Demand for ERM Continues to Grow

More companies are beginning to realize the value of Enterprise Risk Management (“ERM”) as a discipline that can propel a business forward rather than hold it back. In the recent past, many ERM programs focused primarily on revisiting problems from the past or examining all risks regardless of size. While these types of exercises can keep people busy, they rarely benefit a company that is trying to navigate forward to achieve successful outcomes. However, according to recent comments by a risk expert at the Risk and Insurance Management Society, ERM is evolving into a highly valued business practice. Here is what she had to say in an interview conducted by

Today, a growing perception that ERM “is a business discipline that can advance an organization’s [big-picture] objectives” is driving higher adoption rates across all types of organizations, says Carol Fox, director of strategic and enterprise-risk practice with the Risk and Insurance Management Society.

While there is also a perception that risk managers are having difficulty getting invited to a seat at the C-suite table, Fox believes that most corporate leaders, with only rare pockets of resistance, are eager for expert input about the strategic risks the organization faces.

“With all the external pressures—whether it’s Dodd-Frank, shareholders or the disclosures required now by the SEC for public companies—there is plenty of demand, visibility and support at the board level and at senior-management level” for ERM, she says.

As more board members and senior executives become acquainted with the usefulness of a well-designed ERM program, the discipline will become a “must have” for companies looking to compete in the new economy.


Companies Are Thinking About Risks In New Ways

Why do some companies loathe risk management? Well, many will say because it is a bureaucratic exercise devoted to minimizing risks at the expense of future growth and innovation – and in many cases they are right. This is due to the way risk management as a discipline has evolved as well as how risk management practitioners have been taught. For better or worse, risk management tends to lean towards insurance and compliance or, in other words, ways to minimize risk and increase paperwork.

So, when board directors and senior executives hear the words “risk management”, they immediately shift their focus to the more commonly held view and neglect the real value of the discipline. The real value of risk management comes from developing a keen understanding of the critical risks related to a company’s strategic objectives. With this understanding, companies can leap-frog the competition by addressing risks in an innovative and unique manner.

Wheelhouse Advisors has developed a tool set to help companies jump-start their new approach to understanding risks. Known as The ERM Compass™, the tool set is designed to identify opportunities to improve a company’s “risk mindfulness.”  Risk mindfulness is a new way of viewing risks – a forward-looking and continuous approach that allows a company to use risk as a driver of intelligent growth and innovation.  The level of a company’s risk mindfulness is measured using The ERM Compass™ Scorecard.  The Scorecard focuses on four primary areas of risk as they relate to a company’s strategic objectives (see figure below). Scores are calculated for each risk area using five critical components of risk mindfulness. With the scores in hand, companies can easily determine the direction they need to take in order to increase their risk mindfulness and create value.

To learn more about The ERM Compass™ and to schedule a complimentary review, email us at

Clues to Board Ineffectiveness

The Harvard Business Review published a provocative article last week about the shortcomings of board directors in today’s post financial crisis environment. The article was written by Roger Martin, dean of the Rotman School of Management at the University of Toronto. Mr. Martin is a frequent writer and expert in the field of Design Thinking. According to Mr. Martin, the following are six indicators of a bad board member.

1) They complain about how hard Sarbanes-Oxley has made it to be a director. Guess what? It has also become hard to be an investor. And hard to be a public company auditor and a capital markets regulator. It’s hard all over. If your directors complain that they don’t have time on the board to talk about strategy and succession and other important management issues because the formal SOX procedures have crowded that out, you have mice not men (or women) on the board. Every person in every organization has the personal choice to be a value-added contributor or turn into a useless bureaucrat. Directors have that choice; nobody is putting a gun to their heads. If they complain, they are likely to be useless to you.

2) They complain about how the fees for being a director aren’t high enough to compensate for the onerous work involved. You don’t want a director on the board because they think it is great money. If they complain about the money, it is because they are obsessed about making money by being on boards and want it to be a lucrative gig. If they think it is great money, they won’t do anything to rock the boat and risk losing that gig.

3) They are paid in the top tertile of peer boards. Boards set their own compensation. If board members set their compensation significantly above the median of peer boards, they want to make the board a lucrative gig and that is a bad thing, per the point above.

4) They express excessive pride over being on the board. This is likely to mean that they are enamored with the prestige of being on the board. If that prestige is important to their sense of self then they won’t do anything to rock the boat and risk losing the prestige associated with being on the board.

5) They express enthusiasm for the enjoyable social atmosphere on the board. This means they will be incline to avoid doing anything to rock the boat because that will reduce the enjoyment of the atmosphere on the board.

6) They express enthusiasm for the personal growth opportunities the board provides them. That is lovely for them, not for you.

As we continue to emerge from the rubble of the Great Recession, more companies will need to reflect on the effectiveness of their boards and, more importantly, their individual board members.

When Discussing Risk, Are Boards Well Informed?

Now that the economic outlook and regulatory uncertainties are beginning to stabilize, companies and their boards of directors are exiting crisis management mode and realizing the need for strong enterprise risk management programs to succeed going forward.  However, most board members in the U.S. still do not have a very good understanding of the enterprise risk management practices in their own companies.

A recent survey sponsored by the AICPA and the CIMA and conducted by North Carolina State University demonstrates this fact.  According to the survey, only 39% of U.S. companies indicated that top risk exposures facing the organization are formally discussed when the board of directors discusses the organization’s strategic plan. That’s compared with over 60% of global competitors who are discussing the top risk exposures.

There may be several reasons for this lack of risk discussion in the boardroom.  First, the board members may simply be avoiding the risk discussion by placing implicit trust in senior management.  The board members may also lack the interest and/or the requisite experience to engage senior management in a healthy debate.  However, most likely the company is not in a position to have a risk discussion because they lack the supporting enterprise risk management program to provide a clear articulation of the company’s risk profile.  So, the board of directors and senior management are left to review the strategic plan in a vacuum.

Most of these companies are reluctant to invest in an enterprise risk management program because they fear the onslaught of bureaucratic processes akin to the very early days of Sarbanes-Oxley compliance.  To be truly successful at providing the right risk information, the program should be highly practical and business-focused rather than a grandiose compliance exercise.  It also should be enabled through an intuitive, integrated business process and technology platform such as OpenPages’ Enterprise Risk Management solution set.

For board members who are interested in determining whether they are headed in the right direction when it comes to risk, Wheelhouse Advisors has developed a helpful roadmap called The ERM Compass™.   The ERM Compass™ is a simple, straightforward guide that will provide board members with valuable questions and insight to drive effective boardroom risk discussions.  If you are interested in learning more, send an email inquiry to

Boards Take the Lead on Risk Management

The Conference Board published a report this month about best practices in public company risk oversight. The report compiled interview insights from  20 members of U.S. public company boards, representing a variety of business sectors (including manufacturing, high tech, real estate, food services, retail, telecommunications, air travel, energy, health care, and banking) and ranging in size from $150 million to over $30 billion in revenues. The report ultimately demonstrates the need and desire of corporate boards to take the lead in improving risk oversight. The following ten insights are noted in the report with actual board member quotes in italics.

  1. Assign the responsibility of risk oversight to the full board and the burden of risk oversight to the right committee(s). (“We are all collectively responsible for risk,” said a board member, while another added: “Audit committees tend to have a checklist approach to risk oversight, which is dangerous; not enough prioritization, not enough of a business angle.”)
  2. Consider the full breadth of material risks that can impact the company. (“We benchmark against a range of companies to make sure we think.“)
  3. Push for a deep understanding of the key risks. (“We spend a lot of time reviewing the numbers and understanding risk processes: where the key numbers come from, how they get into the reports.”)
  4. Secure the right expertise on the board. (“Transformation of our risk approach was driven by two board members with risk experience elsewhere.”)
  5. Nurture a healthy tension borne by diversity. (“The biggest change we made in risk management over the last few years is focusing on having the most diverse board possible.”)
  6. Engage the broad management team. (“The board needs to interact with management in an open manner, not just hear what has been rehearsed three times.”)
  7. Embed risk discussions in all board processes. (“Every initiative presented to the board concludes with a simple page with three to four bullets on the key risks.”)
  8. Avoid the “bureaucratic trap”—more substance, less process. (“When you ask an executive to go in depth on a specific risk and you get a blank stare, you know risk management has become too bureaucratic.”)
  9. Make risk management actionable, not just an exercise. (“Follow-up is critical—managers come back to the board and are asked ‘tell me what you have done’—it is more than just a plan.”)
  10. Take ownership of improving risk management in the organization. (“To make risk management a success at our company the board had to get involved—we never gave up.”)

This represents the new shift by boards to become more risk focused.  How does your company stack up against these best practices?  What other insights should be included on the list?  How do you engage senior management to embrace practices such as these?  If you are interested in joining the discussion, email us at

New SEC Rules Serve as a Warning to Boards

Large U.S. corporations were recently placed on notice by the Securities & Exchange Commission (“SEC”) that shareholders will have a larger voice in determining board members going forward.  Just last week, the SEC adopted new proxy access rules that could have a significant impact on companies who anger their shareholders by not managing their risks well.  Crain’s New York had a very interesting report on the potential impact of the changes on companies like Goldman Sachs.  Here’s their view.

Goldman Sachs is target No. 1 for activist investors looking to shake up corporate boards now that the Securities and Exchange Commission has made it easier for shareholders to nominate directors.  Corporate governance activists are looking to replace Goldman directors at the firm’s annual meeting next spring unless the board strips Chief Executive Lloyd Blankfein of his position as chairman.

The SEC determined that investors can nominate their own directors if they own as little as 3% of a company’s stock and can combine their holdings with other shareholders to reach the threshold. It’s a sea change for board elections, where candidates in most cases are selected by management only. While investors are limited to nominating 25% of directors in any year, the power they’ve been granted by the government is considered so worrisome that the U.S. Chamber of Commerce is threatening to sue.

Boards and senior management need to ensure that they are working well together to anticipate risk events like the one Goldman Sachs experienced to protect their shareholders and their positions.  The best way to achieve this goal is to have a strong enterprise risk management program in place.  To learn more about how Wheelhouse Advisors can help your company implement a strong ERM program, visit

The Time for ERM is Now

The Dodd Frank Act of 2010 that was recently signed into law by President Obama will require not only banks but also nonbank financial companies to have a formal risk committee and enterprise wide risk management program. Specifically, the Act has a mandatory provision for public companies with total assets greater than $10 billion to have these risk management practices in place and an option for the Federal Reserve to require public companies with fewer assets to have the same.  Here is an excerpt directly from the new law pertaining to the new risk committee requirement.

RISK COMMITTEE.—A risk committee required by this subsection shall—
(A) be responsible for the oversight of the enterprise wide risk management practices of the nonbank financial company supervised by the Board of Governors or bank holding company described in subsection (a), as applicable;
(B) include such number of independent directors as the Board of Governors may determine appropriate, based on the nature of operations, size of assets, and other appropriate criteria related to the nonbank financial company supervised by the Board of Governors or a bank holding company described in subsection (a), as applicable; and
(C) include at least 1 risk management expert having experience in identifying, assessing, and managing risk exposures of large, complex firms.
These requirements will become effective in one year, so the time is now to begin working on your enterprise risk management practices.  Wheelhouse Advisors is uniquely qualified to help companies establish a practical, business-focused risk management program that is cost-effective.  Visit to learn more.