management and capital provision interlude along the value chain. If we imagine the value chain as a line, then insured and capital provider sit at either end. In business reality, the risk and the capital pass through many hands and undergo multiple transformations. Each component of the value chain has its idiosyncrasies, uncertainties, upside and downside risk embedded in it. Hence, the understanding of the interlude and which ‘change’ triggers which reaction is the key.
In other words, the CRO’s ensures that the organisation
understands both external and internal drivers that influence the value chain
recognises, quantifies and mitigates downside risks and opportunities associated with these drivers in a consistent manner
(1) Any professional who has developed a thorough understanding of the entire value chain is a good candidate. Naturally, qualified actuaries and CIIs (or equivalents) with leadership experience are very well suited.
(2) a strong trait of constructive curiosity, excellent communication and influencing skills in all dimension of an organisations current set-up.
(3) a mind-set and corresponding actions to position good ERM as a strategic tool that supports all stakeholders.
Over the past years, I’ve had the opportunity to support clients who asked themselves the “superhuman” question. Together we found a matching answer every time!
COSO released a significant update of its well-known ERM-framework in late 2017. An executive summary is accessible on their website. The ERM community, especially the “COSO-istas” most eagerly awaited the update. Additionally, the wider stakeholder community was excited to see how the new framework will benefit businesses. I’m a fan of COSO because their approach is forward looking and tries to integrate strategy and performance with Enterprise Risk Management.
So far so good.
who is the target?
Once I started reading the executive summary, a few questions came to my mind. First, who is the target audience? Second, how many ERM-sceptics can this update convince? And lastly, where are the increased, practical benefits of this version versus its predecessors? I’ve shared some of my supportive and critical views about the new framework in a few blogposts.
Lo and behold, pwc, one of the key contributors to the revision, published a blog reflecting on the “so what” question one year after the update. I really like the open and candid views in that blogpost. Hurdles, miss-conceptions, prejudices, resistance to change… not surprisingly, it’s all there. My advice: “NEVER EVER GIVE UP”. Having said that, it is no surprise to me that “take up” of the new framework probably isn’t where the authors envisaged it.
Talking to practitioners and clients across Asia, I noticed that the new framework needs significantly more marketing. It appears not to be known (almost) at all. Out of the many people I spoke to, only ONE (yes 1) appears to have read the new framework.
I have a few suggestions
The effort to summarise the entire approach into a picture is a great endeavour. However, this double-triple helix (*) needs to be simplified and made more tangible. Only then, business leaders will buy into it. In plain simple English: the current depiction is too complicated.
Nothing beats tangible, $$$-denominated examples. Concepts and frameworks are great, but ultimately businesses will only buy into it, once they see tangible top and bottom line benefits. Preferably, these benefits are palpable within the coming quarter or two. Dear reader: I “hear” you screaming that ERM is a long-term strategic undertaking,,,, but after all,,,,, sales and results drive a business.
I’m also cognisant that a special compendium with “real life” cases has been released. However, why do we need to buy and read even another document to convince us that the first document (the framework) is a good thing? Somehow counter-intuitive..
Whenever I speak or write about ERM, I make a point to emphasise the tangible benefits of good ERM for the business. The benefits come in various shapes and forms:
better understanding of new risks can be transformed into new business
better ERM contributes to positive credit rating evaluation, which will lower capital costs and open doors to new business as well
properly managed Cyber exposures protect the downside and can lead to new business opportunities, too
good ERM will lower compliance costKeen to know more? Contact Megrow via the “buttons” at the bottom of the site and stay tuned for new blogs on www.megrow.asia
(*) the picture is used with permission from COSO as stated on their website.
I’ve shared some technical and practical considerations about ERM in a few previous blogposts. This episode addresses the most important topic: “ERM done – so what”. Whenever I talk about Enterprise Risk Management, I emphasize on its tangible benefits. ERM is about managing downside and creating opportunity.
The picture below displays a wide, although not complete, stakeholder landscape and the tangible benefits of good ERM. The regulatory, governance and credit rating agency related values are clear. Furthermore, an optimal alignment of risk appetite and capital possibly supports increased risk taking. So far, all so good.
IMHO Cyber Risk is one of the best cases in point to illustrate practical benefits of ERM; two aspects:
Firstly, the defensive angle: companies must prepare to deal with Cyber attacks as an “entirety”, silos don’t work. This is relatively new category of risk(s), hence it requires some subject matter expertise and a very diligent look “across” the entire organization. Megrow has done Cyber risk mapping with clients (and for its own good – just to state the obvious). I will not dwell on that here. However, if you are interested in good Cyber-webinars, I highly recommend FireEye.com – excellent!
Secondly, the opportunity angle. Let’s assume an insurer covers small and medium sized enterprises. Very many of these clients could and should do more to identify and manage Cyber risks. Buying Cyber insurance is only one mitigating factor. How can the insurer provide additional value and services for this type of risk? The principles of Cyber Risk management are rather universal. In other words, if an insurer has a good grip on its own Cyber risk landscape, this knowledge can become part of its service offering to insureds. This works exactly the same way as traditional loss prevention services that insurers offer their customers. Any sales person of that insurance company will be more than pleased to have an additional service ace in his/her sleeve!
In other words, we killed two birds with one ERM-stone. Thorough ERM helps this insurer manage potential downside risk of Cyber and enhances the company’s value proposition to its customers. It doesn’t get much better than this!
I have sympathy with directors who complain about boring red-amber-green risk heat maps. How do we engage directors for Enterprise Risk Management? COSO and other opinion leaders have taken a great step into the right direction with the new COSO framework. Linking risk and opportunity to strategy and performance is the right way to go. I have shared some thoughts about the 2017 update in previous blogposts.
By its very nature Enterprise Risk Management looks at the entire enterprise. Hence, we need to find a way to cover the micro, such as smaller operational risks AND the macro, such as the really significant risks and opportunities. Then ERM truly becomes “E”. When I accompany customers along their ERM journey’s, I really make sure we cover the entire spectrum. Otherwise we miss out on either end. And btw – that’s the beauty and the challenge of doing good ERM….
and the benefit is
I still have two bones to pick with some of the proponents of the ‘new’ ERM. Firstly, strategy is very important, but let’s not forget all the other, smaller risks! Many a little makes a mickle. And secondly, we need to up the ante in terms of communicating the tangible benefits of ERM. Concepts are great to understand a matter. However, a board of directors or a CEO will want to see expected tangible benefits before engaging a CRO. When writing about ‘tangible benefits’ in a business context, I’m clearly referring to a measurable impact on either sales or profits and preferably on both. These benefits must be on top of the well-documented benefits of good ERM with regards to credit rating or reduction of compliance costs.
Keen to know how my work benefits your company? Contact me via the social media buttons below or directly at email@example.com
COSO, together with a number of partners, published the much anticipated ERM-framework update a few months back. I blogged about it the moment it was hot off the press.
The dust has settled, it’s time to dig a little deeper and ponder about the actual impact of the update. The executive summary of the press release already spans 16 pages, giving us an indication about the complexity of the task the authors have tried to tackle.
I decided to look at the new framework from two angles. First: what does it mean to the “converted”, i.e. the ERM practitioners who are familiar with the matter and second, how does an ERM-skeptic (yes, they exist in large numbers… ) look at the new framework and more importantly would it convince him or her to become an ERM-believer?
for the converted
For the “converted” it seems to makes sense. The world has moved on, risks have become more complex, Cyber, IoT and other hot topics were not on the agenda 14 years ago when the original framework was published.
Furthermore, linking ERM to strategy and ultimately to performance also is the right thing to do. After all, elaborately conceived risk heat maps that end up in drawers don’t contribute much to a company’s performance. Boards have become bored with just looking at risk maps, showing numbers in red, amber and green.
And lastly, to counter the ever-increasing complexity of risk with a set of principles is probably the only way to go about it. It is impossible to define universal, detailed standards for today’s and tomorrow’s rapidly evolving risk landscape. Taking the “principles” route is an easy way around being tangible – this criticism of the new framework is heard often.