ERM Process Trumps Technology

INN attended the RIMS 2009 conference in Orlando this week where presenters confirmed what many experts have said about enterprise risk management (ERM)—implementation of an ERM process should start with a framework. In a panel discussion yesterday, ERM vendors discussed the need to have a good risk strategy to drive positive business results.

Carl Groth, director, capital markets at Deloitte suggested that ERM failures—to embrace appropriate ERM behaviors, develop and reward internal risk management competencies and use ERM to inform management’s decision making for risk taking—contributed to the current financial crisis. He listed some of the ERM frameworks from a few organizations, including Casualty Actuarial Society, Committee of Sponsoring Organizations of the Treadway Commission (also known as COSO) and RIMS.

Groth also listed some benefits of an ERM process:

• Risk identification

• Exposure elimination

• Risk reporting

• Risk transfer

• Risk financing

• Measurement of exposures

• Exposure reduction

• Exposure evaluation

Steven Minsky, CEO at LogicManager Inc., discussed some of the challenges ERM implementers face, including taking on too much technology before having a framework in place. “Buy technology when you’re ready to solve a problem,” he said, suggesting users utilize spreadsheets until a framework has been developed.

Once the framework is established, the technology can come into play. Monique Hessling, chief marketing officer at Zurich Global Energy, and Michael Thoits, director, risk management at Affinia Group addressed attendees on Tuesday about ERM technology solutions. Thoits said that when searching for ERM technology solutions, an organization should look for tools that will help produce reports that executives may be used to—data modeling, risk maps/dashboards, drill-down capabilities.

Hessling highlighted results of RIMS’ user survey of the ERM technology market, according to RIMS, which concludes that desktop applications such as Microsoft Office products were the most commonly cited tools, followed by a variety of other solutions, including customized systems.

Of the 651 respondents to the survey, 317 have an ERM process in place, and of those, 149 use some kind of technology. Thoits pointed out that the question of technology use may not have been answered accurately by some. He said it’s not likely the respondents aren’t using technology; they’re probably using Excel or other spreadsheet or Web-based applications—just not ERM-specific technology.

Monitoring risks, data storage and analysis are the most commonly identified functionality of the ERM technology solutions employed by the survey respondents. Comparing current usages and desired future usages, the ability to address interdependency of risks was the most sought-after future functionality.

Thoits and Hessling also agreed that European organizations are more developed in their ERM initiatives, and have been practicing ERM longer.

In the end, Thoits summed up ERM technologies and processes in a single sentence, and many others throughout the conference agreed: “ERM process trumps technology solutions.”