New York - Ernst & Young's Insurance and Actuarial Advisory Services (IAAS) practice today released highlights from its recent Risk Leadership Roundtable. The company gathered senior insurance industry executives to share preliminary results of its new "Insurance Industry Risk Leadership" survey.The roundtable included chief risk officers, risk managers and actuaries from the top 30 U.S. life/health and property/casualty insurance organizations. The Ernst & Young 2005 Insurance Industry Risk Leadership survey covers the current state and future plans of insurers with respect to enterprise risk management (ERM).
Building on the initial survey findings, the roundtable included a facilitated discussion of risk governance, risk measurement, and risk management focusing on critical ERM issues, leading practices and emerging trends.
Following are key highlights from the discussion:
ERM Moves Up On the Radar Screen. Comparing current survey results to a study Ernst & Young IAAS conducted in 2003, insurance organizations have significantly increased their focus on ERM. The 2005 survey shows a rise in the number of companies with ERM committees as well as significant participation from C-level executives and the roundtable participants validated these findings.
One-third (33%) of companies surveyed have had an ERM committee for over three years, another third (33%) have had one for less than three years, and 21% are considering developing one.
Among those with ERM committees, following is a breakdown of the members:
CFO (88%)
Chief Investment Officer (71%)
Chief Actuary (65%)
Business Unit Management (65%)
General Counsel (65%)
CRO (59%)
CEO (53%)
President/COO (41%)
Business Unit Actuary (18%)
Other (35%)
Roundtable attendees acknowledged the importance of corporate participation in these committees, but also agreed that involvement from the business unit level is crucial to their success.
"Governance is driving risk integration," explains Chris Karow, partner, Ernst & Young LLP. "There is an expectation that corporate will define the ERM framework within which the business units will need to manage risk."
Elevation of CRO Role. As ERM gains C-suite attention, chief risk pfficers (CROs) are taking a seat at the executive table. The majority of attendees indicated they have a CRO, a significant change from a few years ago. Moreover, in organizations with CROs, the CRO generally reports directly to the CFO or CEO.
Added Structure and Heightened Focus on Risk Assessment. In general, the group agreed there is more corporate oversight today with formalized risk reviews and enhanced board reporting. Risk reviews have also led to significant action including changes to business procedures and deeper drill down. As a result, companies are embedding ERM into their organizational processes and culture.
Industry Working to Jump Remaining ERM Hurdles. It was recognized that having a fully operational ERM framework is critical to future success, but it was also noted that ERM is a building process that must be implemented over time and in phases. Generally speaking, companies indicate they are 50% to 75% of the way to their ERM goal state, but most would like to be at the 90% mark within the next two years. There was also agreement and discussion around the greatest hurdles they will face in this endeavor including quantification of operational risk, implementation of robust and enterprisewide consistent risk measurement and risk aggregation, and the setting of a formal risk policy.
Operational risk was identified as the most significant risk organizations are currently facing, yet most are in the early days of addressing it. While many organizations have initiated operational risk assessment processes, they acknowledge that their effectiveness is questionable and are working at improving these systems which must be in place before measurement can be tackled.
Participants pointed to Basel II as a catalyst for achieving effective operational risk management, but without definitive regulatory standards in the U.S. it is difficult for organizations to take consistent action. Aggregation and diversification was noted as one of the most complex and challenging risk measurement issues because of the need for measurement consistency across risks and businesses. Participants shared the various techniques being used today, but acknowledged there was a need to further develop existing and new methods.
While the majority of companies have standards of practice for monitoring, managing and mitigating risk, setting a formal corporate risk policy remains complicated by the difficulties of quantifying risk and the risk aggregation challenges with which organizations continue to grapple.
"With each step toward ERM, organizations uncover new gaps that must be filled," explains Doug French, global director, IAAS, Ernst & Young LLP. "The industry has evolved tremendously from just a few years ago, but remains on a journey that requires continued commitment. At the same time, organizations are reaping significant rewards along the way as they make strides in the governance, measurement and management of risk."
Results of the Ernst & Young IAAS 2005 Risk Leadership survey including a report on the findings will be published in January.
Source: Ernst & Young
