Complexity, speed of change of emerging risk exposures placing greater attention on effectiveness of ERM strategies, new report says

The complexity and speed of change of emerging risk exposures are placing greater attention on the effectiveness of enterprise risk management (ERM) strategies across all industry sectors, according to a newly released report.

The report, titled Communicating the Value of Enterprise Risk Management – The Benefits of Developing an Own Risk and Solvency Assessment Report, was released on Monday. Developed by members of a joint project team representing the ERM Committees of the Property Casualty Insurers Association of America and RIMS, the risk management society, the report explores the risk professional’s perspective on the objectives and benefits of completing an Own Risk and Solvency Assessment (ORSA) and its potential value to the overall business.

“Risk management is cyclical in that practitioners must continuously review their programs and their internal and external environments to ensure effectiveness, sustainability and growth,” said RIMS CEO Mary Roth in a press release. “The committees have done a remarkable job exploring the Own Risk and Solvency Assessment, its forward-looking, ongoing nature, as well as its flexibility that maximizes its value to risk professionals in a broad range of industries.”

The PCI-RIMS contributing authors utilized their recent experience in response to a new insurance regulatory reporting requirement to describe how insurers have benefitted from completing this ORSA and how the corresponding ORSA Summary Report can be used by companies in any industry as an effective method for communicating the value of ERM, RIMS said in the release.

Section 1 of the summary report focuses on the description of the company’s ERM framework and covers such topics as risk culture and governance; risk identification and prioritization; risk appetite, tolerances and limits; risk management and controls; and risk reporting and communication. Section 2 quantifies the findings and forms the heart of the company’s risk analysis, documentation of risk management activities and accountability, and risk measurement. Section 3 contains the company’s own assessment of the adequacy of its capitalization in light of the risks articulated and assessed.

“The ORSA Summary Report is a great benefit that flows from the ORSA, particularly for companies that are in the developmental stages of building out their ERM framework,” the report said. The release added that putting ORSA together for the first time will often reveal: gaps where ERM processes have not been developed and installed; risk sources not yet identified and measured; established ERM processes where best practices are not being following; and opportunities to integrate ERM with other processes, such as business and financial planning, capital management, product design and launch, project management, corporate strategy and risk-based decision making.

Insurance regulators are also recognizing that ORSA contains information provided to a board of directors that may provide value for regulation. “Insurance companies have found that having this risk information in the ORSA has several advantages, two of which include illustrating the connections between risk identification and risk management, and between strategy development and risk appetite and tolerance,” the report said.

In terms of risk management practices, the report contains information on the ERM’s framework, related governance, business unit risk management activities, results of risk assessments and stress and scenario testing. “It’s important to ensure the content in these various sections are aligned,” the report said.

For example:

• Stress tests conducted and included in ORSA align to the risks identified in other sections of the report;
• Emerging risks discussed align to risks that are included in stress tests, especially the prospective solvency assessment and strategy development;
• The levels stress tested provide an evaluation of individual risk tolerances that the business has selected to manage each risk and/or the overarching enterprise risk appetite; and
• The prospective solvency assessment aligns to the company information and strategy sections of ORSA.

“Beyond the board and senior leadership, compiling risk information in a single report gives consistent and complete information to other internal stakeholders, including business units who may be affected by risks they do not own,” the report said. “In this way, the ORSA Summary Report is a tool that offers a holistic view of risk, greater transparency concerning risk management activities, and opportunities for more frequent discussions of risk topics.”

The report noted that “although not always well articulated or demonstrated, an outcome of effective enterprise risk management is for the entity to be able to rely on ERM to support decision-making and provide assurance in the entity’s ability to remain financially viable and create value. Insurers have found that the ‘requirement’ to perform more in-depth risk assessment and risk modeling to compare against the entity’s available capital to support the risks undertaken relating to strategy has helped further catapult the value of ERM both to internal and external stakeholders.”

Also intended for risk professionals from industry sectors beyond just insurance, the report presents an introduction and detail of the insurer’s experience, along with appropriate insight into the benefits of the ORSA process and outcomes to the organization, the release concluded.