âThis is a time of opportunity for risk practitioners and their C-level colleagues,â says Brian C. Elowe, a managing director in the Global Risk Management Division of Marsh. âFor risk and financial executives, now is the time to move their organizations along a path toward more strategic risk management.â
Although fallout from the global financial crisis and the implementation of more stringent financial regulatory requirements have given businesses the impetus to adopt enterprise-wide risk management approaches, many still face roadblocks in elevating their risk practices.
More than half of the risk management, finance and C-level executives participating in the survey cited enhancing strategic risk management as their primary focus area in 2010.Â Yet, an almost equal number conceded their firms do not have an enterprise risk management (ERM) program.Â
To achieve a 360-degree view of risk, many firms must hurdle such challenges as organizational silos; divergent views within their own companies about the definition of ERM and key risk issues; as well as the lack of personnel and financial resources. The survey was compiled from online responses received during the first quarter of 2010 from 418 risk managers, C-suite, finance and other executives involved in risk-related functions.
âThe use of deeper analytics and other strategic tools and methods allows risk managers and financial executives to provide compelling information for the C-suite discussion about uncertainty, risk, and volatility â and to achieve greater visibility in their organizations,â said Mr. Elowe.
He added that given the imperative for more transparency around risk issues, CEOs, CFOs and others in the C-suite have an opportunity to tap into the risk management resources across their organizations to elevate the discussion and practice of risk management and broaden their outlook.
âEnterprise risk management, or strategic risk management, is no longer just a ânice to have,ââ says Deborah Luthi, vice president of RIMS board of directors. âRegulators, customers, investors, and other key stakeholders are pressuring organizations to identify and explain how they manage the risks they face.â
Indeed, the number of organizations with a formal ERM program rose to 28 percent in 2010, from 9 percent the prior year.Â However, those without an ERM program also increased to 53 percent in 2010 from 35 percent in 2009, and those in the process of building and implementing an ERM program fell significantly to 19 percent from 56 percent.
âThis finding may reflect a better overall understanding of what an ERM program entails,â says Ms. Luthi.Â âThe increased focus by the Securities and Exchange Commission and credit rating agencies on ERM may have prompted some executives who in the past said they were building an ERM program to step back, look at the risk management initiative they have in place, and decide it really does not quite add up to ERM.â
The survey found potential communication and perception gaps between risk managers and others in an organization. As an example, 83 percent of risk managers said their organizations have a plan in place for business interruption, but only 68 percent of C-suite and 55 percent of finance executives reach the same conclusion.Â Perceptions were similarly divergent on the issue of technology failure.
âRisk managers may need to revisit how they inform leadership about the plans and other measures they have in place to address their key risk issues,â says Mr. Elowe. âIt could signal a need for greater discussion of risk in general across the organization.â
Lack of dedicated risk management personnel represents the biggest obstacle to improving an organizationâs risk management, followed by higher priorities given to other areas, and the need to demonstrate return on risk management investment.Â Among measures to expand their risk management capabilities in 2010, 56 percent of those surveyed plan to enhance their strategic or enterprise risk initiatives, up from 45 percent in 2009.Â Training and education, the top priority in 2009, dropped to second this year, followed by updating technology, and improving governance structure.
The shift in priorities may reflect a heightened focus on compliance with new Securities and Exchange Commission (SEC) Rule No. 33-9089, which calls for increased disclosure of risk governance practices.Â The survey found that large public companies appear to be far more prepared for the SEC rule than their smaller counterparts:Â 84 percent of those with annual revenue of $1 billion or more indicated they have prepared for the SEC rule, compared with 60 percent of those with annual revenue of $50 million - $1 billion, and 67 percent of those with annual revenue below $50 million.
âShowing a return on investment for an ERM program has been an issue for some firms. However, with the new SEC rule, risk executives have one more item to show in their list of areas that will benefit from having ERM in place,â says Mr. Elowe.
RIMS members can download a copy of the report, Excellence in Risk Management VII: Elevating the Practice of Strategic Risk Management, at www.RIMS.org/ResourceLibrary.Â Others may access the report by registering at http://global.marsh.com/excellence.
Marsh has over 23,000 employees and provides advice and transactional capabilities to clients in over 100 countries. Marsh is a unit of Marsh & McLennan Companies (MMC), a global professional services firm with approximately 52,000 employees and annual revenue exceeding $10 billion. MMC also is the parent company of Guy Carpenter, the risk and reinsurance specialist; Kroll, the risk consulting firm; Mercer, the provider of HR and related financial advice and services; and Oliver Wyman, the management consultancy. MMCâs stock (ticker symbol: MMC) is listed on the New York, Chicago and London stock exchanges. MMCâs Web Site is www.mmc.com. Marshâs Web site is www.marsh.com.