Enterprise risk management (ERM) was the theme of the latest StrategicRISK Question Time event, held in association with Marsh Risk Consulting. Nathan Skinner reports

In a packed room in Marsh’s Tower Hill headquarters overlooking the Thames in London, high-calibre risk management professionals heard from leading organisations about how they are implementing ERM. After over an hour of panel debate with audience questions, some of the most pressing issues facing the profession had been thrashed out.

The panellists described in their view what an ERM programme delivers as well as listing the challenges they faced in getting the programme off the ground. They also debated strategies for overcoming some of these problems and how to make the ERM programme sustainable.

The liveliest scenes were ignited by a question about the significance of the announcement by Standard & Poor’s, the rating agency, that it plans to include an assessment of ERM in its rating of non-financial firms. Broadly speaking risk managers are concerned that the rating agencies do not have the expertise, resources or credibility to assess the robustness of most companies’ ERM programmes. Delegates also discussed what the future holds for risk management.


Describing the benefit of ERM, Paul Taylor, director of risk assurance for the Morgan Crucible company, said: ‘ERM delivers improved predictability of business performance. With it the business is more sure of achieving its objectives within the timeframes set with fewer unwanted surprises and an improved image.’

The panellists also agreed that ERM could increase efficiency, smooth mergers and acquisitions and help the implementation of projects. The overriding benefit identified was reducing the risk exposure of the organisation and giving stakeholders increased confidence in the business.

Paul Howard, head of insurance and risk management for J Sainsbury plc, and his fellow panellist, Mark Wilford, director or risk for Rolls Royce plc, both agreed that ERM gives their organisations the ability ‘to make better quality decisions’.

Describing the risk management structure within Rolls Royce Wilford said: ‘It is not my job to tell the chief executive how to run the business or what the risk appetite should be. My job is to give him an understanding of the risks to enable him to make better decisions about how the business is run.’

Getting ERM off the ground

Next the audience of nearly 50 heads of risk management and ERM were asked to give their verdict on the biggest ERM inhibitors. Failure to get senior management on board was by a large margin voted the biggest factor that could prevent an organisation getting ERM off the ground. Howard commented: ‘You need to get a senior sponsor to give active support and encouragement to reinforce your programme.’ A lack of sufficient resources was also identified as a significant stumbling block.

Confirming these views, Stephen Roberts, a UK leader of Marsh’s risk consulting and strategic risk practice, also a panelist in the debate, said the problem with getting senior management buy-in is that often risk management is seen as a business disabler rather than an enabler. He suggested trying to demonstrate the day to day applicability of risk management and packaging it as something that enables better business decisions.

Having the right culture within the organisation was viewed as vital for the success of ERM. Wilford described his approach to the cultural challenge: ‘You must not sell a promise that you will guarantee value. Business is not about guaranteed value, it is about taking risks.’

He added: ‘When we set out our ERM programme we did not define a value of it. We were not saying if you invest X in risk management you get Y in profits. What we said was you will have a better mousetrap that will help you identify the key risks to delivering your goals and making better decisions.’

Taylor agreed that the biggest barrier to ERM is cultural. He said convincing departments to implement new risk management measures is very hard if they already have some in place. The voice of a senior manager can help here, said Howard. Taylor also insisted that building on early successes can be useful. ‘If ERM works well, people talk and you get another advocate for what you’re trying to do and slowly building on those can be helpful. ERM is not a large unwieldy beast; there are ways and means of getting easy wins.’

‘You have to find out where your enthusiasts are. They are you biggest asset.’ added Wilford. Once ERM has established itself and the company starts to measure the success of the programme it picks up its own momentum, he said. The biggest challenge then becomes managing internal enthusiasm for the process. ‘Resources are not unlimited so managing the pull becomes quite difficult,’ noted Wilford.

The finance department is the one most likely to sign off on ERM, according to another poll of the audience. ‘We also see lots of organisations struggling to separate risk management from internal audit?’ queried Roberts. Taylor confirmed that this was a problem. ‘I am not sure that senior management will always look at risk management as being the department that can move up to the ERM role,’ he said. ‘It is a difficult challenge for us.’

Asked about the significance of S&P’s decision to include an assessment of ERM in its ratings process for non-financial firms, Wilford insisted: ‘I do not think S&P understands ERM sufficiently well to be measuring it in any way, shape or form across the multitude of industries that it looks at.’ He added that he is concerned about the overall significance that S&P is attributing to its ERM rating.

This view was shared by some amongst the audience. Taylor also indicated that he was concerned about the accuracy of analysts’ reports although he was generally encouraged by the concept of external accreditation. Howard predicted that the trend of external stakeholders looking into business processes was one that risk managers needed to prepare for and to help make more informed. A spokesperson for S&P said: ‘Hopefully what we develop is something that is workable on both sides.’

Finally, the audience was asked what would make risk management more effective in the future. Most of them replied that proving a tangible link to economic value is at the heart of success.