The entire process is dynamic: Peabody formed a cross-functional risk-management committee with Navarre as chairman that meets monthly to continually assess the company’s risks. “If a new risk emerges — say we enter into a joint venture or acquisition — we meet to assess the inherent risks and feed them into the ERM process,” explains Navarre.
Why is this a better mousetrap? “This is a broadly focused process that involves the entire senior-management teams across all functions to evaluate risk,” the CFO replies. “Instead of looking at individual risks, ERM gives us the ability to assess all the risks of the company and understand them, separately and in relation to each other, potentially identifying risks we may not otherwise have identified, and then making a determination to either mitigate that risk or choose to accept it.”
Evidently Peabody’s audit committee is pleased. “We’ve learned through this process not only the scope and breadth of risks inherent in the business, but also the various methods that management is using to effectively manage and balance those risks,” says William Rusnack, chairman of the audit committee.
Still a Costly Process
The value of ERM must be balanced against its cost. Several third-party firms approached Peabody to facilitate the ERM process, not one of which quoted less than a $200,000 fee. Instead, Navarre decided to facilitate the process internally.
But even without a consultant, the process and infrastructure costs associated with uncovering material risks are significant. “You have to be more invasive within the organization, meaning that you have to ensure that each of the business units is examining its risks in a rigorous, well-defined, systematic way, as opposed to ad hoc oversight,” says Terzuoli. “That costs money, since you have to put in place policies and procedures and then ensure that these are being complied with. Then you have to automate this process with an IT component, building a conduit from back-end legacy systems to capture risk-based data to provide risk transparency in a dynamic environment — a flow of information that typically is daily or at the very least weekly.”
Fortunately the software tools to construct a dynamic ERM technology infrastructure already exist in package form, sold by vendors Hyperion, Cognos, and Active Strategy, among others. The tools identify the dozens of data elements that require ongoing monitoring, extract them from legacy systems, and gather them in one place, typically a data warehouse. The tools then create a conduit from the data warehouse to a front-end dashboard that alerts users when risks emerge. “Once tied together, the data may reveal, for example, a cash-flow surprise relative to market expectations,” says Terzuoli.
The cost of a good back-end to front-end system, with all the hoopla in between? Another $500,000.
Cost concerns didn’t stop Seminole Electric Cooperative Inc., a not-for-profit Tampa-based electrical generation and transmission cooperative with $714 million in 2002 revenues, from pursuing ERM. Seminole’s strategic plan mandated a broad corporate-risk profile. “We needed to create a broad list of risks facing the company, not just the risks that executive staff had cited, but risks perceived by executives across all corporate lines,” says Seminole vice president of financial services John Geeraerts.