Newsletters
Risk Central
Digital Edition
Risk Management
Looking at Risk Three Dimensionally
There is a direct relationship between strong risk management practices and superior operating performance, according to several reports.
The “2015 Aon Risk Maturity Index Insight Report” released in November analyzes the inverse relationship between a higher “risk maturity rating” and lower stock price volatility, as well as a direct relationship between a higher risk maturity rating and superior operational financial performance.
Additionally, the report’s findings reinforced the relationship between a higher risk maturity rating and the relative resilience of an organization’s stock price in volatile equity, currency and commodity market scenarios.
Organizations with a high risk maturity rating differ from those with lower ratings in several ways, said Kieran Stack, managing director at Aon Global Risk Consulting in Chicago.
“If organizations try to increase the performance across those dimensions, that helps them also improve building awareness, agreement and alignment of tactical plans to execute.” — Kieran Stack, managing director at Aon Global Risk Consulting
Typically, he said, they communicate their risks across the organization, they collaborate across functions and they form consensus in both determining the key strengths and weaknesses of mitigating the risks and formulating tactical plans to continue to improve their risk management programs.
Indeed, 60 percent of organizations with above average risk maturity ratings consistently and formally share the results of risk assessment activities across the organization, while only 19 percent of organizations with below average risk maturity ratings do so, according to the report.
Organizations with below average risk maturity ratings are more likely to communicate these risk assessment results only on an ad-hoc basis (68 percent of below average respondents versus 40 percent of respondents scoring above average).
Collaboration Counts
As for collaboration, 51 percent of organizations that score above average collaborate across risk functions while only 11 percent of firms scoring below average do. The report found that 72 percent of organizations that score below average only collaborate on an ad-hoc basis during data gathering or analysis activities.
“In the business world there is still a disconnect that risk management is an essential part of the strategic planning process allowing companies more certainty with achieving desired outcomes.” — Albert L. Sica, managing principal, The ALS Group
“If organizations try to increase the performance across those dimensions, that helps them also improve building awareness, agreement and alignment of tactical plans to execute,” Stack said.
High risk maturity organizations also tend to integrate quantitative modeling techniques in their risk management activities, he said.
“These organizations are not just looking at qualitative assessments of their key vulnerabilities, but also assessing these risks from a quantitative perspective,” Stack said. “For instance, they are using probabilistic modeling techniques such as stochastic simulations to better assess and quantify their exposures to these risks.”
Another report, using data from the RIMS Risk Maturity Model, has similar conclusions: Organizations exhibiting mature risk management practices realize an increased valuation premium of 25 percent, according to “The Valuation Implications of Enterprise Risk Management Maturity.”
The findings by Mark Farrell of Queen’s University Management School and Dr. Ronan Gallagher of University of Edinburgh Business School are based on RIMS research data.
According to the report, organizations with highly mature ERM practices had formal processes for performance management, ERM process management, adoption of ERM-based approach, root cause discipline, uncovering risks, risk appetite management, and business resilience and sustainability.
Carol Fox, director of strategic and enterprise risk practice, RIMS
Carol Fox, RIMS’ director of strategic and enterprise risk practice, said that the study suggests that firms that have successfully integrated these processes into their strategic planning activities and everyday practices have superior ability to understand the risk dependencies across the enterprise.
“The question we often get asked is, is risk maturity worth the investment?” Fox said. “I think the RIMS report and the Aon report tell a very compelling story for organizations that it is worth it to invest in risk management capabilities – not only for for-profit companies, but also for nonprofit organizations.”
Albert L. Sica, managing principal of The ALS Group, an independent insurance and risk management consulting firm in Edison, N.J., said that the concept of risk maturity is very important.
“Risk management in many cases has been synonymous with buying insurance, rather than a more thoughtful overall understanding of risks so companies can avoid surprises,” Sica said.
“In the business world there is still a disconnect that risk management is an essential part of the strategic planning process allowing companies more certainty with achieving desired outcomes.”
One example of this disconnect is not fully understanding the retained risk companies have through simple exclusions in their insurance policies, he said.
Albert L. Sica, managing principal, The ALS Group
Companies should also determine where the pinch points are in their supply chains and how an occurrence could develop into significant financial issues for their product or project – such as a supplier going out of business or a critical part coming from overseas being delayed.
“The whole idea is to think about risk management a little bit more three dimensionally,” Sica said.
“Risk management should be working closely with senior leadership to help the company achieve a better understanding of unexpected events and related financial impact allowing them to eliminate surprises.”
