The Objective of Enterprise Risk Management
The purpose of this page is to pull together a number of different contributions in my blog about the objective of Enterprise Risk Management (ERM).
The starting point is rather simple: there should be a common view about the value of the time and effort invested in developing and implementing ERM systems. (This postelaborates on this point.)
I have provided two complementary answers to this challenge. Firstly, a high-level objective for ERM in financial services is to ‘protect and enable’. It has the additional advantage of allowing one to build an ‘elevator pitch’ for ERM. (Take a look at this post.) Clearly the challenge is getting the right balance between ‘protect and enable’. Too much ‘protect’ and ERM becomes another corporate ‘Mr No’; too much ‘enable’ and ERM loses its role as an oversight function.
Secondly, I have articulated what that high-level objective means from a financial perspective, i.e. the elimination of costly lower tail outcomes while preserving as much as possible of the upside. (This post elaborates on this point.)
One lesson from those posts and subsequent discussions is that there are a number of different legitimate perspectives about the objective of ERM. I asked a number of leading industry experts to share their perspective in guest posts.
1. James Tufts, Group CRO of Guardian Financial Services, emphasises that the objective of risk management is to clarify the role of risk management of the business and of the risk function. Click here to read his post.
2. Carlos Montalvo-Rebuelta, Executive Director of EIOPA, emphasises the importance of risk management for insurers’ long term survival and that Solvency II regulation does not change the objective of risk management. Click here to read his post which has the best analogy of the requirement for Own Risk and Solvency Assessment (ORSA) that I have seen so far.
3. Jim Sutcliffe, Chairman of Sun Life Financial (Canada) and Chairman of BaxterBruce (UK) provides a view from the Board. He articulates the use-test as the objective of ERM in a manner that is independent of internal models and regulation. (Click here to read this post.) He then articulates the notion of an intuitive ‘risk-cycle’ to implement the use-test. (Click here to read more on this topic.)
I will update this page in the near future with views from other contributors.