“Risk should be elevated in the organization, to the strategic, operational and tactical levels,” says Narvaez. “But too many times [the strategic level] doesn’t know what enterprise risk management is doing.” The value proposition of ERM is often ignored, she says. “Where can we take more risk? Where can we have controlled growth? Those questions are not usually part of the [risk management] discussion, and they should be.”
Safeway, the supermarket chain, also uses ERM to identify opportunities to lower the cost of risk, says Ward Ching, vice president of risk management operations. Risk, says Ching, can either be a negative in an organization — “something you transfer away”—or a positive, something that has an upside potential.
ERM at GM: Find New Risks
Another company that is finding the upside potential of risk through ERM is General Motors. If any company can be said to have put the “enterprise” in risk management, it’s GM. The giant automaker, which had 2012 revenues of $152 billion, has more than 212,000 employees in 396 facilities around the world. Leading its ERM program is Brian Thelen, GM’s general auditor and chief risk officer.
GM launched its formal program when Daniel Akerson became CEO in 2010, says Thelen. “As a board member, Dan had a strong opinion that the company needed a robust risk identification and management process,” he says. Akerson sponsored the establishment of the program and of the chief risk officer role. In both of his roles, Thelen reports to CFO Daniel Ammann and to Thomas Schoewe, chair of GM’s audit committee. As at other companies, the audit committee has oversight responsibility for ERM and internal audit.
General Motors has tailored its risk program to its particular needs. “We developed our model to align with our strategic objectives and company structure,” says Thelen. “Our risk-officer structure includes executive representatives from each function reporting to the CEO, as well as from each of our major geographic regions.” Product development, purchasing and supply chain, and finance teams also interact with risk management.
In addition to soliciting input from functional leaders about key and emerging risks, “we work with them to help develop risk-mitigation activities,” Thelen says. “We provide tools for decision support, such as war gaming, game theory, scenario planning, stress testing, and so on.” GM also seeks views about its risks from external parties, says Thelen.
Enterprise risk management at GM means monitoring and mitigating risk on one hand and finding opportunities in risk on the other. “Dan Ammann has challenged us to be creative in identifying emerging or blind-spot risks that we may not normally think about,” says Thelen, while “Dan Akerson is aligned with our view that risk is not always a negative.”
Indeed, Thelen says GM’s ERM program is providing a competitive advantage. Without going into specifics, the CRO says the program enables the automaker to spot certain risks that also affect its competitors, then mitigate them before the competition can.