New York - The Insurance and Actuarial Advisory Services (IAAS) practice of Ernst & Young LLP has released its quarterly outlook identifying the need to take risk management beyond legislative and regulatory compliance to the next level.Enterprise risk management (ERM) is beginning to move to the top of the "CFO to-do list" as companies become increasingly sensitized to the heightened need for enhanced risk governance, management and measurement, according to Ernst & Young. This includes an acknowledgment that there needs to be a more disciplined approach to risk measurement and risk management.
Ernst & Young provides the following advice:
· The first step for organizations looking to implement ERM is a Bottom Up Risk Analysis. Conducted by management and approved by the board of directors, the analysis must account for insurance risk, catastrophe risk, credit risk, market risk, operational risk, etc. with a defined corporate risk profile as the end product.
· The corporate risk profile serves as the cornerstone for the development of an ERM strategy. It can help senior management set risk policy and risk tolerances and offers a guide for assessing risk management and measurement processes and controls.
· With the emergence of options and guarantees in insurance products, increasing external scrutiny from analysts and rating agencies and emphasis on the true economics and risks is driving the trend from rules-based to principles-based financial reporting with a significant added push coming from the NAIC in the form of upcoming C3 Phase II regulatory capital requirements. As companies prepare to make the shift, there is further pressure on the actuarial function, which in many cases, is already struggling to keep pace with the ever-increasing needs and complexity of the business.
· It is becoming clear that existing actuarial systems and processes will need to be overhauled. As a result, leading companies are transforming their actuarial financial and risk measurement capabilities by implementing next generation software tools, redesigning their key actuarial processes, dramatically increasing computing power, and utilizing technology more effectively to achieve integrated and automated solutions.
· To date, the job of the corporate risk manager has been focused on the purchase of insurance and the management of risks for which a transfer market exists. The passage and implementation of Sarbanes-Oxley 404 ("404") compliance has also changed the strategic role of the risk manager, or at least it should. Corporate risk managers must expand their knowledge base and interaction with accounting and internal and external audit in order to understand the results of 404 implementation and its impact on the risk management process. Information gathered from 404 can have a significant impact on risk identification, measurement, prioritization and assessment, affecting the marketing, financing and monitoring of the corporate insurance programs.
· The imperative to identify and document risks and controls and monitor those enterprise risks has created an opportunity for risk managers to become involved in C-level strategy and planning. To perform in this expanded role, new skills and tools will be necessary as risk managers must be able to present ideas and strategies which dovetail with the goals and objectives of their audit committees. They will also need to decipher senior management concerns and then provide well-versed perspectives and solutions for operational and financial risk solutions to protect employees, assets and key stakeholders.
Source: Ernst & Young IAAS
