Standard and Poor’s published their progress report on their integration of Enterprise Risk Management analysis into their non-financial corporate credit ratings evaluations. In observing company performance during the ongoing economic and financial difficulties, S&P has noted that effective or ineffective risk management is often cited as the root of success or failure.
This is in sync with the recent announcements by the SEC and other regulators to extend their risk management disclosure requirements to focus on the gap between executive management and their front-line of managers. The consensus is clear, that companies need an ERM infrastructure to manage tolerances for risks within each process area that may materially impact to the organization and to disclose how compensation policy has changed from paying for activities to rewarding risk management competency.
Further evidence that an ERM infrastructure is needed can be found in the RIMS State of ERM Report. It states that organizations that have built their ERM infrastructures using the 25 competency drivers in the RIMS Risk Maturity Model for ERM were proven to have higher credit ratings and better business performance than those who did not.
If you want to learn how to put an ERM infrastructure in place or improve your current ERM Program to increase your risk management competency simply and practically, use the complimentary RIMS Maturity Model for ERM that can be downloaded at www.rims.org/rmm. This resource uses an ERM assessment technique to help you to identify the gaps versus best practice in your current risk management efforts and then provides a report with specific and actionable steps based on your answers of what to do next to improve.
The key findings released by Standard & Poor’s as a result of their enterprise risk management evaluations with companies reinforces the need to take action.
The full report can be found on Standard & Poor's website, www.erm.standardandpoors.com
The Insider's Guide to Next-Generation BPM
Thanks Steven for sharing some great resources for ERM out there. Another great resource is this Webinar by Hudson . I would definitely suggest watching/listening to the whole thing - it is worth the 45 minutes.
KH
Hudson
Steven,
No problem with the ERM infrastructure but my experience tells me that the real issue is about risk management leadership which is clearly a cultural issue. Many organisations focus on having an IT - based complex reporting system that supposedly and miraculously manages risk???
Before we worry about tolerances and appetite, the behavour needs to focus on meaningful and rich discussions about the risks an organisation faces. These are the systemic issues that drive the REAL risks in an organisation.
Organisational leaders need to realise that THEY have to do some work in identifying and analysing risk, driving the positive risk management culture and accepting the bad news about some impending risks. This, god forbid, suggests that we cannot and will not be able to identify all of the risks that we will encounter.
My experience tells me that many of the risks are internally generated and are too sensitive or complex to discuss. By applying rich discussion, with specific perspectives from executive management and the board, these individuals should and must be able to unpack the real risks and develop treatment strategies.
The upshot....if there is no robust leadership in risk management then you had better be prepared for some nasty surprises!