Top Enterprise Risk Management Misconceptions

When it comes to Enterprise Risk Management (ERM), many believe the effort needed to gain buy-in, implement and manage, outweigh the potential benefits. While it can be challenging, the benefits to the organization are substantial and continue to grow as the program is refined and optimized. Perception is often reality, and there are several misconceptions about ERM that tend to dissuade insurance companies from considering this increasingly important management strategy. To help clients, prospects and others identify and overcome them, JLK Rosenberger has provided a general list of the most common below.

Common ERM Misconceptions

• ERM is for Large Companies – Although large insurance companies spend more time and money on ERM, it doesn’t mean the benefits to small and medium-sized companies are insignificant. Smaller businesses are subject to as many risks and threats as their large company counterparts. While they may be different in scope and magnitude, the need to proactively assess, monitor and manage them remains. The reality is that many smaller companies often receive a greater benefit from ERM because the inherent risks may pose a much greater threat. Management’s ability to deal with them can be limited due to lack of experience, fear of time and cost and perceived lack of access to tools.
• Unclear Understanding of Value – In general, management teams at smaller to mid-level insurance companies do not fully understand the value ERM creates. There are many benefits for insurance companies including providing government regulators and rating agencies with a level of comfort about their internal risk management profile. With globalized threats being leveled upon even the smallest of entities, these regulators and rating groups have begun to inquire and pose more risk management questions to these small to mid-size insurance entities. An ERM program guides the company to routinely address risk in key areas including financial, operational, market, underwriting, pricing, credit-liquidity and strategic risk. It also improves companywide communication in execution. To ensure success, it requires the CEO, senior management, and the board to become involved in the essential task of enterprise risk management. This group is the driver and life blood of an entity’s continuing ERM program.
• ERM is a One Time Event – Some companies have the misconception that ERM is primarily a one-time event designed exclusively to detect and resolve issues. While addressing and resolving risks are obviously a crucial step in the ERM lifecycle, it is only the beginning. Ongoing oversight needs to happen to ensure risk factors are consistently discussed, monitored and refined as the entity evolves. There are steps that should not stop as part of a one-time event, but rather become part of the standard operating assessment. This will allow you to keep evaluating new sources of risk while assessing and mitigating those previously identified.
• Requires Significant Investment in Technology – While some companies elect to make investments in tools and technology, such an expensive outlay is not required when launching an ERM program. It’s important to remember that ERM is about defining risks specific to an organization, documenting them and developing an approach to address each one. Many are surprised to learn that in the initial stages of implementation, documentation and monitoring can be done using basic tools such as Microsoft Word and Excel. A company starting out with ERM can take the process slowly and gradually expand to the point where more sophisticated tools may be desired but are certainly not mandatory. In other words, you can control the scope of the program and make gradual investments when appropriate and if desired.
• Lack of Internal Expertise – All one needs to do is Google the term “ERM implementation” and they can very quickly conclude that expensive personnel and technology appear to be necessary for implementation. Likewise, they may get the impression for the need to hire an experienced risk officer to staff and coordinate such a process. For insurance companies just starting with ERM, this is simply not the case. It’s important to remember that ERM is not a one-size-fits-all process and COSO was initiated to guide and accommodate companies with diverse needs. The truth is that companies often have key employees in place that understand their specific organizational areas, risks and tasks, as well as their management processes. These company-knowledgeable and skilled personnel can be involved in the assessment process to avoid some of the aforementioned fears and concerns. What most need is a general coordinator knowledgeable in ERM to help guide them, step by step, through the process of leveraging internal human and other resources to achieve the desired ERM objectives.

The idea that a company needs to launch a large and costly ERM program is what deters many from ever seriously considering it. Through a gradual and focused program, the benefits of ERM can be realized without having to deal with the misconceptions listed above. The JLK Rosenberger ERM implementation methodology is unique and designed for common sense, leveraged results.