Canadian Underwriter

Complexity, speed of change of emerging risk exposures placing greater attention on effectiveness of ERM strategies, new report says

January 9, 2017   by Canadian Underwriter

Print this page Share

The complexity and speed of change of emerging risk exposures are placing greater attention on the effectiveness of enterprise risk management (ERM) strategies across all industry sectors, according to a newly released report.

Businessman pointing at risk management concept on screenThe report, titled Communicating the Value of Enterprise Risk Management – The Benefits of Developing an Own Risk and Solvency Assessment Report, was released on Monday. Developed by members of a joint project team representing the ERM Committees of the Property Casualty Insurers Association of America and RIMS, the risk management society, the report explores the risk professional’s perspective on the objectives and benefits of completing an Own Risk and Solvency Assessment (ORSA) and its potential value to the overall business.

“Risk management is cyclical in that practitioners must continuously review their programs and their internal and external environments to ensure effectiveness, sustainability and growth,” said RIMS CEO Mary Roth in a press release. “The committees have done a remarkable job exploring the Own Risk and Solvency Assessment, its forward-looking, ongoing nature, as well as its flexibility that maximizes its value to risk professionals in a broad range of industries.”

The PCI-RIMS contributing authors utilized their recent experience in response to a new insurance regulatory reporting requirement to describe how insurers have benefitted from completing this ORSA and how the corresponding ORSA Summary Report can be used by companies in any industry as an effective method for communicating the value of ERM, RIMS said in the release.

Section 1 of the summary report focuses on the description of the company’s ERM framework and covers such topics as risk culture and governance; risk identification and prioritization; risk appetite, tolerances and limits; risk management and controls; and risk reporting and communication. Section 2 quantifies the findings and forms the heart of the company’s risk analysis, documentation of risk management activities and accountability, and risk measurement. Section 3 contains the company’s own assessment of the adequacy of its capitalization in light of the risks articulated and assessed.

“The ORSA Summary Report is a great benefit that flows from the ORSA, particularly for companies that are in the developmental stages of building out their ERM framework,” the report said. The release added that putting ORSA together for the first time will often reveal: gaps where ERM processes have not been developed and installed; risk sources not yet identified and measured; established ERM processes where best practices are not being following; and opportunities to integrate ERM with other processes, such as business and financial planning, capital management, product design and launch, project management, corporate strategy and risk-based decision making.

Insurance regulators are also recognizing that ORSA contains information provided to a board of directors that may provide value for regulation. “Insurance companies have found that having this risk information in the ORSA has several advantages, two of which include illustrating the connections between risk identification and risk management, and between strategy development and risk appetite and tolerance,” the report said.

In terms of risk management practices, the report contains information on the ERM’s framework, related governance, business unit risk management activities, results of risk assessments and stress and scenario testing. “It’s important to ensure the content in these various sections are aligned,” the report said.

For example:

  • Stress tests conducted and included in ORSA align to the risks identified in other sections of the report;
  • Emerging risks discussed align to risks that are included in stress tests, especially the prospective solvency assessment and strategy development;
  • The levels stress tested provide an evaluation of individual risk tolerances that the business has selected to manage each risk and/or the overarching enterprise risk appetite; and
  • The prospective solvency assessment aligns to the company information and strategy sections of ORSA.

“Beyond the board and senior leadership, compiling risk information in a single report gives consistent and complete information to other internal stakeholders, including business units who may be affected by risks they do not own,” the report said. “In this way, the ORSA Summary Report is a tool that offers a holistic view of risk, greater transparency concerning risk management activities, and opportunities for more frequent discussions of risk topics.”

The report noted that “although not always well articulated or demonstrated, an outcome of effective enterprise risk management is for the entity to be able to rely on ERM to support decision-making and provide assurance in the entity’s ability to remain financially viable and create value. Insurers have found that the ‘requirement’ to perform more in-depth risk assessment and risk modeling to compare against the entity’s available capital to support the risks undertaken relating to strategy has helped further catapult the value of ERM both to internal and external stakeholders.”

Also intended for risk professionals from industry sectors beyond just insurance, the report presents an introduction and detail of the insurer’s experience, along with appropriate insight into the benefits of the ORSA process and outcomes to the organization, the release concluded.

Print this page Share

1 Comment » for Complexity, speed of change of emerging risk exposures placing greater attention on effectiveness of ERM strategies, new report says
  1. Risk management must be dynamic to achieve success and build value. It serves no purpose to just do a risk profile, evaluate the associated controls in terms of design and effectiveness and then claim to have a risk management process.

    Internal and external changes are the biggest drivers for re-assessment of risk and the pace and intensity of change is not slowing down. Your carefully “workshopped” risk profile could be out of date at the end of the next business day.

    We have lived with risk profiling as a result of the impact (severity) x likelihood (frequency) and we have completely missed the other two dimensions of risk profiling. Looking at risk in these two dimensions, as we have done for years; give us a risk profile that is a snapshot in time and on its own it is not of great value. It is at most a subjective quantification at that point in time. Many companies can produce these in a flash, but do they practice risk management?

    We have to look at risk profiling in four dimensions to practice risk management. We need to add direction and speed to these snapshots to really drive value. We need to compare all these snapshots over a period of time to see in which direction risks are moving and at what speed they are moving; that is when the value is added, moving away from just profiling to predicting—one step closer to forward-looking risk management.

    This is also when things become a bit more complicated; the past is not always a roadmap to the future and with the pace and intensity of change ever increasing, we can safely say that the past can no longer predict the future.

    So now that you are changing to 4-Dimensional Predictive Risk Profiling, keep in mind that many internal and external factors will influence the speed and direction and these would also need to be incorporated in your outcomes and action plans.

    Welcome to the TRANSFORMATION of risk management!

Have your say:

Your email address will not be published. Required fields are marked *