The Better the Brakes, the Faster the Car – adding value through improved ERM

Published: August 01, 2009

- adding value through improved ERM

by François Masquelier, Head of Corporate Finance and Treasury, RTL Group, and Honorary Chairman EACT

European companies have been using Enterprise Risk Management (ERM) to varying degrees as part of an ongoing effort to raise awareness and promote appropriate risk management responses and deliver value for stakeholders. More recently rating agencies have added to the clamour for increased transparency of risk management, providing senior management with an increased incentive to revise and improve ERM processes.

ERM is an initiative that, by definition, is never complete

Some European companies, including RTL Group (RTLG), have decided to embrace Standard & Poor’s (S&P) initiative to assess ERM processes of non-financial companies as being an opportunity to revise and improve their existing practice.

In November 2007, S&P consulted users of their rating services in order to validate their approach to benchmarking ERM processes across non-financial institutions. S&P have subsequently developed their ERM assessment - the outcome of which is a rating of a company’s ERM competency as being either ‘weak’, ‘adequate’, ‘strong’, or ‘excellent’. It appears the S&P assessment will concentrate on the culture of risk management and governance concentrating on specific examples to demonstrate how this works on a day-to-day basis. The adoption of a recognised unifying standard such as COSO ERM Framework or the Australian and New Zealand Standard on risk management (AS/NZS4360/2004) is helpful but is not a pre-requisite nor sufficient proof of having adopted good practices1.

RTLG has used the pending S&P assessment to review existing practice in order to be able then to revise internal control processes to make them more effective and efficient. This step was taken as part of a continuous process of improvement initiative.

The first step in evolving ERM at RTLG was to understand where the gaps were…

It was decided at the outset to undertake a review of existing risk management capabilities to determine where improvement effort should be focused. There was a strong desire to build a business case for improvement in ERM but without having to resort to using a myriad consultants. Further, a strong emphasis was put on having practical and pragmatic solutions for improvement.

A decision was made to work with Avantage Capita2, whose methodology and approach based on comparison (benchmarking) was found to be fairly unique in execution in that the output is presented on ‘one page’ which was useful when discussing risk with senior stakeholders who had little time to read a detailed analysis. A long form report on suggestions for improvement was discussed with those of us more heavily involved in the improvement effort. The outcome of the joint effort was to identify any weaknesses or gaps and to define a roadmap with priorities for improvement for the next two years.

Avantage Capita’s IRPM (Integrated Risk & Performance Management) approach, adapted for RTLG, is shown in Figure 1.

The approach enabled the weaknesses in the current risk infrastructure and capabilities to be identified and compared to good practice in peer organisations. The listing of actions to address weaknesses served as the basis for the business case aimed at defining the prioritised improvement initiatives. [[[PAGE]]]

The insights from the IRPM assessment formed the basis for developing a consensus for where effort should be focused to improve risk management

One of the objectives of the ERM review was for senior management to make a clear decision on how to develop ERM internally. The group’s management wanted to formalise their risk and capital management strategy based on their operations strategy. This involved consideration of whether to implement a recognised risk framework. It was acknowledged internally that risk measurement should be an integral part of the establishment of the group’s strategy, planning, and allocation of resources. Further, those ERM initiatives should be integrated into and aligned with the group’s operational activities and overall strategy. The ERM thus enabled them to enhance the degree of sophistication of operational procedures and information to be produced as part of the decision-making process.

Using the road map and the conclusions from the score card, the company determined the possible areas of action in order to improve their ERM processes. With the desire to remain practical and realistic, it was then necessary to specify some of the primary objectives and to allocate the associated resources in order to establish the road map for the next two or three years.

Useful insights from the RTLG experience can be applied to other non financial institutions as they consider ways to improve their ERM

It was noted that, in general, the same type of problems can be observed from one company to another. For example, defining and clarifying the appetite for risk is often a weak point, and yet it’s one of the first things a rating agency seeks to understand. The KRI (Key Risk Indicators) are often incomplete, non-existent, or scattered. It is important to centrally define and control them. When the risks are measured the company can then set objectives and targets.

Similarly, even though IFRS 7 imposes stress testing exercises, sensitivity analyses are often insufficient. It is equally essential to make the V@R-type approaches (e.g. market share at risk, EBIT(A) at risk, free cash flow at risk, etc.) or Monte-Carlo-type simulations an evolving and sustainable process to reflect changes in strategy, changes in the business model, and other external and internal factors. But whatever efforts are made to improve ERM processes, it is an ongoing exercise that should consist of comparing oneself firstly against senior management’s vision for risk management and also against one’s peers and to the best practices in the respective industry. We found the latter of these points difficult to assess, so we used an external party, in this case Avantage Capita, to provide an independent assessment. Just as in financial matters, good practices need to become compulsory and widespread. It’s simply a matter of time before risk measurement and management becomes more entrenched in non financial institutions.

Creating value through ERM – is competitive advantage attainable through investing in risk management?

This is where the greatest challenge lies for those leading the risk improvement initiative – in convincing management of the opportunities to create value through improved risk management. For the most part, risk based decision-making is seen as stifling value creation. In fact the reverse is true - the group should have the ability to take more risks in those areas where they have a core competency (through limits and controls and other mitigating applications) by creating a risk-aware culture through visionary leadership. “The better the brakes are, the faster the car will be.” The group should establish its risk management strategy on the basis of its core values. When a group’s value is ‘entrepreneurship’, the principle of risk taking seems inherent and essential. In my experience, ERM frequently falls down due to a lack of alignment of the approach to risk management with the company’s core values and strategy. The repertoire of skills of the Chief Risk Officer (CRO) must include a sound knowledge of the business and the need to apply excellent communication skills in order to convince other senior management that attaining strategic objectives requires an understanding of both reward and risks. A recent article in the Harvard Business Review (September 2008, ‘Owning the Right Risks’) refers to the fact that the board of directors often lack the knowledge and the risk vocabulary to engage in dialogue with management. The CRO needs to demonstrate conviction in order to gain the support and essential resources for developing ERM. Gradually and with patience, he or she can generate a culture and awareness regarding risks and the importance of managing them. It is a long-term job that requires patience and perseverance.

Sign up for free to read the full article

Article Last Updated: May 07, 2024

Related Content