How chief risk officers can make everyday enterprise risk management tasks strategic
- Published: Tuesday, 05 March 2019 13:14
A survey by Willis Towers Watson has looked at the enterprise risk management activities of North America based chief risk officers and considered how strategic these are.
42 North American chief risk officers (CROs) in insurance companies (mostly non-life) responded to a question about the activities that make up their year. Willis Towers Watson asked them about 34 activities, some of which are highly strategic, but many less so.
There are nine enterprise risk management (ERM) activities that at least nine-in-ten of the North American chief risk officers (CROs) surveyed said that they perform in one way or another over the course of a year. None of these activities is necessarily strategic, but a strategic CRO can put a strategic spin on any of them, says Willis Towers Watson.
The nine activities are:
- Present periodic risk management report to board - a strategic CRO organizes the risk report in terms of the insurer’s major strategic initiatives.
- Hold management risk committee meetings - a strategic CRO will work to focus these meetings on both the risks that might have significant impacts to the company and on the insurer’s highest risk concentrations.
- Communicate/interact with risk owners - strategic CROs create a forum for cross silo communications about risk management.
- Update risk register - the strategic CRO needs to lead a discussion of how shifting strategy or changes to the external environment lead to changes in the risk register.
- Identify, assess, and plan for emerging risks - the process of linking emerging risks to strategies makes this ERM activity a more strategic exercise.
- Update risk tolerance - the strategic CFO needs to make sure that the company had access to enough capital to support the strategies of the firm.
- Perform stress and scenario testing - stress and scenario tests can be a great strategic analysis tool.
- Assess and report on changes to risk environment - a good way to act as a strategic partner when presenting changes to the risk environment is to include constructive suggestions for adaptation to the changes.
- Update risk profile - it is common for the risk profile to be shown two ways: by risk and by business unit. To make this information more strategic, the CRO needs to look at whether the risk strategies overlap with company strategies.