With widespread acceptance that deficiency in risk management was a leading contributor to the credit crisis, these could be happy days for Enterprise Risk Management (ERM) and its advocates. With that new-found popularity will come accountability though; a request that ERM proves its real worth. Ascribing a quantifiable value to ERM may be difficult – but not impossible as Mike Nolan of KPMG’s Advisory practice explains.
As a concept, Enterprise Risk Management has now been with us for some time yet the concerns over how to quantify its effectiveness refuse to disappear.
Many people have become accustomed to judging ERM in qualitative, ‘softer’ terms. In this regard, it’s hard to argue against its effectiveness, resulting as it does in enhanced risk identification and prioritization, a common risk language, improved risk and controls optimization, better risk monitoring and reporting as well as contributing to strengthening risk governance and culture.
However, in today’s currently cost-obsessed environment, assessment against intangible KPIs is unlikely to satisfy those business leaders intent on gauging exactly what the return on investment is; what value their current — or proposed — ERM program generates.
As more companies consider implementing ERM as a way of avoiding the risk management failures which precipitated the current crisis, the good news is that I believe ERM is quantifiable.
Such quantification may not be easy; there’s no single formula and the results may not even be perfect — but surely this is preferable to the insistence that ERM can only be measured qualitatively. Such a reassurance might just convince a few more skeptics to head down the ERM route.
If you think about what ERM delivers, there are actually plenty of quantifiable outputs; decreased variability in financial results for example, as well as reduced hedging, insurance and capital costs. These equate directly to improved cash flow which, when coupled with a reduced discount rate (arising from reduced earnings volatility and an improved reputation within the investment community), results in enhanced company value. The metrics are there; it’s just a question of turning them into a final assessment which quantifies that all-important return on investment.
Let’s consider those metrics more closely, starting with capital costs first. With rating agencies paying increasing attention to companies’ ERM frameworks, deficiencies or over-performance in this area can be equated to a quantifiable impact on a company’s ability to access capital and on the cost of capital. Secondly, hard cost savings can be delivered by an ERM program which streamlines existing risk efforts and highlights redundant and inefficient risk activities (e.g. identification / assessment, aggregation and validation processes). Again, another quantifiable metric.
Insurance and hedging costs can be the most tangible cost elements in managing specific risks. ERM can help to optimize and reduce these costs by more clearly identifying underlying risk exposures, existing offsets and potential redundancies and inefficiencies.
Estimating earnings variability may be a complex task but can feasibly be undertaken both before and after ERM risk mitigation activities in order to demonstrate the impact and value of the ERM program.
Harder to quantify are the investment opportunities which can arise from ERM implementation but this does not mean the potential ‘up-side’ of ERM should simply be ignored. ERM enables companies to make smarter, proactive decisions, based on a better understanding of their current risk profile and their appetite for taking onboard more risk in pursuit of competitive advantage.
ERM is about optimizing risk in accordance with your risk tolerances and setting limits; not simply minimizing risk. Applying a risk lens and risk metrics to a business opportunity, in addition to the growth metric analysis, is likely to result in improved investment decisions. ERM can assist in identifying opportunistic areas of your business that would benefit from investment.
When thought of in these terms, the value of ERM looks far more quantifiable than has often been perceived. There is no simple formula for generating that final value but it should be an aggregate of performance in the areas mentioned above.
For too long, ERM has been considered solely in compliance terms, perceived similarly to existing internal audit, legal, environmental and finance compliance activities. Its presence was designed to assuage risk concerns from external stakeholders, directors and ratings agencies alike. It should now be seen in a more proactive light.
The credit crisis has refocused attention on to this area of business. ERM’s ‘standing’ in the risk world may have gone up but, with all expenditure now scrutinized down to the last dollar, it will have to properly prove its worth; something which it has traditionally struggled to do. Thankfully, it may not prove as difficult a task as some would have us believe.
— Mike Nolan is the Global Head of KPMG’s Risk & Compliance Service Group and a partner in the U.S. firm.
- The risk & compliance think tank