Enterprise Risk Management

I thought I'd pass this news headline along for anyone that may have missed it on RiskWire today. -E Increased Visibility for ERM Rough Notes (08/04) Vol. 147, No. 8, P. 12; Moody, Michael J. Recent regulations, including the Sarbanes-Oxley legislation, have led to a renewed interest in enterprise risk management (ERM), and more recently, Lord Peter Levene of Lloyd's of London recently touted the discipline's necessity. Risk awareness should be a top priority for chief executives and board members, according to Levene, especially since the risk environment is continually shifting. PricewaterhouseCoopers' recent survey of CEO preparedness has highlighted the desire for greater use of ERM in the workplace and throughout major organizations, but most are struggling with how the concept should be defined. Overall, the Committee of Sponsoring Organizations of the Treadway Commission is the only group to develop a concrete ERM framework for businesses to follow, but some have found the framework almost impossible to use. Source: Rough Notes http://www.roughnotes.com/rnmag ------------------------------- Eric Benson Allianz Life Insurance Company of NA Enterprise Risk Mgr -------------------------------

Thanks Eric for the Rough Notes posting yesterday. The PwC CEO survey on ERM was quite revealing and helpful. It points the way for all those who can't get the CEO access or input they need to develop their strategies. On the COSO ERM Framework, it would be great to understand what they mean by the "impossible" nature of its use or implementation. While not execution focused, it is a great and I think, only, comprehensive guide for strategy development. Tactical execution remains the opportunity but perhaps the final version due out next month will address this gap. If not, RIMS members should call upon RIMS to address this critical issue. ------------------------------- Christopher Mandel USAA Enterprise Risk Management AVP, Enterprise Risk Mgmt. -------------------------------
Original Message----- Sent: August 16, 2004 12:58 Subject: Increased Visibility for ERM I thought I'd pass this news headline along for anyone that may have missed it on RiskWire today. -E Increased Visibility for ERM Rough Notes (08/04) Vol. 147, No. 8, P. 12; Moody, Michael J. Recent regulations, including the Sarbanes-Oxley legislation, have led to a renewed interest in enterprise risk management (ERM), and more recently, Lord Peter Levene of Lloyd's of London recently touted the discipline's necessity. Risk awareness should be a top priority for chief executives and board members, according to Levene, especially since the risk environment is continually shifting. PricewaterhouseCoopers' recent survey of CEO preparedness has highlighted the desire for greater use of ERM in the workplace and throughout major organizations, but most are struggling with how the concept should be defined. Overall, the Committee of Sponsoring Organizations of the Treadway Commission is the only group to develop a concrete ERM framework for businesses to follow, but some have found the framework almost impossible to use. Source: Rough Notes http://www.roughnotes.com/rnmag ------------------------------- Eric Benson Allianz Life Insurance Company of NA Enterprise Risk Mgr -------------------------------

The full text of the column is online at http://www.roughnotes.com/rnmagazine/2004/august04/08p12.htm ------------------------------- Anna Sabasteanski The Asset Management Network Inc Partner -------------------------------
Original Message----- Sent: August 16, 2004 12:58 Subject: Increased Visibility for ERM I thought I'd pass this news headline along for anyone that may have missed it on RiskWire today. -E Increased Visibility for ERM Rough Notes (08/04) Vol. 147, No. 8, P. 12; Moody, Michael J. Recent regulations, including the Sarbanes-Oxley legislation, have led to a renewed interest in enterprise risk management (ERM), and more recently, Lord Peter Levene of Lloyd's of London recently touted the discipline's necessity. Risk awareness should be a top priority for chief executives and board members, according to Levene, especially since the risk environment is continually shifting. PricewaterhouseCoopers' recent survey of CEO preparedness has highlighted the desire for greater use of ERM in the workplace and throughout major organizations, but most are struggling with how the concept should be defined. Overall, the Committee of Sponsoring Organizations of the Treadway Commission is the only group to develop a concrete ERM framework for businesses to follow, but some have found the framework almost impossible to use. Source: Rough Notes http://www.roughnotes.com/rnmag ------------------------------- Eric Benson Allianz Life Insurance Company of NA Enterprise Risk Mgr -------------------------------

I still don't think that the COSO document is a framework for implementation of ERM. It is an auditor's handbook on their role within ERM and what constitutes a proper ERM program. I don't think it is intended to assist in implementation. Again, I think it is just another source for a risk manager to use to design his/her own approach and framework suitable to their specific organization. ------------------------------- Susan Meltzer Sun Life Financial Asst. VP, Insurance and Risk Mgmt. -------------------------------
Original Message----- Sent: August 17, 2004 17:37 Subject: RE: Increased Visibility for ERM Thanks Eric for the Rough Notes posting yesterday. The PwC CEO survey on ERM was quite revealing and helpful. It points the way for all those who can't get the CEO access or input they need to develop their strategies. On the COSO ERM Framework, it would be great to understand what they mean by the "impossible" nature of its use or implementation. While not execution focused, it is a great and I think, only, comprehensive guide for strategy development. Tactical execution remains the opportunity but perhaps the final version due out next month will address this gap. If not, RIMS members should call upon RIMS to address this critical issue. ------------------------------- Christopher Mandel USAA Enterprise Risk Management AVP, Enterprise Risk Mgmt. -------------------------------

Has anyone's company developed an audit plan or has anyone had their ERM program audited yet? Developing a plan is one of our objectives this year, but beyond giving it some thought, I haven't started working on it yet. As has been mentioned in the past, I believe that is the best role for Internal Audit, but I also believe that we will have to work together to build a plan that will satisfy their needs for controls and metrics as well as one that satisfies our needs for effectiveness and tone and the top. ------------------------------- Mark Huddleston HON INDUSTRIES, Inc. Enterprise Risk Manager -------------------------------
Original Message----- Sent: August 27, 2004 12:38 Subject: RE: Increased Visibility for ERM I still don't think that the COSO document is a framework for implementation of ERM. It is an auditor's handbook on their role within ERM and what constitutes a proper ERM program. I don't think it is intended to assist in implementation. Again, I think it is just another source for a risk manager to use to design his/her own approach and framework suitable to their specific organization. ------------------------------- Susan Meltzer Sun Life Financial Asst. VP, Insurance and Risk Mgmt. -------------------------------

I agree that the COSO framework is not useful for implementation. Like so many other documents generated around ERM, it resides at a very conceptual level. COSO aside, I have a stack of ERM articles and presentations over 2 feet thick on my desk. About 99% of it consists of high level ERM talk about "changing culture" "getting executive and board buy-in", "eliminating silos" and other such ideas. All are good ideas. But they are like giving directions to the grocery store using a globe. This has all taught me 2 things: 1) We need to stop looking to others to create an ERM framework. The risk community has to lead the charge. 2) We need to bring ERM down to the implementation level. The only way that we are going to break out of the cycle of high level, vague overviews is to focus on specific risks, one at a time. No one on wall street wonders how to calculate the VAR for a credit portfolio. They have it down to a science because the focus on individual concrete risks. If we do the same, in 5 years, there will be an implementation guide for ERM. ------------------------------- Beaumont Vance Sun Microsystems Inc. Risk Manager -------------------------------
Original Message----- Sent: August 27, 2004 12:38 Subject: RE: Increased Visibility for ERM I still don't think that the COSO document is a framework for implementation of ERM. It is an auditor's handbook on their role within ERM and what constitutes a proper ERM program. I don't think it is intended to assist in implementation. Again, I think it is just another source for a risk manager to use to design his/her own approach and framework suitable to their specific organization. ------------------------------- Susan Meltzer Sun Life Financial Asst. VP, Insurance and Risk Mgmt. -------------------------------

I agree that Risk Managers need to define implementation of ERM. If the risk management community doesn’t start leading change to an ERM environment in their respective organizations, others in the organization will and the discipline becomes marginalized. Five years ago I was reading all the high level articles and was wondering how to implement a program as well. I decided to follow my instincts and start implementing without bothering to figure out the “best way” to implement. I hoped I’d get it close and adjust as I went along. Five years later, the Risk Management Department is seen as the “thought leadership” for the program and I’m pretty proud of what has been accomplished. The high level material is great to get you pointed in the right direction, but at some point, you have to reach beyond your comfort zone, have confidence in your self, and do it. ------------------------------- John Phelps Blue Cross and Blue Shield of Florida, Inc. Director of Risk Management -------------------------------
Original Message----- Sent: August 30, 2004 18:33 Subject: RE: Increased Visibility for ERM I agree that the COSO framework is not useful for implementation. Like so many other documents generated around ERM, it resides at a very conceptual level. COSO aside, I have a stack of ERM articles and presentations over 2 feet thick on my desk. About 99% of it consists of high level ERM talk about "changing culture" "getting executive and board buy-in", "eliminating silos" and other such ideas. All are good ideas. But they are like giving directions to the grocery store using a globe. This has all taught me 2 things: 1) We need to stop looking to others to create an ERM framework. The risk community has to lead the charge. 2) We need to bring ERM down to the implementation level. The only way that we are going to break out of the cycle of high level, vague overviews is to focus on specific risks, one at a time. No one on wall street wonders how to calculate the VAR for a credit portfolio. They have it down to a science because the focus on individual concrete risks. If we do the same, in 5 years, there will be an implementation guide for ERM. ------------------------------- Beaumont Vance Sun Microsystems Inc. Risk Manager -------------------------------

Sounds like a good plan for RIMS to take on - i.e. lead the charge one risk (or 1 group of risks at a time). HOw about it RIMS? ------------------------------- Diane Wolfson CAE, Inc. Director, Risk Management -------------------------------
Original Message----- Sent: August 30, 2004 18:33 Subject: RE: Increased Visibility for ERM I agree that the COSO framework is not useful for implementation. Like so many other documents generated around ERM, it resides at a very conceptual level. COSO aside, I have a stack of ERM articles and presentations over 2 feet thick on my desk. About 99% of it consists of high level ERM talk about "changing culture" "getting executive and board buy-in", "eliminating silos" and other such ideas. All are good ideas. But they are like giving directions to the grocery store using a globe. This has all taught me 2 things: 1) We need to stop looking to others to create an ERM framework. The risk community has to lead the charge. 2) We need to bring ERM down to the implementation level. The only way that we are going to break out of the cycle of high level, vague overviews is to focus on specific risks, one at a time. No one on wall street wonders how to calculate the VAR for a credit portfolio. They have it down to a science because the focus on individual concrete risks. If we do the same, in 5 years, there will be an implementation guide for ERM. ------------------------------- Beaumont Vance Sun Microsystems Inc. Risk Manager -------------------------------

I think that this string on increased visibility has been great. Just wanted to let you all know that RIMS has set up another forum to facilitate our discussions. They have set up an ERM roundtable / discussion session to build on our egroup and the roundtable in San Diego. John Phelps and I are both involved in the planning and as it is just going to be risk managers talking about their experiences I thought some of you might be interested. You can find the info at www.rims.org/ermny. Have a great long weekend!! ------------------------------- Susan Meltzer Sun Life Financial Asst. VP, Insurance and Risk Mgmt. -------------------------------
Original Message----- Sent: September 1, 2004 09:18 Subject: RE: Increased Visibility for ERM I agree that Risk Managers need to define implementation of ERM. If the risk management community doesn’t start leading change to an ERM environment in their respective organizations, others in the organization will and the discipline becomes marginalized. Five years ago I was reading all the high level articles and was wondering how to implement a program as well. I decided to follow my instincts and start implementing without bothering to figure out the “best way” to implement. I hoped I’d get it close and adjust as I went along. Five years later, the Risk Management Department is seen as the “thought leadership” for the program and I’m pretty proud of what has been accomplished. The high level material is great to get you pointed in the right direction, but at some point, you have to reach beyond your comfort zone, have confidence in your self, and do it. ------------------------------- John Phelps Blue Cross and Blue Shield of Florida, Inc. Director of Risk Management -------------------------------

As one of the previously-silent ERM's I'm very interested in the potential forum in NYC - can you give more details about what will be covered, or is this to be a free-form discussion? I can't get much description out of RIMS' website. Thanks. ------------------------------- Gary Langsdale Pennsylvania State University Univ. Risk Officer -------------------------------
Original Message----- Sent: September 6, 2004 13:12 Subject: RE: Increased Visibility for ERM I think that this string on increased visibility has been great. Just wanted to let you all know that RIMS has set up another forum to facilitate our discussions. They have set up an ERM roundtable / discussion session to build on our egroup and the roundtable in San Diego. John Phelps and I are both involved in the planning and as it is just going to be risk managers talking about their experiences I thought some of you might be interested. You can find the info at www.rims.org/ermny. Have a great long weekend!! ------------------------------- Susan Meltzer Sun Life Financial Asst. VP, Insurance and Risk Mgmt. -------------------------------

I know that Vincent answered you off line. I am hoping that the discussions will go in any direction that the participants want. We should cover mostly issues of implementation - how to get started, how to sell it and more practical applications. ------------------------------- Susan Meltzer Sun Life Financial Asst. VP, Insurance and Risk Mgmt. -------------------------------
Original Message----- Sent: September 7, 2004 14:25 Subject: RE: Increased Visibility for ERM As one of the previously-silent ERM's I'm very interested in the potential forum in NYC - can you give more details about what will be covered, or is this to be a free-form discussion? I can't get much description out of RIMS' website. Thanks. ------------------------------- Gary Langsdale Pennsylvania State University Univ. Risk Officer -------------------------------