Despite being late bloomers to Enterprise Risk Management (ERM), the insurance industry, particularly in Northern Europe, is increasingly seen as a trend setter in the area of risk management, with other financial services sectors looking on to see the rewards yielded from investments and research made in ERM methodologies, says Richard Kent, a Director with Ernst & Youngs specialist Risk Management team in London.
A number of sectors have attempted to implement ERM methodologies in a bid to enhance their risk management processes. Regulatory and market drivers have encouraged the banking sector to lead the way and be the first in line to adopt and implement ERM across their business empires, however, as always with first timers, success has been mixed and mistakes have been made before the right approaches to turn theory into practice became known.
Kent notes that the UK insurance industry has benefited somewhat from the lessons learned by other sectors. The UK insurance industry became very good at being smart followers by taking the leading methodologies in ERM implementation amongst the banks and adapting these pragmatically to suit their particular needs and challenges. They benefited by learning from the teething mistakes committed by some of the banks, says Kent.
He points out that the beauty of ERM methodologies as implemented by UK insurers lies in their structured simplicity. Insurers adopted an approach whereby there would be clarity around the goals and objectives of each senior executive and business department manager and this would then be linked to what is expected of them in the risk management processes.
ERM as implemented by UK insurers makes senior executives personally responsible for managing the risks taken by the organisation. This has lead to a cascade of clear definitions and measures of risk across the business and down into the organisation.
Risk management is also now being incorporated into employees job descriptions which have been remodelled to take account of their newly defined responsibilities in managing risks. If each person has a clear understanding of what risks they are responsible for, it goes a long way to eliminating the commonly seen disconnect between the senior executives view of risk management and that of those more at he coal face. Involving managers and staff from throughout the business is a key success factor when implementing ERM, so firms need to find a way of providing clarity on what risks the managers and staff are responsible for and how they will be measured against this responsibility, says Kent.
In as much as it is important to manage risk in an enterprise, Kent emphasises that management needs to clearly define the type of risk that the organisation is susceptible to.
He cautions that though the current business environment is laden with an assortment of complex risks, companies should be wary of creating bureaucratic empires in an attempt to contain and control these inherent risks.
It is critically important that ERM should be very clear on what risk is. Equally important, ERM implementation should be kept small and manageable in order to temper that fine balance between risk management and creating cumbersome red tape. In addition, there has to be regular feedback on whether risks are being successfully managed after ERM implementation. Techniques such as the introduction of a Risk Scorecard Quantification Model, which measures the effect that control failure would have on the risk profile, can help to provide this feedback to the business in a practical and user friendly way, Kent adds.
Kent concludes: In a South African context, organisations looking to introduce an ERM approach are in luck. The existing methodologies and practical techniques developed in Northern Europe are scaleable and transferable to South African insurers and this knowledge and insight into what others have done has got to be helpful to those at the early stages of their ERM implementation programmes.