Newsletters
Risk Central
Digital EditionTemple University, Wawa and Centene Weigh in on the Value of Enterprise Risk Management
In a time when a global pandemic rages and climate change continues its worrisome march, it is imperative for a company’s survival that it be prepared for any eventuality.
Now more than ever, enterprise risk management — managing the entirety of an organization’s risk exposures — is a much-needed discipline.
In what was described as, “an experienced conversation with ERM experts,” Temple University hosted the first part of its 3rd Annual Enterprise Risk Management Conference on November 19.
While the conference had to adjust to an all virtual platform this year, it still provided valuable insight into the enterprise risk management discipline, with four presentations ranging from a basic introduction to ERM, to how it is being used by real-world institutions, and even its correlation to environmental, social and governance (ESG) practices.
The Best, Most Effective Methods to Determine Your Biggest Risks
The opening presentation was given by keynote speaker Doug Hubbard, founder and CEO of Hubbard Decision Research and author of several books, including “The Failure of Risk Management: Why It’s Broken and How to Fix It.” Hubbard gave an overview on the ways in which risk can be best identified and managed.
Hubbard began his presentation by emphasizing one important point: identifying your single biggest risk from the jump. Hubbard added that if the method to determine risk is flawed, everything else will be flawed as well.
He then delved into the different methods in which risk can be identified and eventually mitigated. These measurement methods included identifying risk by intuition and using account-style practices including qualitative and quantitative methods.
While the utilization of risk matrices and a qualitative scoring method is the most popular approach, they’ve also been proven to not have a large success rate. Hubbard noted that matrices “should not be used for decisions of any consequence,” and are “worse than useless.”
Despite there being research disputing the validity of risk matrices, he explained that there is an incredible amount of resistance and objection to the implementation of quantitative models. He went on to say that people begin to distrust algorithms if they provide even just one incorrect result.
So, where do risk managers go from here? Hubbard ended his presentation with one takeaway; stop using qualitative models, like risk matrices, to measure risk and switch to quantitative methods to more accurately determine risk. One successfully proven method is called the Monte Carlo simulation, where risk managers make quantitative data conclusions without having a set amount of data.
Applying Risk Management Methods to Wawa Inc.
One company which has invested serious time into their ERM management is convenience store giant Wawa, Inc.
In a presentation by Karen Gennello, director of internal audit and loss prevention, and Mike Eckhart, general counsel and chief risk officer at Wawa, discussed what they called Wawa’s “ERM Journey,” which followed a similar pattern to Hubbard’s suggestions.
First, Wawa identified and narrowed down what their company’s key risks were. They then used a charting method that plotted risks based on the likelihood of the risk occurring, the impact the risk would have on the company, and how prepared Wawa was prepared for that particular risk. Gennello added that the goal of this process was asking, “what and where is the leaky pipe?”
The risk management team then created a rating scale for each risk using the three criteria mentioned before.
Through this process, risk managers not only realized that risks substantially overlap, but that there was not enough time or resources to focus on every single risk. They narrowed their focus down to three “leaky pipes” and assembled a crisis team they internally dubbed the “V-Team,” to prepare for any particular risk, should they occur. A playbook was created for the company to refer to, highlighting each risk and incident in real time.
Both Gennello and Eckhart agreed that there is still so much content to learn in the risk management sector, and there are many initiatives to partake in order to keep ERM relevant. These include dedication to resources, using analytics to mitigate risks and the constant identification of new and emerging risk.
Taking a page from Hubbard’s book, Wawa executives used a Monte Carlo model in order to determine how much risk the company can realistically tolerate. The V-Team will reassess the risk playbooks on an annual to 18-month basis.
When asked about the company’s next steps in their risk management plans, Gennello and Eckhart concluded that they believe the values and cultures of their company will keep their ERM goals moving forward.
Both agreed that people working with and for Wawa understand the importance of having substantial responses to risk events, should they occur. The priority for a strong ERM focus, for them, will not diminish.
ERM in ESG Practices and Temple’s Approach to Risk Management
Following Wawa’s presentation was Jana Utter, vice president of ERM for Centene, who discussed enterprise risk management and its relation to ESG (environment, social and corporate governances) practices.
A company’s ESG practices focus on their nonfinancial performance value, though these factors can indicate a company’s strong financial performance. These ESG practices can play a significant role in determining a company’s most prominent risks. In many instances, a company’s risks will include issues that also fall into sectors of environmental, social or governance practices.
Utter added that similarly to any ERM determination, companies need to identify the ESG topics that are the most prominent or are presenting the largest risks. The risk amount, which varies according to each company, then gets filtered into about 15 of the assumed largest risks.
Companies also undergo an ESG risk rating by the MSCI scale, which projects how resilient a company will be when addressing these risks.
The conference’s final presentation came from Alejandro Diaz, chief compliance officer at Temple University’s ethics and compliance office, who discussed the university’s ERM program and practices. Diaz’s office consults ERM experts that both identify and help manage risks for the university.
Diaz noted some of the methods used for risk determination, some even shared by other presenters. These included similar ways to measure which risks are most pressing and determining the likelihood of each risk.
While the conference provided a broad range of experts and opinions, each presentation echoed the same sentiments; risk is everywhere, and the key is for companies and institutions to devote time to ERM initiatives.
The second part of the conference is set to run on December 3rd with another keynote speaker and more discussion on the risk management sector. &
