September 15, 2014
ITL Introduces a Channel for ERM
Traditional risk management is important, but companies need to broaden their thinking and include risks that are not insurable (e.g. financial and strategic).
With the traction that InsuranceThoughtLeadership.com (ITL) is now seeing in the marketplace, a consensus developed among the principals that it was time for the addition of a new channel of expertise to further flesh out the rapidly evolving practice of risk management and help influence its course and impact on the success of organizations.
This description of risk management’s potential is resonating more and more with both practitioners and senior leaders, including board members. Yet risk management is morphing under several different rubrics, including enterprise risk management (ERM), strategic risk management (SRM), governance, risk and compliance (GRC) and older terms like holistic or integrated risk management that do not seem to have gained much traction. Confusion is increasing among practitioners and leaders as the semantics shift. For various reasons, some good and some not so good, the emphasis on risk management is shifting, as well.
One could easily argue that names and acronyms shouldn’t matter, but they do, if only to gain recognition and acceptance for the discipline among a remaining, and not insignificant, group of observers. There are meaningful differences between ERM, SRM and GRC that relate to the focal point of each practice. In addition, there are practitioners who use these terms/acronyms in different ways.
I might, as I often do, like to say that it’s all just “risk management” or at least should have been had we not pursued these tangential efforts that have not served a portion of the user community well. You might note the irony in this statement because my reputed expertise is in ERM, for which I have had direct connections as a practitioner and consultant, as an author and as simply an advocate for a more robust approach to managing risk for over 13 years. Nevertheless, for the more astute, these nuances in risk management have often been beneficial. They have allowed advanced practitioners to evolve their profession further by narrowing their focus to the more material and significant aspects of the discipline, as they relate to their specific environment, culture and situation.
Well, don’t be. But realize that a key pillar of great risk management is doing it in a way that is most germane to your organization and its needs and priorities. Customization is the order of the day for managing risk well. That means that, while some organizations may want to deploy a comprehensive approach, others will want to pick and choose those components that are meaningful and will have the most impact. Customization also means that certain risk stakeholders will have greater stakes in the outcomes than others. Each organization’s risk stakeholder group will be unique in its make-up, and this drives other aspects of customization that enable alignment among all players.
But the key question now for this launch of a new topic channel for ITL is how it fits into the ITL “conversation” strategy, which is focused on driving change in the broader insurance industry space. We have decided to take the “risk management” channel that has existed since the beginning and rename it as ERM.
Risk management, since the inception of its use as a term of art, has overwhelmingly meant the management of hazardous or insurable risks; strictly construed — a subset of operational risk. Traditional risk management is no doubt an important discipline in its own right, but companies need to broaden their thinking and include risks that are not insurable (e.g. financial and strategic). I love to say, “Enterprise risk management is what risk management should have always been.” So while we will always need what I consider “traditional” risk management to address insurable risks, an enterprise-wide approach to managing risks must ultimately be employed, regardless of the label or name given to the activity. This will improve the chances of survival in an increasingly challenging world and ultimately success – even if it comes at the expense of those who ignore this truth.
Regardless of the choices people make, what really matters is managing risk with excellence and ensuring that, no matter who is involved, all significant risks are addressed. Why? Because effective risk management is directly tied to organizational success. I like to say, “A risk is not a risk unless it either threatens or facilitates an objective.” If this foundational principle is true (and why would I lie?), then the effective management of all significant risks must become a mandate for leadership and a top priority for the board.
We can say this has always been a truism for organizations, but evidence suggests otherwise. The landscape is littered with extinct companies that failed in this regard. And while it is true that effective risk management is simply a part of good management, so are many other components that fail regularly.
So the question then becomes, how will businesses achieve this fundamental (though lofty for some) goal to increase the chances of both short- and long-term success? Answering that question is what this ITL channel will make its mission. We will do so by providing you content from some of the best ERM thought leaders and successful practitioners who have achieved or are well on their way to achieving this goal. To that end, I am happy to introduce today, the first group of contributors who will work with me to bring you the best new ideas in ERM, including tools, advice for avoiding pitfalls, techniques, strategies, tactics and success stories. This group will include:
- Russell McGuire, director of ERM/GRC practice, Riskonnect (U.S.)
- Grace Crickett, senior vice president and chief risk officer, AAA of Northern California, Nevada and Utah (U.S.)
- Marc Dominus, ERM practice leader, Crowe Horwath (U.S.)
- Dave Ingram, executive vice president, Willis Re (formerly S&P’s ERM leader) (U.S.)
- Donna Galer, chief administrative officer, Zurich (retired) (U.S.)
- Rick Machold, chief audit executive, Total Systems Services (U.S.)
- Mark Stephens, managing director, Milliman Risk Advisory Services (U.S.)
- Peador Duffy, chairman, Risk Management International (UK)
- Horst Simon, director, risk management, Horwath MAK, (Dubai)
- Gary Bierc, CEO and founder of rPM3 Solutions (U.S.)
- Norman Marks, vice president and chief audit executive, SAP,(retired) (U.S.)
While you may not know all of these names, I assure you they are big thinkers, have accomplished much and will stimulate new thinking for this discipline and help you, our readers, reach new heights of ERM success.
So, stay tuned and come back frequently. What you’ll see here will always be fresh and insightful.
Marc is the enterprise risk management (ERM) solution leader for Crowe. His responsibilities include coordinating the design and delivery of Crowe’s ERM services and directing innovation initiatives in this area. His experience includes more than 20 years of providing risk management consulting services. Marc’s areas of expertise include ERM framework specification and implementation, enterprise risk assessment (ERA), professional training, executive strategic workshop facilitation, risk culture enablement and change management. He has performed consulting engagements and delivered training programs for significant and complex private and government organizations for major corporate and public entities across the world. He frequently writes, presents and delivers professional training on topics related to ERM.
Donna is a consultant, author and lecturer. Her top-selling book, Enterprise Risk Management – Straight to the Point, with co-author Al Decker, was published in 2013.
She served as the chairwoman of the Spencer Educational Foundation from 2006-2010, following retirement from Zurich Insurance. This foundation awards scholarships to students studying risk management and insurance. She held a number of positions in her 17 years at Zurich from 1989 to 2006. Her last position at the company was chief administrative officer for Zurich’s world-wide general insurance business ($36 billion gross written premium, or GWP), with responsibility for strategic planning among other areas.
She began her insurance career at Crum & Forster Insurance after a brief time at JPMorgan Chase (Chase Manhattan).
She has served on numerous industry and academic boards, published many articles on ERM and strategy and was named among the Top 100 Insurance Women by Business Insurance in 2000.
Horst is the director of risk management at Horwath MAK (a member firm of Crowe Horwath International) in the Dubai International Financial Centre. He has held positions with Mashreq Bank, Emirates NBD, Barclays Bank and Standard Bank Group of South-Africa. He has lived in four countries and worked in more than 20.
He worked as an associate with a number of renowned global firms in banking, professional services, training and business process outsourcing and has been in the banking and consulting industries for more than 34 years. Supported by the UK-based consultancy Genius Methods, he developed and launched the risk culture maturity monitor, an online tool that accurately measures the level of maturity of an organization’s risk culture.
His special interest is in the field of people risk, and he is a regular speaker at international conferences, a trainer in operational risk and enterprise risk culture in the Middle East, Asia and Africa and a blogger on www.Zawya.com.
He supported the capacity building program of the Macroeconomic and Financial Management Institute of Eastern and Southern Africa (MEFMI); he is the co-regional director of the Global Association of Risk Professionals (GARP), Dubai, UAE chapter, and a member of the Professional Risk Managers‘ International Association (PRMIA).
Grace’s career has been diverse, involving a variety of industries, ranging from equipment rental to healthcare and from not-for-profit to a Fortune 500, covering the U.S., Canada, Mexico and Singapore. The scope of her work has included self-administration of claims, safety and loss prevention, internal audit, benefits administration, continuity planning, emergency management, captive management and IT and physical security. As senior vice president of risk services and chief risk and compliance officer with AAA NCNU, she is charged with implementing ERM with her compliance, risk management and internal audit team.
Grace was chosen in 2011 as one of Business Insurance’s Women to Watch. Grace was also selected by Business Insurance magazine for its 2011 Risk Management Honor Roll. Also in 2011, Treasury and Risk magazine named Grace as one of the “100 Most Influential People in Finance.” She received the Information Security Executive (ISE) of the Decade Award in 2012 and West and North America Awards in 2011. She is actively engaged with various professional organizations, including RIMS, as a member of the ERM committee and president of the Golden Gate Chapter.
As founder and chairman of Risk Management International (RMI), a successful and growing risk management practice for the past 20 years, Peador has been at the leading edge of risk professionalism and assisting companies to manage strategic risks to their business model. A former officer with the Irish Defence Forces, he has taken first-hand military experience to the boardroom in helping businesses develop superior risk analysis and in conducting crisis scenarios with senior management teams in major corporations and businesses of critical national interest. He provides thought leadership and a pragmatic approach as a strategic overlay to risk traditionalists and has seen risk management grow from board room buy-in, as a compliance imperative, to board room traction as a competitive countermeasure after the global financial crisis.
Dave is a member of Willis Re’s analytics team based in New York, offering insurers a practical way to use ERM to identify specific actions and strategies that will enhance the risk-adjusted value of the firm. He assists clients with developing their first ORSA, presenting their ERM programs to rating agencies, developing and enhancing ERM programs and developing and using economic capital models.
In 2012, Dave was named one of the 100 most influential people in finance by Treasury and Risk Magazine.
With more than 30 years of actuarial and general management experience in the insurance industry, Dave has served as corporate actuary, business unit head and planning officer for a major U.S. insurance company. He was previously the senior director, ERM, in the insurance ratings group of Standard & Poor’s (S&P). In that position, he spearheaded the initiative to incorporate ERM as one of the primary insurance ratings criteria and the development of the framework for reviewing economic capital models. He also was a consulting actuary providing advice on risk management and risk analysis to banks, investors and insurers with Milliman.
In addition to writing some 100 published articles relating to ERM, Dave has spoken on ERM at more than 100 events in North America, Asia, Europe, Middle East, Africa, Australia and South America. He was the first chair of the 2,500-member Joint SOA/CAS/CIA Risk Management Section. Dave is now the chair of the International Actuarial Association’s enterprise and financial risks committee and chair of the Actuarial Standards Board ERM committee.
Dave is a graduate of Lehigh University and has an enterprise risk analyst charter from the SOA, financial risk manager certification from GARP and professional risk manager certification from the PRMIA.
Rick has more than 28 years experience across multiple industries and disciplines, including business risk management, process design and improvement, change facilitation, forensic accounting and strategic planning. He was most recently head of enterprise risk at Invesco and had global responsibility for the company’s enterprise risk management efforts. As administrative coordinator and member of Invesco’s corporate risk management committee, he oversaw the continuing development of the company’s ERM framework, tools and practices.
His background is primarily in management consulting and public accounting, having served as a partner in PricewaterhouseCoopers global risk management solutions practice in both St. Louis and Atlanta. His clients have included the Centers for Disease Control and Prevention (CDC), the New York Yankees Partnership, Wyeth-Ayerst, Ryder System, Dell and many others. For several years before joining Invesco in January 2007, Rick was an independent consultant in enterprise risk management to First Data, based in Denver. He subsequently served as senior vice president and chief risk officer for Certegy, a transaction processing provider based in Atlanta.
Rick serves on the board of City of Refuge in downtown Atlanta and is an active member of the Institute of Internal Auditors and the Risk Management Research Council. He is a frequent speaker on enterprise risk management and has written several articles on enterprise risk management and internal control. Rick is a regular guest lecturer on ERM for the University of Georgia’s EMBA program and most recently for Kennesaw State University.
Mark manages the Milliman Risk Advisory Services practice group. The practice delivers a portfolio of risk consulting services, such as enterprise risk design, test and build projects, operational risk assessments, ERM education and training and ERM technology evaluation. The ERM practice uses diagnostic consulting strategies to understand an organization’s enterprise risk goals and challenges and then customizes solutions to deliver required business results.
In addition, Mark is the executive director of the Milliman Risk Institute, which supports enterprise risk management research and development. The Milliman Risk Institute advisory board meets on a semi-annual basis and conducts corporate surveys and publishes the results along with expert commentary.
Mark began his career as a risk management consultant for Federated Mutual and later became managing director for Aon Risk Services. While at Aon, Mark designed and managed Aon Value Exchange, which provided pricing and margin guidance for broker products and services.
In addition, Mark managed the Aon Global eSolutions Group, which developed risk analytics software for multinational clients to assist with enterprise risk, claims management, exposure management and policy management. Mark served on the management teams for Aon’s enterprise risk practice council, the financial institutions practice group and the ARS-US national service board. Mark also led national and international change-management teams for risk software integration and for margin improvement. Finally, Mark was CEO of Aon RiskLabs and led the M&A team for Aon’s acquisition of Risk Laboratories and Valley Oak Systems.
In 2007, Mark founded Strategic Risk Partners, where he designed industry-leading best practices for enterprise risk management and operational risk management. In addition, he developed unique online software platforms for collaboration around governance, risk and compliance, ERM and operational risk
At Riskonnect, Russell is director of ERM Services and in charge of development and implementation of solutions for ERM, including design of GRC software. He consults with clients on the establishment of an effective, sustainable ERM framework supported by the necessary technology to ensure success.
Gary founded and is CEO of rPM3 Solutions, a software and services firm specializing in the practical application of “cost of risk” in an ERM context. rPM3’s ARQ Technology software creates powerful outputs and analysis around the cost of risk, which exposes important links between risk and performance. This unique software delivers a patented method to make the process of identification and quantification easy and repeatable for any business or enterprise.
Norman has spent more than a decade as a chief audit executive for major companies, with as much as $28 billion in revenue. He has implemented isk management, ethics programs and disclosure processes at multiple organizations and is a recognized thought leader in the professions of internal auditing and risk management.
A frequent speaker and writer on governance, risk and controls, he is the author of the popular book from the Institute of Internal Auditors’ on Sarbanes-Oxley Section 404 and of the IIA’s GAIT family of guidance products.
Norman has built or repaired internal audit functions to standards that are recognized as world class by management, audit committee members, service providers, CPA firms, peer CAEs and other internal audit leaders.