|
|
|
Features
< Back
Sarbanes Oxley : Thought Leader
Enterprise Risk Management Comes of Age
By
Doug French
|
|
Doug French
Global Director of IAAS
Ernst & Young
|
The risk landscape is changing rapidly for insurance companies. Volatile economic conditions, combined with exposure to financial options and guarantees, longevity trends, terrorism, ongoing consumer litigation, and natural disasters, have put insurers under unprecedented strains. The need to manage these risks has been exacerbated by an increasingly competitive environment.
There is a growing recognition that traditional narrow risk management approaches must give way to enterprise risk management (ERM), addressing exposures across the entire organization. To better understand current industry practices, concerns, and challenges related to ERM, Ernst & Young conducted a survey focused on the three pillars of ERM: risk governance, risk measurement, and risk management. We also hosted a roundtable of senior insurance executives to review the preliminary study results and further evaluate the progress the industry has made within each of these categories. Roundtable participants confirmed that ERM has strong support within their companies.
Risk Governance Reaches the C-Level. Risk management is viewed as a critical governance issue. Some 67% of participating companies have a formal ERM committee, half of which were formed within the past three years. Another 21% are considering establishing one.
Top-level executive involvement in ERM committees is common. No less than 71% of respondents with ERM committees say their chief executive officer (CEO) and/or president/chief operating office are members. Committees also include chief financial officers, chief risk officers, chief investment and actuarial officers, general counsel, and business-unit general managers.
More and more insurers also are appointing chief risk officers (CROs). A majority of respondents (58%) have a CRO in place, and another 8% are considering such an appointment. Of those with a CRO, nearly half established the position within the last three years, and the CRO reports directly to the company?s CEO or CFO. The survey findings also suggest that life/health companies have been moving faster than their property/casualty counterparts to appoint CROs.
The most important elements for effective risk governance, according to respondents, are consistent risk monitoring and reporting, well-defined roles and responsibilities, appropriate risk metrics, and support and buy-in from both senior management and the business units.
Risk Measurement Not Standardized. Robust risk measurement remains a critical industry challenge, according to the study and roundtable participants. Generally, ?good? risk measurement is still in the eye of the beholder. In some companies, risk measurement and even the aggregation of various risks are done only to a limited extent and are based on subjective definitions and criteria.
In the absence of defined risk measurement standards, companies are turning to economic capital, a framework that allows companies to measure performance across products and business units. A majority of respondents already have (or are developing) an economic capital framework. Only 8% have no intention of implementing one.
While U.S. companies appear to be moving to integrate risk measurement and management into their governance and operations, steps toward the adoption of industry standardized definitions and metrics have been slow. Several respondents and roundtable participants commented that in the U.S., unlike in Europe with Basel II and Solvency II, there is currently no concerted push for standards either by governing bodies or by groups of companies.
Goals Not Yet Achieved. When respondents were asked about the relative importance of their risk management activities and whether they had made significant changes over the last two years, the responses showed that while risk assessments are viewed as important, the quality of these assessments varies significantly from company to company. This was true of both the L/H and P/C sectors.
Interestingly, the top nonfinancial operational risks identified by L/H insurers were (1) competitor behavior (i.e., irrational pricing), (2) reputation, (3) regulatory compliance, (4) market conduct, and (5) pricing/underwriting. P/C companies identified a similar set of risks, but in a different order, namely: (1) pricing/underwriting, (2) competitor behavior, (3) reputation, (4) regulatory compliance and (5) reserving.
While participants believe they are making progress in managing and controlling financial risks, they do not feel as confident with respect to operational risk. Holistic operational risk management is a goal, but companies are struggling with how best to proceed. Also, while companies are looking to fully embed ERM into day-to-day decision-making, that goal has not yet been achieved.
Looking Ahead. The responses from survey and roundtable participants suggest that ERM is coming of age in the insurance industry. While the U.S. is lagging behind Europe, U.S. companies are making significant progress with respect to all three pillars of ERM. More work is needed, however, and in the years ahead, we expect market leaders and external audiences to continue to raise the bar.
Doug French
Global Director of IAAS
Ernst & Young
Doug French is global director of Ernst & Young?s Insurance and Actuarial Advisory Services practice and can be reached at either (212) 773-4120 or doug.french@ey.com.
|
|
|
|
|
