| Survey looks at enterprise risk management practices in life insurance companies
However, there are several crucial elements of enterprise risk management that many insurers have yet to address and fully implement, according to the web-based, three-part survey, which focused on best practices in embedding ERM into a company's business processes and culture. Although many life companies have made progress in such areas as risk identification, prioritization and measurement, few are achieving the desired full potential of enterprise risk management as a management tool. For example, the majority of respondents lack tools to measure value creation from enterprise risk management (83 percent) and have not yet aligned ERM with performance incentives (71 percent). Among the areas where companies are lagging the most, according to the survey, are quantifying economic capital (68 percent do not currently have this capability in place), identifying and preparing for emerging risks (69 percent) and having a clear and defined vision of risk tolerances, risk appetite and overall risk profile (71 percent). It must be noted that, of the firms that currently do not have these capabilities, nearly all indicated they plan to implement them over the next one to three years. Approximately three-quarters of responding CFOs indicated that they have one or more tools for specifically monitoring and managing enterprise-wide risk, while nearly one-third of respondents indicated that they use them primarily for identifying and quantifying significant risks across the organization. Moreover, 33 percent said they mainly use these tools for driving management action on risk mitigation and value creation. Among the companies reporting having made significant headway in building their enterprise risk management capabilities in certain areas, 81 percent said they have adequate or better controls in place for most major risks, and 63 percent indicated they have in place a coordinated process for risk governance. Further, 58 percent include risk management in decision making to optimize risk-adjusted returns, and 47 percent said they are able to identify, measure and manage all risk exposures within tolerances. "We are just beginning to see many companies getting serious about enterprise risk management and moving from just talking about it to implementing robust methods that address myriad risks," said Prakash Shimpi, a managing principal of Towers Perrin with global responsibility for the company's ERM practice. "It is abundantly clear that enterprise risk management will need to be higher on the CFO's to-do-list if in fact companies wish to maintain healthy levels of financial performance." Operational risk management still evolving Although operational risk management is still fairly under-analyzed at most companies, it is encouraging to note that most respondents recognize that this is not just about operations risk management. That being said, the survey responses demonstrate that a good number of insurers are not thinking about risk consistently. For instance, 66 percent of CFOs surveyed believe that the definition of risk used in their companies' operational risk management framework is consistent with the definition of risk used for managing market, credit and insurance risk. However, 58 percent of this group associate high risk with high probability and high impact, and 29 percent of respondents associated high risk with high-frequency and high-impact events. "The survey responses indicate that the definition of risk used in operational risk management is generally not consistent with the definition used in other areas of risk management, where high risk is characterized by low probability (or low frequency) and high impact," said Ali Samad-Khan, head of operational risk management consulting for Towers Perrin's ERM practice. "Clearly, it is very difficult to implement an operational risk management program that is based on an inappropriate conception of risk. Firms that intend to implement high-quality operational risk management programs should ensure that their framework is built on a solid foundation," added Mr. Samad-Khan. "Specifically, they should ensure that the definition of risk and the methods used to assess and measure risk are in line with the evolving standard for industry best practices."
•Date: 16th May 2008• Region: World •Type: Article •Topic: Financial sector
|
