Virgin Mobile gets even more decentralized. CFO Feehan says that the firm’s relatively small size (400 employees) allows it to take a hands-on approach to risk by “perceiving risk management as part of our daily life. We don’t separate it out as a separate function; it’s just part of how we manage every aspect of the business.”
That approach has served the company well, but the aforementioned survey of CFOs (conducted by CFO Research for Towers Perrin) found that they are now more interested in systematic solutions to risk management than they have been in the past. Nearly half the respondents expect to implement broad changes to their risk-management policies and practices, from the shop floor to the boardroom.
So Many Risks…
But some CFOs caution that formal enterprise risk management (ERM) programs won’t succeed if they don’t mesh well with a company’s culture. Impose a new framework from on high and you risk crushing something underneath. Floyd Chadee, the CFO of StanCorp Financial Group, says that his company assesses several substantial risk factors, from potential shortfalls in reserves (to meet insurance obligations) to the adverse effects of declining equity markets.
StanCorp manages all those risks in a host of ways, Chadee says, including “sound product design and underwriting; effective claims management; disciplined pricing; distribution expertise; broad diversification of risk by customer geography, industry, size, and occupation; maintenance of a strong financial position; maintenance of reinsurance and risk-pool arrangements….” You get the idea.
Chadee isn’t opposed to ERM, but cautions that “it’s important that formal programs consider all the risks. Programs can be packaged and sold as an idea. That’s form, not substance.”
Cracking the Code
In the same way that organizational improvements can help foster a culture of risk management, some experts argue that modest IT improvements can provide a boost as well. While integrating risk-management reporting into the typical reports and systems that employees rely on may sound daunting, says James Lam, president of the risk-management consultancy James Lam & Associates, it doesn’t have to be. Most companies can readily access 60 to 80 percent of the data they require to get a better view of risk, he says. A dashboard display of key data points on an employee’s monitor or a company’s intranet page can capture, analyze, and present the most salient information. “It’s similar to the electoral map on CNN where the anchors drill down into different states or counties and populations,” Lam says. “You can get in-depth analysis or an overview.”
The new interest in ERM has inevitably led to renewed interest in software designed to automate the deployment of such frameworks and otherwise address risk by scouring databases and serving up reports that might warn of trouble ahead.
ERM software has been around for years but has never taken the market by storm, despite vendors’ claims that the newest versions have gotten much better at monitoring and analyzing risks subject to strategic objectives. “Executives often see it as just another [empty] initiative,” says Mark Beasley, North Carolina State University’s Deloitte professor of enterprise risk management.