We all manage risks in our daily lives—we keep a spare tire in our car in case we get a flat, a little cash in our pocket in case we lose our wallet—but how do companies manage risks for hundreds of thousands of individuals?
To manage risks holistically across all divisions of an organization, companies use enterprise risk management (ERM), a process that helps them get an integrated understanding of risks, manage their net exposure, create efficiencies, and add value. The challenge is putting it into practice.
My colleagues Martin F. Grace of Georgia State University, Richard D. Phillips of Georgia State University, and Prakash Shimpi of Fraime LLC, and I wanted to find out how the most successful companies do this in order to develop a set of best practices.
We studied the results of a worldwide survey conducted by a risk management consulting firm that asked life and property and liability insurance companies about their risk management practices.
These companies take on big risks and need cash reserves in case their liabilities are greater than expected. They often use formulas called economic capital models (ECM) to determine how much money they need on hand to cover these risks.
ECMs can be simple or complex. We found that these formulas matter, but companies don’t get additional value from more advanced calculations. The simpler formulas are sufficient, primarily because the cost of implementing sophisticated models often offsets the value derived from using them.
We also found that having a dedicated risk manager creates value. This person need not be a chief risk officer, but there should be someone or a cross-functional committee in charge of looking as risks throughout the enterprise.
Whether it’s a single person or committee, the risk manager(s) can reduce costs by avoiding risk management strategies that are unnecessary. For example, if two divisions within a company are exposed to risk from changes to the value of the U.S. dollar but in opposite directions, the risk manager will see this and realize these risks cancel each other out and do not warrant the purchase of costly risk management.
Intuitively, it seems that having the chief risk manager report to the organization’s board improves risk management, but ours is the first study that proves that this reporting structure reduces costs and enhances revenues. This signals to everyone in the organization that leaders take risk management seriously.
More siloed approaches to risk management—where each division establishes and implements its own risk management plans—are inefficient and can lead to managing opposing risks that, when viewed holistically, cancel each other out. Having dedicated risk managers can improve efficiency and create value, and this research provides some helpful guidelines in implementing such an approach.
For more on this topic, see our paper “The Value of Investing in Enterprise Risk Management” in The Journal of Risk and Insurance.