Enterprise Risk Management (ERM) More Important Than Ever
Recently StoneRiver conducted an online survey which asked respondents about their company’s Enterprise Risk Management (ERM) process. Half of the respondents said they have an ERM process, but of those, 23% said it isn’t a formal process with reporting. Another 12% indicated they currently did not have a formal ERM process, but were developing one, 24% indicated their company did not have an ERM process and 15% of the respondents indicated they didn’t know.
ERM is not a new concept and in fact, is probably viewed by some companies as having been “talked to death.” Why post more on ERM? Regulators are paying more attention to the concepts of ERM, and as they start to more fully understand those concepts, new regulatory tools utilizing ERM are being developed and implemented. Risk-focused examinations and Risk-Based Capital are already in place. ORSA (Own Risk Solvency Assessment) is being developed for implementation soon.
The StoneRiver survey seems to indicate that many companies need more information concerning the importance of ERM and its various processes. A search of the web brings up a confusingly long list to choose from. One good source of information is Invotex’s latest article, entitled A Look at COSO’s New ERM Implementation Guidance on Enhancing Board Oversight: Avoiding Judgment Traps and Biases. There are several excellent articles on ERM available on their website through their Insurance Perspectives newsletter. (Look in their archives, which contain articles back through 2009.) Please note that some of their articles do emphasize a GAAP perspective, but are still valuable as a tool to understanding the importance of ERM from a regulatory point of view.
There are several developing regulatory areas that will continue to emphasize the importance of ERM, including more implementation of principles-based processes. The NAIC continues to move forward by announcing plans to develop and offer an ERM education program for state insurance department staff. Industry should not be left behind and needs to rapidly, but decisively establish enterprise risk management programs. After all, how can an insurer profess to be capable of helping policyholders manage their risk if the insurer does not have a risk plan of their own?