A risk manager offers some observations on how managing ERM is changing.
ERM implementation requires a considerable amount of leadership and oversight in the early years to drive the model, infrastructure and often a shift in culture. But if done well, those at the forefront should ultimately step back and let the business leaders take more ownership for assessment, mitigation and reporting.
At a recent meeting of The NeuGroup’s Engineering & Construction Treasurers’ Peer Group (E&CTPG) a guest speaker, an executive director of risk management who is part of The NeuGroup’s Corporate ERM Group, shared his views on executing ERM.
Ownership changes
One trend he has observed is the beginnings of a shift in ownership as the executive committee has become the owner of the company’s risk process. He is also hoping to soon relinquish some of his executive-committee presenting time to the actual risk owners. But in the long run, he believes “you will always need a standard bearer to ensure it continues to get done right.”
Presentation format changes
On the matter of risk reporting to the executive committee and board, the risk manager’s approach has generally followed the standards of any mature ERM program. However, he recently has begun to shift his formats from being text-centric to being more graphical in nature and with even greater substance. “Boards like colors and are tired of bullet-point charts. Plus, charts and pictures create less legal liability,” he noted. He also pointed out that he wants to move away from the “severity and likelihood” approach and focus more on “velocity.” He continued by saying, “Time is an ally with strategic risks but not so with unforeseen risks such as a plant explosion.”
Earnings impact
Another recent revelation he has had is the need to understand the impact risks could have on key performance metrics such as cash flow or EBITDA. Doing this effectively requires a good understanding of the company’s key success drivers.
With that understanding the exercise would be to consider how each of the enterprise risks could potentially impact a success driver such as EBITDA. For example, if energy prices are an enterprise risk, what impact will increases and decreases in energy prices have on EBITDA? Of particular note is that the risks should be reported in a positive context as well. If the enterprise risk of energy prices decrease, there will be a positive impact to EBITDA. The enterprise risks can be ranked and reported on in relation to this particular success factor.