When it comes to life, business or sports the formula for success includes minimizing risk. Identifying, managing and resolving risk is essential whether selecting a career, investing in a business opportunity or choosing a new business partner. The same applies to managing risk at an insurance company. Ensuring there is a plan and process for identifying and resolving business risk is essential to the immediate and long-term vitality of the company. That’s why it’s necessary to implement an Enterprise Risk Management (ERM) program that provides the board, senior management and other stakeholders with assurance that proper safeguards and protections are in place. However, launching an ERM can be a challenging task which can seem overwhelming. To help clients, prospects, and others with implementation, JLK Rosenberger has provided a summary of key information below.
Tips for Successful Implementation
- Gain Key Support – Getting support from the right sources including the board of directors and senior members of management is essential. Since ERM touches many parts of the company, it’s important to have key leaders involved throughout the planning phase. It’s recommended that the CEO act as the process owner leveraging other members of senior management to assist with implementation.
- Review Existing Risk Management Efforts – Take time to determine what your company is doing currently to mitigate and address potential risk factors. This is an essential early step because most companies already have some processes in place and you don’t want to duplicate efforts. Through this review, you can identify areas where the company has exposures and target efforts towards them.
- Adopt a Framework – The cornerstone of risk is uncertainty, and your framework places it in a process that helps manage and control it. Various frameworks can be used when implementing ERM, but the most popular is the COSO framework. Generally speaking, the outline of most frameworks includes control environment, risk assessment, control activities, information and communication and monitoring. Most risk management processes seek to identify, evaluate, prioritize, treat and then monitor identified risks. Selecting a framework to follow early in the process will make implementation run more smoothly.
- Build Incrementally – A common question often asked in the initial stages is “What should be the scope of ERM implementation?”. The answer is simple: start small and build incrementally. Successful implementations begin by focusing on a few key business risks and achievable goals. Rather than attempting to address risk in every part of the business, focus on the risk that poses the most significant concern to the company. Establish a method for addressing the risk(s) and monitor the effectiveness of efforts. Give ERM a chance to get early victories and demonstrate value to management.
- Ongoing Reporting – Telling the success story of risk management efforts is essential to the long-term vitality of the program. For this reason, it’s important to issue ongoing reports that demonstrate the value of ERM efforts. For example, periodic reports to senior management on program progression should include steps taken (and related effectiveness) to accomplish key risk management objectives.
Many insurance companies struggle with the idea of ERM implementation. It’s believed that ERM is something that’s only essential for larger companies. Many organizations want to put off ERM until the company becomes bigger, but this can have a cost. Insurance regulators and rating agencies (i.e. AM Best) are asking ALL insurance companies about their ERM planning and implementation. Taking the time to implement ERM now will not only help the company manage risks but create a better position with regulators and rating agencies.