Skip to main content
Blog Post

3 types of enterprise risk management and their roles in strategy

Risk & Analytics|Reinsurance|Insurance Consulting and Technology
Insurer Solutions

By Dave Ingram | January 30, 2019

This post is part of our “A Year in the Life of the Strategic CRO” series and is the third of three posts that will focus on the foundational elements of strategic enterprise risk management.
Group meeting at construction site

Many writers have addressed the ways that risk reward management can contribute to strategy. Some have gone so far as to define enterprise risk management (ERM) as risk reward management. Standard & Poor's label for risk reward management is strategic risk management. Notwithstanding, ERM programs that do not involve risk reward management can make important contributions to all stages of strategy.

I'm going to focus on not only risk reward management here, but also two other types of programs: individual risk management and aggregate risk management.

Individual risk management

Individual risk management programs can make contributions to each phase of strategy:

  • Strategic need – Failed and failing strategies can be identified from the vantage point of an individual ERM program because of the focus on risk selection, mitigation and control. A strategy that has not incorporated sufficient mitigation and control processes will fail  and a failing strategy will often abandon some or all mitigation and control practices to reduce any drag those processes might produce. ERM can often identify these tell-tale warning signs before they become problems that affect the bottom line.

    In addition, new opportunities for expansion can be identified where existing risk selection, mitigation and control processes are working particularly well. ERM could be a partner in the development of SWOTs that are the opening round in strategy discussions.
  • Strategy formation – Suggestions for improvements to existing strategies can also come from the information that ERM handles relating to risk selection, mitigation and control. Clashes between business practices and the risk management program can be indications that the business strategy (at least the risk management part of the strategy) can be improved.
  • Strategy selection – ERM opinions on the existing and potential future competencies in risk selection, mitigation and control should play a role in strategy selection. Selection of a strategy where the insurer already has a competency in risk management can significantly enhance the chances of a chosen strategy's success.
  • Strategy implementation – ERM can contribute to the risk selection, mitigation and control plans for new strategies or improvements to continuing strategies.

Aggregate risk management

Aggregate risk management programs can also contribute to each phase of strategy:

  • Strategic need – ERM can report the extent to which the insurer has under- or over-utilized capital resources. Either could lead to the identification of a strategic need.
  • Strategy formation – ERM can help to find a new strategy that may better achieve organizational goals while more fully using available capital or by shifting from a strategy that has high capital needs relative to its contribution to achieving corporate goals. It can also lead to another strategy that makes more effective use of capital by providing the analysis of capital utilization and its correlation with existing strategies.
  • Strategy selection – ERM can help to develop and apply criteria for capital usage that will be used for strategy selection. These criteria can include the total amount of capital available, the profile of the risks of the new strategy and the degree to which the risks from the new strategy correlate with existing risks.
  • Strategy implementation – ERM can provide an assessment of the aggregate capital adequacy under the proposed plan.

Risk Reward Management

As noted above, risk reward management can contribute to all phases of strategy:

  • Strategic need – Risk-adjusted returns are one of the primary metrics that are developed by risk reward management programs. They're also primary indicators of failed and failing strategies; they represent a significant improvement over unadjusted returns, which can mask shifts to riskier activities with higher returns.
  • Strategy formation – ERM can suggest adjustments to existing strategies that might result in improvements to risk-adjusted returns. ERM can also identify opportunities with higher risk adjusted returns.
  • Strategy selection – A risk reward management process will often operate with a hurdle rate that is the lowest risk-adjusted return that is acceptable. This rate is developed either by or in conjunction with ERM. Proposals can also be assessed by ERM regarding the projections of risk adjusted returns. Management will want to know that these projections are comparable to similar projections for existing strategies.
  • Strategy Implementation – The risk reward management process supports a full capital allocation and budgeting process that is informed by projections of future risk adjusted returns. When combined with assumptions on correlation of the risks from the various old and new strategies, ERM can provide advice regarding how various adjustments to risk retention and risk budgets can result in higher or lower risk-adjusted returns in aggregate.

There are numerous ways for ERM to be strategic, even without the risk reward component. But if you are a CRO and want to be seen to be an obvious contributor to strategy, you need to keep the four stages of strategy and the contributions that your enterprise risk management program can make in mind throughout the year. The things that you say on these topics throughout the year will serve to build your reputation as a strategic CRO.

About the Author

Dave Ingram
Head of Willis Re ERM Advisory

Contact Us