Enterprise Risk Management needs to be part of day-to-day decision making
by Kylene Casanova
Enterprise Risk Management (ERM) is an organization-wide approach to the identification, assessment, measurement communication and management of risk which focuses on risks to the existence, strategy or business model of an organisation or group. ERM programmes are now essential due to heightened regulatory expectations, increased scrutiny and board and management attention, but there are many examples of how ERM has failed abysmally.
At the Association of Finance Professionals Annual Conference in Washington DC last November, in a talk entitled ‘ERM: Moving From Concept To Implementation’, Edmund Green a Managing Director at KPMG explained that the guiding principles in effective ERM programmes are to:
- understand the company’s or group’s strategy and key business drivers
- assess risks to strategy and the links to risk appetite
- engage the board and committees actively, including meeting their information needs, e.g. what are the 10-15 top risks and who “owns” the response?
- periodically assess the adequacy of risk management processes, systems and resources
- embed and integrate risk into the ongoing management process, including emerging risks.
ERM at AmeriHealth Caritas
Richard Scanlon, Vice President ERM, AmeriHealth Caritas - one of the top 10 Medicaid managed care organizations in the USA - explained in his talk how, over the last 18 months, he had introduced an ERM programme throughout the group. The first requirement was for improved information for decision making to cope with the new and complex pressures AmeriHeatlh was facing, including:
Source & Copyright©2015 - AmeriHealth
The objectives for their ERM programme were to:
- reduce potential exposure
- create an integrated approach to risk management
- standardize risk monitoring and reporting
- promote a risk-aware culture.
A vital feature in AmeriHealth Caritas’s ERM programme was how the compliance and risk management programme reported direct to the Chairman and CEO, as this chart shows:
Source & Copyright©2015 - AmeriHealth Caritas
Scanlon explained he had started with formalizing a framework for ERM, before moving on to execution and integration, as chart below shows:
Source & Copyright©2015 - AmeriHealth Caritas
Probably the biggest achievement of the AmeriHealth Caritas ERM programme is that it is has been integrated into day-to-day decision making in the group as the table below shows:
Source & Copyright©2015 - AmeriHealth
CTMfile take: In today’s regulated environment ERM programmes are becoming vital, but until ERM programmes are integrated into the day-to-day decision making in the company or group they have little impact. This is the real test of an ERM programme. Another vital feature, the superb AmeriHealth Caritas case study demonstrates, is that the ERM programme manager and their team need to have a direct reporting line to CEO/Chairman. Although AFP and their members argue, see, that corporate treasurers are best placed to head ERM programmes, this doesn’t really matter as long as the ERM programme becomes part of day-to-day decision making and the reporting line is to the CEO/chairman.
Like this item? Get our Weekly Update newsletter. Subscribe today