As CFO of RWE npower, Volker Beckers is used to discussing risks at the UK energy company during presentations with analysts and investors. After all, in a sector being shaken up by major regulatory upheavals, price volatility and a host of other uncertainties, the company, which is part of Germany’s RWE, faces plenty of risks. Fortunately for Beckers, RWEn has a group-wide risk management system that would turn other CFOs green with envy. Along with risk committees run at the group, divisional and business unit levels by finance executives like Beckers, the company’s enterprise risk management (ERM) framework calls for thorough risk reporting and action schemes at its retail and other businesses, covering strategy, day-to-day operations and even gritty processes such as budgeting and planning.
But the best thing about the ERM system is that it also delivers tangible, bottom-line value to the company. At a road show in October, Beckers cited risk management — spanning technical areas such as integrated hedging through to credit-risk management — as one the “strong financial drivers” that underpinned 2006′s double-digit growth revenue and operating results, and helped RWEn reach its target of 10% return on capital employed.
If more ERM programmes were like RWEn’s, they wouldn’t get such a bad rap. Despite several years of toiling over ERM projects — all aiming for the day-to-day, systematic identification, integration, and mitigation of strategic, financial and operational risks — many risk managers report that they’re nowhere near where they want to be. Some programmes are still on the drawing board, while others are languishing half-complete or are working in only isolated parts of an organisation, defeating the all-encompassing aim of ERM. Even at many companies that believe they have full-blown ERM programmes in place, there’s uncertainty about whether they’re as good as they could be. Sergio Beretta, a professor of planning and control at Bocconi University in Milan, recalls how when he attended a conference on ERM, “I had the perception that in at least a couple of cases what they were describing was not a system that is working but a system they wanted to be working.”
According to the preliminary findings of a survey of more than 100 companies in the US and Europe to be published by Deloitte later this year, most respondents — nearly 90% — cited “difficulty measuring and assessing risks” as the biggest challenge of ERM implementation. But two other oft-cited challenges were “insufficient understanding of the benefits” and “difficulty proving the business case,” suggesting that CFOs such as RWEn’s Beckers are in the minority when it comes to drawing a link between ERM and the bottom line.
How companies find that link — or whether they should even try — will be a matter for further debate as more risk management programmes mature, going beyond the box-ticking required under various European and US corporate governance codes.
It’s not just law makers and regulators who are exerting pressure to bolster ERM efforts. In 2005, Standard & Poor’s, a ratings agency, introduced a set of criteria for its analysts to assess ERM at insurers. Last year, the agency made these criteria a standalone category in the ratings process, stating, “We expect ERM to be a competitive advantage for these insurers over time.”