Risk profile is one of the primary areas of focus for good Enterprise Risk Management programs. Risk profile is a view of all the main risks of a firm, which allows management and other audiences the chance to compare the size of the various risks on a relative basis.
When an insurer contemplates an acquisition, for example, the risk profiles of the two firms will be merged. Will the combined profiles cause a concentration of risk in one area, or will the combination diversify the company’s risks, by line of business or geography?
Often when managers view their risk profile for the first time, they find that their profile is not exactly what they expected. As they look at their risk profile in successive time periods, they find that changes to their risk profile most often align with key strategic discussions or major changes in the environment.
We saw this earlier this year. Most insurers will say that they focus most of their risk management efforts on their insurance risks, but in early 2012, Willis Re collected the stress tests reported to A.M. Best, and found that 26 out of 31 companies felt that they could lose more from an equity market drop than from an unexpectedly high combined ratio.
Implementing Control Processes
Insurance companies are in the risk business. Most insurers have good risk management systems. These are the control processes they use to make sure the risks they assume as their primary business do not get to the point where they are likely to produce losses that are larger than is wanted.
These control processes look at risks four times.
- First, they have underwriters who look at individual risks before they accept them. These underwriters use a combination of rules and judgment to identify acceptable and unacceptable risks.
- Second, they pay close attention to risks that have become claims to make sure that they are under control.
- Third, insurers look at the combination of types of risks (coverages) that they take and the degree to which those risks are interconnected or independent.
- Finally, insurers decide on the aggregate amount of risk that they are able and willing to take based upon their capacity for losses based upon their expected earnings and their capital.
Insurers are used to living in a volatile environment. Just like the blacksmiths of another age who needed to be right by the hottest part of the fire to do their work, insurers often need to make sure that their risk taking is at the hot area of the risk fire, where they will be able to make the profits that they need to satisfy their investors and to stay in business.
Enterprise Risk Management
ERM adds another whole layer to risk management. ERM adds a control process focused on the risk profile of the firm. With this enterprise level process, management and the board are expected to discuss and decide both the aggregate level of risk to be taken by the firm, as well as the amount of exposure to each major class of risks that the firm normally handles. And that is exactly what a risk profile illustrates—the level risk and the distribution of risk that the firm retains.
Top management of all firms are all able to quickly state the plan for revenues from each of their major corporate initiatives. This is the sales weighted view of the business plan. They are doubtless also very familiar with the profits weighted view of the plan. With risk profile, managers can become just as familiar with the risk weighted plans of the firm.