Although the term “enterprise risk management” has been with us for over a decade, only in the past few years—as businesses cope with the reality of operating in a post-9/11 and Sarbanes-Oxley-compliant era—has the concept evolved from “buzz terminology” to an accepted practice in the market.
ERM has been propelled into the limelight by a growing appreciation of the critical need to recognize and react to some of today's challenges and tomorrow's uncertainties. These include an expanding breadth of individual risks (and the sometimes unapparent interconnectivity), globalization, ratings agency requirements, financial disclosures and continued attention from boards of directors.
As an actuary and the chief risk officer at The Hartford Financial Services Group Inc., I have learned to appreciate the power of an effective ERM program and the opportunities that can be missed in implementation.
Without a set of guiding principles, businesses may find themselves at a perilous crossroads in defining and managing their risks. Instead, they may overmitigate risks, underestimate exposures, or altogether miss opportunities to understand and capitalize on risk management.
There is no “one-size-fits-all” approach for developing and implementing an ERM framework. Recognizing that businesses are failing to deliver on the promise of ERM, leading actuaries within the field—in partnership with the Society of Actuaries—recently developed five guiding principles of ERM (see accompanying infographic).
The impact of these guiding principles can be seen in the successful implementation of ERM at The Hartford. In 2004, we embarked on this mission, facing head-on the challenge of getting our corporate culture to embrace ERM and to show direct value for this decision.
Based on the premise that certain key risks cut across the entire organization, the obvious first step was to ensure that disparate departments were in the same room, and on the same page, regarding our organization's risks.
Using the first guiding principle of establishing a qualified leader, The Hartford formally created a new enterprisewide chief risk officer position.
Although many of us were initially skeptical, the necessity of having an experienced, senior-level risk professional dedicated to this effort full time became readily apparent.
As the newly appointed CRO, the challenge for me was to understand the strengths of the existing practices and establish the bridges and support necessary to leverage those strengths into an effective enterprisewide view of risk.
To properly and effectively establish an ERM process and communicate the importance of an ERM framework across the organization, The Hartford had to embrace the second guiding principle—clear communication.