The ERM Current™

John A. Wheeler of Wheelhouse Advisors delivered a presentation this week at the 2009 Institute of Internal Auditors Conference in San Diego, California.  His presentation focused on the common objectives of the Chief Risk Officer and the Chief Audit Executive in today’s perilous global economy.  Key discussion topics included:

1. Learning about the evolving role of the Chief Risk Officer (“CRO”) both before and during the current global economic crisis
2. Developing an understanding of the complementary aspects of the CRO and Chief Audit Executive (“CAE”) roles, as well as the potential conflicts to avoid
3. Discovering strategies and critical success factors for an effective CRO & CAE partnership

Given the increase in both complexity and interrelationships of risks across corporations, an effective relationship between these two executive roles and their organizations is vital.  Wheelhouse Advisors provides cost-effective solutions to enable strong relationships in support of robust ERM programs.  To learn more, visit www.WheelhouseAdvisors.com.

Chief Risk Officers are beginning to make their mark in industries other than financial services, according to a recent article by Lloyd’s.  Many of these new positions will need to be filled by risk managers that may not necessarily have the full complement of skills that their financial services peers may possess.  Here is what Lloyd’s and a seasoned risk management practitioner have to say about the issue.

In these times of economic uncertainty, with risk management increasingly recognised as a core competency, insiders now expect CROs to start appearing in major industry sectors outside financial services.  Some insiders have questioned whether risk managers, who traditionally have a background in operational issues, have the necessary financial skills to make the transition however. Joe Restoule, president of the US risk manager association the Risk & Insurance Management Society (RIMS), thinks not.

Restoule, who is in charge of risk management at NOVA Chemicals Corporation, thinks that those risk managers that have embraced enterprise risk management (ERM) have by necessity become more financially savvy.  “It isn’t widespread yet but I sense that risk managers are certainly aspiring to ascend to the CRO position. Risk managers have to be more financially focused because there is so much emphasis today on liquidity and solvency—in terms of their own business but also in terms of the insurers they must deal with,” he says from his office in Calgary, Canada. “So we’re getting better all the time at using the tools to manage these financial risks.”

As more companies adopt an Enterprise Risk Management approach, qualified candidates for the new CRO role will emerge.  It is only a matter of time.

In a recent article written by John A. Wheeler of Wheelhouse Advisors LLC, the evolving role of the Chief Risk Officer (“CRO”) is examined.  Many companies are either elevating the role or creating the role anew.  To be successful, companies must be aware of what is ultimately required for both the role and the person assuming the position.  Here is a brief excerpt from the article addressing this issue.

The true CRO should be the champion and ultimate sponsor of ERM within an organization. To succeed in achieving this objective, the role requires the commitment and full support of both the board of directors and CEO. In addition, the role requires a unique skill set that combines a deep understanding of the business, an appreciation for risk management principles, strong leadership capabilities, and a strategic mind-set. This is a tall order for most organizations, especially when budgets are tight and short-term earnings pressures are so acute.

The challenges do not end there. At the core, the organization’s culture must align with and support the ERM program. This means that its managers and employees must have a certain level of risk awareness as well as a willingness to own the risks they take. This is created by leadership emphasis from the CEO, CRO, and other senior management members. However, more importantly, the compensation and performance management structure must be designed to provide incentives for appropriate behavior within an organization’s risk appetite.

Simply appointing someone to the position of Chief Risk Officer without understanding what the role requires or addressing the cultural implications will result in certain failure.  Wheelhouse Advisors can help your company establish the proper environment for a Chief Risk Officer to succeed.  To learn more about how Wheelhouse Advisors can help, visit www.WheelhouseAdvisors.com.

More and more companies are creating the new role of Chief Risk Officer (“CRO”) to lead their efforts to manage the growing complexity of risks.  The complexity is increasing as companies begin to rely more on external service providers, make greater use of advanced technologies and operate in different areas across the globe.  To be successful in this mission, CROs must possess the right mix of demonstrated competencies and abilities.  This topic was discussed in a recent article in Business Insurance magazine.  Here is a sample of what they had to say.

In every company, establishing a clear chain of command is vital to success. Risk, as an ongoing companywide issue, requires that the CRO report directly to the chief executive officer and have the flexibility to recruit and manage a small staff globally. The expansive nature of risk management also necessitates that the CRO steward numerous strategic partnerships with internal constituencies and outside strategic partners. He or she should partner with the general counsel, chief operating officer, chief financial officer and the top internal audit officer, all of whom should view the CRO role as a complement to their areas of responsibility.

CEOs need a risk expert who can act as architect and engineer in building a comprehensive enterprise risk management infrastructure; one that spans all parts of the organization and provides a clear and easy-to-interpret real-time interface for senior management regarding all risk-related activity.

Searches to fill these new roles will be difficult due to the fact that there are few people who have experience in the role and/or the combination of skills to be successful.  However, the right candidate is crucial to establishing a program to manage risks effectively over the long-term.

Risk Management can be only as effective as a company wants it to be, as evidenced by the continuing saga of American International Group (“AIG”).  The Wall Street Journal reported last week that certain high level executives who may have had a hand in limiting access of key risk management personnel remain on the job.  AIG’s Chief Risk Officer, Robert Lewis, was at the center of the discussion since he is responsible for AIG’s Enterprise Risk Management program.  Here’s what the WSJ had to say.

AIG’s outside auditor and a regulator raised concerns months before the bailout about the ability of AIG’s risk management to monitor what was going on in some units.

At an AIG board-committee meeting in January 2008, AIG’s auditor, PricewaterhouseCoopers LLP, “expressed concern that the access” Mr. Lewis’s department and other top AIG executives had into the financial-products unit, AIG Investments and other subsidiaries. Access “may require strengthening,” according to minutes of the meeting released by Congress last fall.

Two months later, the federal Office of Thrift Supervision, which regulated AIG’s financial-products unit, sent a letter to the company, also released by Congress. OTS said the unit “was allowed to limit access of key risk control groups while material questions relating to the valuation of the [swap portfolio] were mounting.”  The OTS said those “control groups” included Mr. Lewis’s department.

At a congressional hearing last week, Rep. Gary Peters (D., Mich.) asked AIG Chief Executive Edward Liddy, “Where was the risk management of your company? Where was the failure of your own internal risk-management procedures?”

Mr. Liddy responded, “We had risk-management practices in place. They generally were not allowed to go up into the financial-products business.”

Selective risk management within a company is a recipe for disaster.  Any area that is deemed “off-limits” should be a gigantic red flag for both senior management and the board of directors. 

Is your company prepared for the coming wave of regulation?  How flexible and cost-effective is your company’s enterprise risk management program?  Answers to these questions may make or break companies as they struggle to emerge from the financial crisis.  A recent article in Treasury & Risk Magazine reinforces the risk management challenge.

With lip service paid to risk management but no real clout singled out as one of the culprits in the financial crisis, many companies in 2009 aim to make risk management a daily function of good governance. And since a new Congress and president both promise increased regulation, companies should expect to deal with risk management on Washington’s terms.  The chief risk officer’s (CRO) job will evolve from what was mainly a focus on regulatory compliance to include across-the-the board oversight of everything from Sarbanes-Oxley to credit risk to business continuity.

Wheelhouse Advisors is uniquely equipped to help companies build flexible, cost-effective and sustainable enterprise risk management programs.   Contact us at NavigateSuccessfully@WheelhouseAdvisors.com to learn how we can help you