The ERM Current™

A leading risk management expert and chief risk officer at a major U.S. financial institution offered his insight on risk management practices last week in the Columbus Business First Journal.  His views are candid and becoming more common as the dust begins to settle from the recent financial crisis.  Here is what he had to say.

Kevin Blakely, senior executive vice president of Huntington Bancshares Inc. in Columbus and its chief risk officer said years ago, things were relatively simple. “Most of our risk was centered in credit risk – lending to individuals and companies, and gauging our ability to get that money back,” he said. Until this past summer, Blakely had been president of the Philadelphia-based Risk Management Association. But as companies got bigger and financial products got more complex, financial institutions developed mathematical models to measure risk. They worked well, he said, but by the mid-1990s banks were depending on them too much. “We began to view them as the answer, rather than as one more input before you get to the answer,” Blakely said. “That was one of the rude lessons we learned over the last couple of years. As an industry, we weren’t as smart in the business of risk management as we thought we were.”

The false sense of security placed in risk management was certainly a rude lesson for many companies as they focused on quantitative models that told them what they wanted to believe.  A balanced view of both quantitative and qualitative factors is critical to an effective enterprise risk management program.

Yesterday, JP Morgan Chase CEO Jamie Dimon shared his views on the financial crisis with Charlie Rose at the Securities Industry and Financial Markets Association annual meeting in New York.  In the interview, Mr. Dimon reflected on risk management approaches taken by many financial institutions leading up to the crisis.  He stated, “You should never rely solely on VaR, Basel I or Basel II for risk management practices.  If you did, it was a mistake.”   He went on to explain that sound risk management practices require both quantitative analysis and management judgment to be effective.  He also noted that there are legitimate failures in the application of the Basel II Capital Accord that left many institutions with insufficient capital positions.   His full remarks can be viewed in the video web link below.

Jamie Dimon speaks with Charlie Rose at SIFMA Annual Meeting

Yesterday, an article by FinCriAdvisor highlighted how regulators are stepping-up their reviews of enterprise risk management (“ERM”) programs at both large and small financial institutions.  As they have been calling for stronger enterprise risk management practices, regulators have also been working on new ERM guidance that banks will need to follow in the future.  Here is a portion of what was reported.

Regulators have begun to focus more heavily on the way banks handle risk assessment, urging in recent testimony and regulatory updates – as well as in examinations – that institutions move toward an “enterprise risk management” model.  ”There is an increasing interest with the regulators, no doubt, and a lot of risk management guidance in the works,” adds Bernard Mason, regulatory relations liaison with the Risk Management Association (RMA) in Washington, D.C. He cites new commercial real estate credit concentration rules that lean heavily on risk management, pending rules on liquidity risk management that would tie U.S. guidelines with those of COSO and Basel, and new September guidance on correspondent risk management.  ”Clearly, regulators are asking banks to identify risk appetite,” agrees Mark Zmiewski, head of research at the RMA in Philadelphia. “That reaches a higher level of importance today under governance issues.” This includes the role of the board in establishing the bank’s risk appetite (the amount of risk it is willing to accept to increase earnings), how well-versed senior management is in carrying out that plan, and how well risk is measured and monitored, he says.

Is your company prepared for the greater ERM scrutiny?  If not, Wheelhouse Advisors can provide cost-effective solutions.  Visit www.WheelhouseAdvisors.com to learn more.

This week, a report was published by the Senior Supervisors Group (“SSG”) regarding risk management lessons learned from the 2008 financial crisis.  For those who do not know, the SSG is a group of central regulatory agencies from seven nations including the United States.  The report highlights the following deficiencies in risk management practices at major corporations across the globe.

Some of the highlighted areas of greatest need, such as board and management oversight, articulation of risk appetite, and compensation practices, are potentially a result of the aforementioned imbalance between the stature and resources allocated to firms’ revenue-generating businesses and those afforded to the reporting and control functions. Other areas, such as risk aggregation and concentration identification, stress testing, and credit and counterparty risk management, can also be attributed to the weak condition of many firms’ IT infrastructure. While considered central to sound firm governance and risk management, the areas of continued improvement addressed here are not exhaustive.

In highlighting the areas where firms must make further progress, we seek to raise awareness of the continuing weaknesses in risk management practice across the industry and to evaluate critically firms’ efforts to address these weaknesses. Moreover, the observations in this report support the ongoing efforts of supervisory agencies to define policies that enhance financial institution resilience and promote global financial stability.

This report serves as fair warning for financial institutions to proactively strengthen their own risk management practices before the regulatory authorities are compelled to force necessary changes.  If your company is looking for cost-effective solutions, Wheelhouse Advisors can help.  Visit www.WheelhouseAdvisors.com to learn more.

Yesterday, the U.S. Government announced major pay reductions for executives at companies recently aided by taxpayer funded capital infusions.  In addition, the Wall Street Journal reported that these same companies will be forced to make some significant changes in their governance structure and risk management practices.  Here is what one prominent corporate governance expert had to say about the demands.

The government’s move “is a seismic shift,” said Espen Eckbo, director of the Center for Corporate Governance at Dartmouth College’s Tuck School of Business. But the broader impact will be “much more significant from the governance side,” he added. Mr. Eckbo anticipates increased shareholder pressure on companies without federal bailouts to create board risk committees and split the roles of chairman and CEO. There likely will be more non-binding stockholder resolutions next year calling for such changes, he predicted. In particular, “risk committees are a no brainer.”

As more companies establish board risk committees, Enterprise Risk Management (“ERM”) programs will come under greater scrutiny and need to be more robust.  Wheelhouse Advisors can help strengthen your ERM program.  Visit www.WheelhouseAdvisors.com to learn more.

The “new normal” is taking hold as businesses emerge from the economic recession and look to 2010 and beyond. Greater emphasis on disciplined decision making supported by a complete understanding of associated risks will become part of the norm.  To that end, one of the major Information Technology (“IT”) market intelligence firms, IDC, recently published a report on what IT organizations should be doing to adjust to the “new normal”.  Here is what IDC suggests as priorities for IT organizations.

1. Cost and Funding Management: IT organizations will increasingly be forced to develop cost profiles, including the business value of solutions, to support investment decisions. This will not be an easy or pleasant task, and has been a requirement that has dogged IT organizations for years.
2. Sourcing and Platform Strategies: As new options become available to achieve an IT or business objective, IT organizations will have more room to experiment, innovate, and change, but will also have to justify their choices more conclusively.
3. Equipment Leasing and Software Financing: Commercial organizations will return to IT leasing and financing as a means of bolstering their access to IT resources.
4. Life Cycle Management: IT organizations have already extended the planned deployment of many major systems, but they still need to develop the tools and management processes to quantify the underlying cost implications of these longer asset lifecycle models.
5. IT Financial Management Tools: As IT platforms and business processes increasingly move toward a mix of in-house and third-party provision, the need for IT financial management software, tools, and best practices to better enable IT organization operational decision-making will become apparent.

Does your IT organization have the necessary tools and supporting business practices to operate in this new environment?  If not, Wheelhouse Advisors can help.  Visit www.WheelhouseAdvisors.com to learn more.

This week, Information Technology (“IT”) executives from around the globe have gathered in Orlando at the Gartner Symposium/ITxpo.  A big focus of the event is how IT can become more transparent and accountable in order to support business growth in 2010.  The key is balancing risk management with performance management.  Here is what Gartner analysts have to say on the subject.

Risk management is about accepting that IT organizations cannot protect the company from everything, so they will have to make conscious decisions about what they will do to protect themselves, and what they will not do. They must learn to balance risk and performance. People need IT organizations to share information, so that they can trust them. IT leaders should accommodate letting outside information in, and sharing inside information appropriately. CIOs shouldn`t think they can shut down the two-way flow of information because they can`t stop it.

Gartner analysts said that the quality of data underpinning metrics such as measuring business productivity, profits, value, and efficiency of services delivered is inadequate. This stems from siloed and inconsistent business data, and from an over reliance on spreadsheets. Even where there have been investments in business intelligence, it`s not giving the business what it needs. The challenge for IT leaders is getting the information that everyone can believe in, and that everyone in the organization will trust. “IT leaders need robust information architectures and governance, coupled with data quality and integration capabilities to create an enterprise view across these silos,” said Nigel Rayner, research vice president at Gartner. “You will need to rationalize and link performance measures across the business in an enterprise metrics framework. When the data is consistent, and everyone believes it, then you have built trust.”

Wheelhouse Advisors recently partnered with Apptio, the leading provider of IT Financial Management solutions, to help companies achieve a balanced risk and performance management approach. Apptio’s on-demand IT Financial Management solutions provide greater visibility into the cost, utilization and operations of IT products and services so that businesses can identify ways to reduce IT costs, make better IT decisions and provide the business with a true Bill of IT. World class companies such as Blue Cross Blue Shield of Kansas, BNP Paribas, EMD Chemical and Starbucks use Apptio’s IT cost analysis capabilities to reduce cost and achieve greater visibility into their IT costs and cost drivers. For more information, please visit www.apptio.com.

While many in corporate America are working to reduce the impact of the H1N1 virus on their workforce, another virus has been infecting corporations for years.  As Jack Bergstrand, Founder of Brand Velocity, Inc., explains in his recent highly regarded book, Reinvent Your Enterprise, corporations of all sizes have been suffering from what he calls “functionitis”.  Mr. Bergstrand examines how this virus has spread as more companies employ knowledge workers rather than manual workers. Knowledge workers typically organize into specialty areas within corporations based on their subject matter expertise.  This, in turn, can lead to a very bad case of “functionitis”.  Here is Mr. Bergstrand’s explanation of the virus and its possible cure.

“Functionitis” is a term for when functions become separated from the Enterprises they are supposed to support.  Functionitis is also an Enterprise example of where bad systems create bad behaviors.  It sometimes generates outright conflict.  More often, it generates less visible cross-functional productivity breakdowns driven by incompatible priorities and preferences.  A clear sign that functionitis has taken over is when one function considers itself an internal customer for another function.  With knowledge work, reducing moving parts at the top can systematically resolve many of the functionitis issues in and of itself.  It can also systematically improve the allocation of resources and accelerate Enterprise reinvention in rapidly changing markets.

Functionitis is at the core of the need for Enterprise Risk Management programs.  Not only does it impact the productivity of risk professionals across an enterprise, but also the ability for an enterprise to understand its true risk profile.  Is your company suffering from risk management functionitis and looking for a cure?  If so, Wheelhouse Advisors can help.  Visit www.WheelhouseAdvisors.com to learn more.

Yesterday, Compliance Week Magazine reported that Standard & Poor’s (“S&P”) is struggling to incorporate Enterprise Risk Management (“ERM”) into its ratings methodology.  Evidently, the analysts at S&P are finding the challenge of reviewing risk management practices at non-financial companies to be more daunting than originally planned. Financial companies have had their ERM practices reviewed by S&P for years, but the task is easier since practices are more mature and standard across the industry. In addition to this challenge, S&P has also been distracted by the ratings debacle that led to the securitization meltdown late last year.  However, here is what Compliance Week reported about S&P’s future plans for ERM evaluations.

S&P has no plans to abandon its ERM evaluations, but neither will it split out ERM as a separate component of a company’s overall rating score. Rather, ERM reviews for non-financial companies will be based primarily on information provided by issuers in public disclosures and through discussions with S&P. Following are the seven primary questions that analysts have been asking management teams concerning ERM:

• What are the company’s top risks, how big are they, and how often are they likely to occur? How often is the list of top risks updated?
• What is management doing about top risks?
• What size quarterly operating or cash loss have management and the board agreed is tolerable?
• Describe the staff responsible for risk-management programs and their place in the organization chart. How do you measure success of risk management activities?
• How would a loss from a key risk impact incentive compensation of top management and on planning/budgeting?
• Tell us about discussions about risk management that have taken place at the board level or among top management when making strategic decisions.
• Give an example of how your company responded to a recent “surprise” in your industry and describe whether the surprise affected your company and others differently.

Is your company prepared to answer these questions?  If not, Wheelhouse Advisors can help. Visit www.WheelhouseAdvisors.com to learn more.

Information Technology (“IT”) is quickly becoming one of the primary areas within a company that is not only laden with risk, but also regulatory complexity.  At the same time, IT is one of the first areas to which companies look for cost reduction in an economic recession.  The combination of these factors demands better decision making and priority-setting by IT risk professionals and finance managers to meet the needs of the business while properly managing risk. In this month’s issue of Information Security Magazine, an IT risk professional at credit information provider Equifax shares his view of this challenge.

Let’s face it, we are entering an era of tighter statutory requirements and rapidly changing regulations. But focusing solely on statute requirements can lead to a disjointed strategy that is neither comprehensive nor aligned with business goals. While compliance mandates are often used to drive security investments, compliance by itself does not ensure a company’s security posture.

Instead, businesses must look beyond their technology and compliance needs and understand the challenges of ensuring their company’s security posture. Achieving this level of transparency requires the right mix of innovation, talent and technology underscored by a strategy that addresses risk at the broadest level. This is where relationships with business partners and vendors can play a valuable role. By joining forces with industry-leading third-party providers, companies gain access to new thinking and innovation to address key needs and challenges. With the right strategy and technology partnerships, businesses can drive a consistent and global set of security practices focused on risk reduction and information security.

Wheelhouse Advisors is uniquely positioned to help companies address their risk and security challenges while meeting the financial demands of the businesses they support.  To learn more, email us at NavigateSuccessfully@WheelhouseAdvisors.com or visit our website at www.WheelhouseAdvisors.com.