We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

Risk Managers Are Spending Their Time on the Wrong Things

Vote 0 Votes
Money v. Value v. Time Graph.jpg

There is always a lot of buzz about "risk appetite statements" and "risk tolerance."  In theory, these sound like a natural launching point for ERM Programs - how can risk managers manage risks without a known goal of what they should be managing towards?

However, the problem with risk appetite is that it is not actionable, thus organizations see very little impact from having perfectly established risk appetite statements that far too many risk managers spend months developing..  As a result, senior management begins to question the value the ERM program is delivering in the early stages.

A recent study in The Journal of Risk and Insurance, using RIMS Risk Maturity Model (RMM) data suggests that organizations with mature and effective ERM Programs see up to 25% higher market value than firms with immature ERM programs. 

The RMM is an umbrella framework with a free assessment tool that enables organizations to evaluate the effectiveness and adequacy of an organization's risk management program, determining where and how their program can improve.  The RMM is broken down into seven core attribute sections, each focusing on a different core element of ERM.

In addition to the 25% composite result, the authors were able to study the individual attribute maturity scores to provide a much clearer insight into which attributes in particular appear to be contributing most to ERM.

Here are the results:

  • Performance Management - 23% contribution
  • ERM Process Management - 20% contribution
  • Adoption of ERM Based Approach - 17% contribution
  • Root Cause Discipline - 16% contribution
  • Uncovering Risks - 15% contribution
  • Risk Appetite Management - insignificant
  • Business Resilience and Sustainability - insignificant

The challenge with risk appetite is how to implement and enforce it, making it relevant to business units on a day-to-day basis. In other words, linking risk appetite to business decisions and having appropriate business metrics to measure it.

These results show that in order to get the most value from ERM, the processes must be scalable, repeatable, and embedded throughout the organization with accountability.  The quality of the process must be monitored and improved by having a clear feedback mechanism throughout an organization, so that issues can effectively be escalated and prioritized.  A strong connection between strategic business goals and risk management, and a monitoring and reporting capability to ensure any deviation from stated goals are measured and communicated, is the key to ERM success.

Most organizations think they need to fully develop their ERM program before they are ready for software, but organizations should be approaching this the opposite way. An ERM Content Solution Software like LogicManager, has all the templates and best practices for building an organization's ERM charter, risk appetite and tolerance, frameworks, roles and responsibilities, assessment criteria, and more, along with a dedicated business analyst to help you mold these to fit your organization and share other best practices. 

As a result, you can accomplish the baseline foundation of your program in a fraction of the time with expert guidance to mentor you, so that you can quickly begin working on the attributes of ERM that bring value - significant value - to your organization's bottom line.  All of the aspects that the study showed are crucial for ERM success, such as scalability, repeatability, reporting, and feedback mechanisms, are what ERM Software was designed to do. 

Download our white paper on the ROI of ERM, or request a demo to see how LogicManager can quickly help you achieve measurable value from ERM.


| Leave a comment

I see using "risk appetite" as a single or portfolio of barriers or hard stops that define safe & unsafe consequences of risk/uncertainty. They can be financial in nature or qualitative like "no material impairment of controls." In my view it is definitely actionable in that transacting groups, in evaluating loss scenarios, can align outcomes to "unsafe" risk appetite.

There are many other "risk appetites" that serve as guiding principle, like "investment objectives" of mutual funds, to Investment Policy that have broad or detailed guidelines, like not more than 10% in Non-US denominated securities. They are actionable as approved or unapproved transactions.

Amen. ERM initiatives or programs that see a heat map, definition of risk appetite, or risk list as end states are dead in the water. Producing value by developing and sustaining a risk-intellegent organizational culture and strategic decision making process is the ticket to long-terms sustainability and ROI.

You can have all the components of the RMM in place and fail miserably in getting traction in ERM. Without some semblage of understanding of risk capacity and risk taking (i.e. an appetite framework/strategy) you have nothing to manage to.

Chris Mandel
SVP, Strategic Solutions

Chris, I think that's absolutely right. An ERM program that isn't built to support a larger strategy isn't built for sustainability, so its a bit of a catch-22. That being said, all organizations have some semblance of a strategic plan that risk managers should immediately build their program to support, and I think there very actionable, value-add steps risk managers can take to support those initiatives.

Kin, we appreciate the feedback and agree that risk tolerance concepts that you've outlined is the correct approach to making risk appetite actionable. We discuss this topic here: http://www.logicmanager.com/erm-software/knowledge-center/best-practice-articles/risk-appetite-risk-tolerance-residual-risk/

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives