Alignment is key to ERM

Risk has traditionally played a minor role in the strategic discussions of many firms.

Often, planners get risk out of the way at the very start with a discussion of strengths, weaknesses, opportunities and threats (SWOT). Then as quickly as possible, the planners shift into concentrating on a discussion of opportunities. That is what they are there for anyway: opportunities.

Risk management has been a part of business practices for thousands of years. ERM is a new approach to risk management that, when taken to extremes, may noticeably increase the cost of doing business, and can take the attention of executives away from running their firms. But, there are four key reasons to adopt a version of ERM that fits your business; this post is about one of those four keys: Alignment.

Enterprise risk management now presents a different approach with the objective of aligning risk management with business strategy. This alignment takes place at two levels: first as part of the aforementioned strategy and planning discussion, and second, in the more operational discussions that result from the strategy and plan.

Risk appetite and strategy

The idea that aligning risk management and strategy is highly important may be a stretch for some businesses; but for insurers, risk is the raw material of the business. So it seems very natural that a discussion of risk management should fit well with the strategic discussion of the insurance business.

The main building block of the strategic discussion of risk and risk management is the risk appetite statement. Risk appetite is defined in the U.S. National Association Insurance Commissioners (NAIC) Own Risk and Solvency Assessment (ORSA) Guidance Manual as:

Documents the overall principles that a company follows with respect to risk taking, given its business strategy, financial soundness objectives and capital resources. Often stated in qualitative terms, a risk appetite defines how an organization weighs strategic decisions and communicates its strategy to key stakeholders with respect to risk taking. It is designed to enhance management’s ability to make informed and effective business decisions while keeping risk exposures within acceptable boundaries.

I have always interpreted that as saying that the risk appetite is the strategy statement for risk. And you can see that the regulators see risk appetite as directly linked to strategic decisions.

ERM tools

Besides risk appetite there are several ERM tools that can aid in the strategic risk discussion.

Risk profile

A part of the statement of the impact that the plan will have on the company should be a before and after risk profile. This will show how the plan either grows or diversifies the firm’s larger risks. Risk cannot be fully described by any single number; therefore, there is no one single pie chart that is the risk profile of the firm.

The risk profile should be presented so that it articulates the key aspects of risk that are the consequences of the plan – intended or otherwise. This may mean showing

  • the geographic risk profile
  • the product-by-product risk profile
  • the risk profile by distribution system
  • or the risk profile by risk type

By looking at these different risk profiles, the planners will naturally be drawn to the strengths and weaknesses of the risk aspects of the plan. They will see the facets of risk that are growing rapidly and consequently require extra attention from a control perspective.

And even if there are none of those reactions, the exposure to the risk information will eventually lead to a better understanding of risk and a drift toward more risk aware planning.

Risk management view of gains and losses

Planning usually starts with a review of recent experience. The risk managers can prepare a review of the prior year that describes the experience for each risk in terms of the exceedance probability from the risk models. This could lead to a discussion of the model calibration, and possibly to either better credibility for the risk model or a different calibration that can be more credible.

Risk controls review

Imagine an American football team in the huddle. The quarterback looks up at the team and says that every player should run their own favorite play! Just think of what the play-by-play announcer would say about that! Sports teams do not win if the players are not all aligned to run the same plan not just for the game, but for each and every play during the game. And businesses need to have all their efforts aligned as well – both the efforts to create opportunity for the firm as well as those to prevent disaster.

Each risk operated within a control system. The review of recent experience should discuss whether the control systems worked as expected or not.

Risk-adjusted pricing review

The review of gains and losses can also be done as a review of the risk margins compared to the risks for each major business or product or risk type. Comparison to a neutral index could be considered as well. With this review, the question of whether the returns of the firm were a result of taking more risk or from better selection, and management of the risks taken, should be addressed.

Management groups may be much more interested in one or another of these tools. The risk manager must search for the approach to discussing risk that fits management’s interests in order for risk to become a part of planning and strategy. Without that match, any discussions of risk that take place to satisfy regulatory or rating agency pressures will be largely perfunctory.

Recent studies have found that insurers who link ERM to strategy are much happier with their ERM program. Over half of insurers who responded to a recent poll on risk appetite said that a linkage between ERM and strategy was an explicit objective included in their risk appetite statement.

Risk tolerance and company plans

Risk tolerance is the term of art for the aggregate risk plan. A company can skip having an aggregate risk plan, but if they have one, that plan is the risk tolerance. So, it is probable that more companies actually have a risk tolerance and simply do not realize it.

A majority of companies who recognize that they have a risk tolerance have set it to reflect the consideration of rating agency and regulatory requirements, and they sometimes also include a statement of the amount of surplus that is at risk under pre-determined circumstances. So, if the insurers who do not use the term “risk tolerance” indeed have a target for their RBC ratio or for the AM Best BCAR score, they are thereby setting an aggregate risk plan, which means that they do actually have a risk tolerance.

Strategy and plans impact on risk management

ERM should stand out of the way of the aggregation of the risks that the insurer plans to exploit

An enterprise risk management program will also work to align the management of individual risks to strategy and plans. At the highest level, there are four possible strategies for controlling individual risks:

  • Exploit
  • Manage
  • Minimize
  • Avoid

The company strategy identifies the risks that are going to be exploited and managed. The ERM program should be active to assure that risk management is not serving as the business prevention function for those risks.

ERM should stand out of the way of the aggregation of the risks that the insurer plans to exploit, and it should make sure that due care is taken with the risks that entail managing. But that care should be of the “not too hot” and “not too cold” variety that allows for the success of the business.

The ERM program should also provide assistance with the processes and procedures needed to minimize and avoid the risks that are not a direct part of the success formula for the insurer.

Ultimately, this means that the plans for risk acceptance, limits and mitigation need to be carefully reviewed by ERM for each and every of the firm’s important risks.

Without a link to strategy

If risk management is well developed into a strong, effective, disciplined, function there are two possible outcomes: it can either help achieve the business strategic objectives or it can be a strong force that will at times prevent the achievement of strategic objectives that are perceived to be too risky.

An ERM program with transparency and discipline is a powerful tool for management to use. Such a program, if set on the path of alignment, can be counted on to stay on that path and to continually support the overarching strategy while providing evidence of that alignment for all to see.

About Dave Ingram

Dave is an Executive Vice President of Willis Re, specialising in theory and practice of ERM for insurers. Based in…
Categories: Reinsurance | Tags: ,

One Response to Alignment is key to ERM

  1. Pingback: Keys to ERM – Alignment | Riskviews

Leave a Reply

Your email address will not be published. Required fields are marked *