A-Team Insight Blogs

The Fallacy of Managing Big Risks: Why Enterprise Risk Management (ERM) Often Fails to Deliver to Boards and What to Do About It

Share article

By Andrew Smart, Head of Enterprise Risk Management at KRM22.

Anyone who has served on the executive team or board of a regulated capital markets firm will have at least a passing familiarity with Enterprise Risk Management (ERM). Many have probably experienced it first hand, perhaps sitting through a presentation of the firm’s latest ‘Top 20’ risks. The usual suspects will likely have included market, credit, liquidity, counterparty, technology, cyber, third party / outsource, people, and conduct risk.

Enterprise Risk Management is a holistic, integrated, portfolio approach to risk management that focuses on consistently managing risks, regardless of type across the enterprise. The purpose of Enterprise Risk Management is to improve the firms’ ability to deliver its objectives and sustainably create shareholder value. One of the key outputs from the ERM process is an integrated view of the firm’s overall risk profile and how it is changing overtime. Risk exposures are typically consolidated through a risk taxonomy or hierarchy, thus enabling the reporting of ‘the big risks’. (Figure 1)

Figure 1 – Typical view of risk management 

An often-overlooked benefit of ERM is its use as a framework to understand the relationships and interactions between risk types as well as individual risks within these categories. Viewing risks through an ERM lens also highlights how individual risks rarely fit within a single risk type, as shown in figure 2.

The real value of ERM is the generation of insights that are not possible to uncover within the traditional risk type silos. These insights are the drivers behind better risk management and business decision-making.

Figure 2 – Understanding the relationships and interactions within risk types

Therefore, ERM delivers two core capabilities:

  1. The ability to consolidate risk exposures through risk types to provide a holistic, enterprise view of risk
  2. The ability to understand the relationships and interactions between risk types and individual risks to generate powerful insights that support better-informed business decision-making

Firms that leverage ERM platforms often focus on the first of these core capabilities, i.e. ‘the big risks’, leading them to miss out on the benefits that can be derived from the holistic view of relationships between different risks.

Typically, this means that for many executive teams and boards the implementation of an ERM approach results in a series of colour-coded dashboards which identify their ‘big risks’, but fail to provide an in-depth analysis to enable them to ask the right questions, challenge the right topics and drive the right conversations for better strategic and operational decisions.

Too often, those risk dashboards present the consolidated and aggregated risk exposure for the ‘Top 20’ risks types as defined at one point in time and have since been reported on each month or quarter, failing to take the rapid evolution of the risk landscape into account. Insights into the firm’s real risk profile, including the dynamic interaction between risks and the possible emergence of future risks or control weaknesses, therefore get lost within these consolidated and aggregated risk exposures. Whilst providing a consolidated view is of some value, it rarely provides actionable insight, leading to ERM fatigue on the executive and board level.

To drive board engagement in the ERM process and deliver powerful business insights, firms need to ensure that their ERM processes and systems deliver on both core capabilities. By understanding these relationships between risks, firms can drive a more engaging conversation with their boards, generating more insightful analysis and efficient reporting.

The fallacy of ERM is that it is about managing the ‘big risks’; in fact, this is, or should be, just one part of an ERM programme.

An ERM programme should deliver two core capabilities:

  1. The ability to consolidate risk exposures through risk types to provide a holistic, enterprise view of risk
  2. The ability to understand the relationships and interactions between risk types and individual risks to generate powerful insights that support better-informed business decision-making

Importantly, when implementing an ERM programme, firms should never lose sight of its real purpose – to enhance the firms’ ability to deliver its objectives and create sustainable shareholder value.

Leave a comment

Your email address will not be published. Required fields are marked *

*

Related content

WEBINAR

Recorded Webinar: FRTB: Laying the groundwork for compliance

The January 2022 compliance deadline for sell-side firms within the scope of Fundamental Review of the Trading Book (FRTB) regulation may seem far into the future, but the complex demands of the regulation and the need to source regulatory data that has never previously been required mean firms should already be identifying tools, solutions and...

BLOG

LIBOR Change Requirements Mean Major Data Challenges for Financial Firms – Are You Ready?

With the London Interbank Offered Rate (LIBOR) ceasing to exist at midnight January 1, 2022, financial services firms around the world are faced with an enormous data management challenge. LIBOR, and the interest rate curves built off of it, are used within a wide variety of financial instruments and products, including derivatives, loans, and bonds....

GUIDE

RegTech Suppliers Guide 2019

Welcome to our brand new RegTech Suppliers Guide. This unique guide provides detailed data profiles on close to 100 suppliers in the RegTech world, offering you an unrivalled selection of solutions for your most pressing financial regulatory challenges. The aim of the A-Team’s RegTech Suppliers Guide is to steer you through this complex marketplace, offering...