Can GM translate the impact of ERM into broadly used financial metrics, such as return on capital or EBITDA? “Certain risks will better lend themselves to these quantifiable metrics, whereas others are harder to measure,” replies Thelen. “In stress-testing scenarios, we do tie our work to our established key performance indicators to help the company make informed decisions among alternatives.” And when an investment is needed to mitigate risk, he adds, “financial considerations are always part of the cost-benefit analysis to determine how much residual risk we are willing to accept.”
So far, it would be difficult to quantify the impact of the program on GM’s cost of risk, says Thelen. But he points out that it has helped the company make better decisions, which ultimately results in improved performance.
How successful has the program been in promoting and embedding risk awareness in GM’s culture? “We’re making progress,” says Thelen. “The individuals who represent almost all functional and geographic areas of the company are exposed to the objectives of the ERM program. Our goal is that they take this sensitivity to risk back to their normal day jobs.” In this manner, he says, “we have a greater opportunity to help individuals think about the upside potential of risk, versus the typical downside mitigation.
“We try to get the message across that risk can be a good thing—especially if we can react [to it] faster than our competitors can.”
The Evolution of ERM
Two surveys conducted earlier this year shed light on the evolution of risk management and ERM. One, Accenture’s 2013 Global Risk Management Study, surveyed C-level executives involved in risk management decisions at 446 organizations around the world. The survey revealed three broad ways that risk management is changing:
1. It has a direct line to top management. Ninety-eight percent of organizations have a chief risk officer, and 96% of risk management owners (9% of whom are the CFO) report to the CEO.
2. It plays a much larger role in budgeting, investment and strategy.
3. It enables growth and innovation.
As for ERM, 58% of the organizations surveyed have such a program, while another third plans to implement one in the next year or two, says Accenture.
Of the 1,095 risk professionals who responded to RIMS’ February 2013 ERM survey, 21% said they had a fully integrated ERM system and 42% said they had a partially integrated system. RIMS says these numbers indicate a “critical mass” has been reached in ERM as a management discipline. Fifty-six percent of ERM activities are directed by the risk management department, compared with 12% for finance, the survey found.
As for aligning their ERM programs with formal standards and frameworks, 23% said they used the international ISO 31000 standard and 22% used the COSO standard. Twenty-six percent said they did not follow a particular standard or framework. — E.T.