Tag Archives: Carol Fox

Immediate Vault Immediate Access

Strong ERM Gives Companies Higher Market Value

Posted on by

A new study, “The Valuation Implications of Enterprise Risk Management Maturity,” released by the Journal of Risk and Insurance, has found that organizations exhibiting mature risk management practices realize a value growth potential of up to 25%.

The survey is the first wholly independent research project that confirms the value connection of mature enterprise risk management practices in organizations.

Using data from the RIMS Risk Maturity Model (RMM) gathered from 2006 to 2011, Mark Farrell, the paper’s author and the actuarial science and risk management program director at Queens University Management School of Belfast (QUMS) and Dr. Ronan Gallagher of the University of Edinburgh Business School, provided evidence through this research that firms that have reached mature levels of enterprise risk management qualities exhibit a higher firm value.

online pharmacy trazodone with best prices today in the USA

 The broad data set encompassed publicly-traded organizations from a variety of industries. Nearly half the data tabulated by the researchers were submitted by RIMS members.

online pharmacy addyi with best prices today in the USA

The study’s authors reported that “firms that have successfully integrated the ERM process into both their strategic activities and everyday practices display superior ability in uncovering risk dependencies and relationships across the entire enterprise and as a consequence enhanced value when undertaking the ERM maturity journey.”

The authors added, “Upon decomposition of the maturity score, we find that the most important aspects of ERM from a valuation perspective relate to the level of top-down executive engagement and the resultant cascade of ERM culture throughout the firm.”

The RIMS Risk Maturity Model for Enterprise Risk Management (RIMS RMM), was developed in 2005 by risk professionals and LogicManager, and is a free assessment tool for risk professionals and executives to develop and improve sustainable enterprise risk management programs. This online resource allows organizations to score their risk programs and receive an immediate downloadable report.

online pharmacy flagyl with best prices today in the USA

The report provides information not only on current maturity levels, but offers ideas on what it may take to achieve a higher level of maturity in each of seven attributes.

“One of the biggest challenges in implementing an enterprise risk management program is articulating the value that it brings,” said Carol Fox, RIMS director of strategic and enterprise practice. “This research makes that value link quite clear. Although the study necessarily focused on publicly traded companies, the value proposition of enterprise risk management applies to not-for-profits and the public sector as well. In highlighting this research, we hope that more organizations will take advantage of the RIMS Risk Maturity Model to improve their risk practices and, in turn, create additional enterprise value.”

Steven Minsky, CEO of LogicManager and developer of the RIMS Risk Maturity Mode noted, “Boards and ERM committees now have an actionable internal road map and a corresponding return on investment measure to improve their enterprise risk management maturity from whatever level they are at today.”

Why Risk Management Should Collaborate With Internal Audit

Posted on by

Risk management and internal audit should work together. That’s according to a joint report between RIMS and the Institue of Internal Auditors released last week. “The two disciplines are more effective working together than separately, especially when there is a common understanding of each other’s roles,” said Carol Fox, director of RIMS’ strategic and enterprise risk practice. She noted that internal audit’s role helps inform top executives about the companies’ strategic risks while risk management function helps leadership use the proper techniques and methods to assess all the possible outcomes of different strategic paths.

In short, internal audit sees everything that is going on within a company. And risk management can take that knowledge and ensure that all contingencies can be properly understood.

During a panel session at RIMS 2012 Conference & Exhibition on enhancing the value of risk management, Diane Askwyth a risk manager at Harrah’s Entertainment, echoed these sentiments and expanded on how risk managers can partner with their colleagues in internal audit. “You have to look at internal audit as another pair of eyes for you,” said Askwyth. “It’s a very powerful resource if you can get that in your corner.”

In fact, more than just serving as an additional resource, that partnership can greatly enhance your standing in a company. Because if risk management isn’t using the knowledge that audit has, audit will be. And that will mean that the risk management department’s standing will be lowered by comparison.

“The group that knows the most about what’s going on in the entire organization on a very granular level is internal audit,” said Askwyth. “And from that perspective, they have a big advantage over us. So they can either be your enemy or they can be your best friend. It’s your job to make them your best friend — or else they’ll slit your throat.”

Kristina Narvaez of ERM Strategies, LLC  has some advice. She says there are three “Cs” that should govern risk management’s relationship with internal audit. “You can complement and collaborate but you don’t compete against each other,” she said.

RIMS ERM Conference: A Q&A on the Future of ERM

Posted on by

What does the future hold for enterprise risk management? That’s exactly what a panel Q&A session touched on during the recent RIMS ERM Conference. Carol Fox, director of strategic and enterprise risk practice for RIMS, moderated the discussion between attendees and:

  • Ryan Egerdahl, risk manager at Bonneville Power
  • Mary Gardner, chief risk officer at Zurich North America
  • Rob Torok, risk management consultant with IBM Global Services

To kick off the discussion, Fox asked the panelists what the biggest changes in ERM were within the last 10 years?

Mary: A really big issue is going to be risk based capital. Where do we require it and where are we going to reduce our investment so we can write insurance in growing areas of the world. We want to reduce our risk so we can free up our risk capital so we can go into growing areas such as BRIC nations.

Question: Have you spent much time talking aobut enterprise content management, like records management, which I’m hearing more and more about?

Rob: One of the things we’re rigorous about is information security, with both internal data and the data that belongs to our customers and our clients. We have an enourmous amount of customer data. Because of that, there are an enourmous amount of controls IBM has put into place.

Mary: It’s an emerging risk. In fact, On October 13th the SEC indicated that all companies will be required to provide information on past breaches and what they might expect in future breaches and what impact that may have on their financial statement. That’s scary and we need to figure out what that means. It’s something to definitely consider.

Question: Having a risk taxonomy — is that effective? Does it help you manage risks? By separating them into various categories?

Mary: I would say yes. We identify risks in each business division and analyze them. It’s kind of a top down, bottom up approach. We look at the different kinds of inputs. We also use that to determine systemic risks and see where we have risks concentrated in one particular area or business.

Rob: An organization must have a standard risk taxonomy. Everybody in the organization must look at those risks and talk about how those risks affect each particular business unit. We’ve developed a template of about 150 risks. That template is a fine starting point, but don’t use IBM’s or any other company’s template — it won’t apply to you.

A client gave me a list of 504 risks and asked me to comment on it. The reason they had 504 risks was because many risks were repeated in each business unit and geography. This is because they never had a standard taxonomy. That list could’ve dropped by 40 or 50% easily if they had a standard language or taxonomy.

Mary: Companies need to think of their standard taxonomy as a living document.

Question: What do you do to help identify emerging risks?

Ryan: I’m less concerned about the unknowables. i’m concentrating on the big risks facing us now. we have enough to worry about right now in our business alone.

Rob: I haven’t got a clue what that next risk is, but allow yourself to think broadly about it.Ddon’t close your eyes to things. Don’t shoot down ideas of someone who says “hey, what about this or what about that?”

Mary: Keep it simple. We can make this ERM process so complicated sometimes. Maybe if we just get back to basics it would be much better.

Ryan: If you’re just starting the ERM journey, don’t rush into the GRC software immediately — wait until you’re mature enough in the process to get there.

Mary: Get out of the box. There are  a lot of conversations that may spur thoughts. Talking to risk managers in other industries may spark ideas.

Rob: What about your business and social network? What are they worried about? I’m not talking about things that have already occurred, but what has not happened yet in their enterprises. Use that information to help you think about risks in your own enterprise.

 

The World Is Becoming a Riskier Place — But That Isn’t Always a Bad Thing for Companies

Posted on by

That the world is getting riskier should be pretty obvious to anyone who has been paying attention since 9/11 kicked off a horrible decade that included Enron, Katrina, the Great Recession, the Gulf oil spill and whatever it is that is going on right now in Washington, London, Southern Europe and on Wall Street.

Nevertheless, Property Casualty 360 has asked 36 risk professionals to answer the question: “Is the World Becoming a Riskier or Safer Place?”

I haven’t read all of the responses yet, but I have talked with most of these people in the past so I presume the consensus agrees that the world is riskier now than ever before. (In a business sense anyway. Indeed, the MAD threat during of the Cold War era was pretty … umm … risky back then. Black Death was also a little scarier than anything I can think of.)

Carol Fox of RIMS had a good take on the question, which (not surprisingly given her role here at RIMS, which, if you didn’t know, is the organization that pays my salary) shows a more nuanced outlook that notes the strategic advantages that risks can provide.

There is much more uncertainty given the complexity and speed of change in today’s world than was the case 50, or even 20, years ago.

The key is to understand that risk isn’t only to be avoided or mitigated. Risks are to be understood in light of an organization’s objectives for their relevance, importance and certainty so that the known risks that can “improve our position” can be exploited, and those that can “worsen our position” can be managed. Those risks that are most uncertain, whether known or unknown, become the basis for scenario planning, so that the organization can consider them in light of its overall strategy, as well as its future resilience and sustainability planning.

As is too often forgotten, without risk, there would be not opportunity. If producing oil and distributing gasoline were risk-free endeavors, every company would be Exxon. If investing in the creation of revolutionary technology to leverage the death of non-digital music carried no downside, every company would be Apple.

Risk isn’t always bad for companies.

Head over to PC360 for the other 35 responses.