GuilfordPare Press Room.

A tough economy, the challenges of a hard insurance market and other factors may be slowing the implementation of enterprise risk management efforts, but a move toward broadening the scope of risk management continues.

In fact, increased corporate governance pressures created by laws such as last year's Sarbanes-Oxley Act and new expectations of shareholders are driving increased attention to enterprise risk management approaches.

"In general, enterprise risk management seems to be continuing its slow-but-steady march," said Jerry A. Miccolis, principal at Tillinghast-Towers Perrin in Parsippany, N.J. "The recent corporate governance pressures from the various corporate scandals, the Sarbanes-Oxley Act and so forth have sort of hastened the development of that."

"One of the consequences of that is that companies have gotten more serious about their internal risk management practices," Mr. Miccolis said.

"My sort of straw-poll sense of what's developing right now is that most companies-both (because of) the combination of the financial constraints that they're under and some of the problems they're having with their traditional risk management-have probably calmed the move to expanding risk management," said Robert E. Hoyt, professor of risk management and insurance in the Terry College of Business at the University of Georgia in Athens. "However, I do still think there's an interest there."

Faced with the demands of the hard insurance market, risk managers and brokers currently are consumed with a day-to-day process that now takes more time than it did a few years ago. "Ask any broker or risk manager or underwriter about the amount of time they spend now on submissions vs. 18 months ago," Mr. Hoyt said.

And pressure on staff and financial resources in the current economic situation also seems to be slowing the development of ERM programs, the University of Georgia professor said.

"There is still an openness and interest in broadening the focus of risk management," he said. "But it's certainly not a time when companies can staff up."

"When you're in a siege mentality, it's hard to devote energy to strategic initiatives," Mr. Hoyt said. But, he added, "I still believe the drivers are still strong."

Bruce Zaccanti, national practice director-insurance advisory and risk consulting services at Ernst & Young L.L.P. in Chicago, said that the hard insurance market may actually be contributing to companies taking a broader approach to evaluating risk.

"Corporations are, as a result of the hard market and the down financial market, re-evaluating what their risk tolerance is," as they look to view risk across the organization in a more-strategic fashion. Mr. Zaccanti said.

"The hard insurance market is creating more focus, with the rise in the cost and the rise in the risk retention of a lot of corporations," he said. As a result, companies are formalizing methods to establish how much risk they can take and to determine, "All right, if we go to the insurance markets, what are the price breaks and what is the relief we can get from the underwriter?"

Meanwhile, some risk managers who have been trying for years to put an end to the "silo" approach to addressing risk in their companies are finding that "Sarbanes-Oxley has become their best friend," Mr. Zaccanti said.

New approaches
One way companies are moving to eliminate the silo approach-in which a company's various risks are managed independently of one another-is by creating risk management steering committees, Mr. Zaccanti said. Such committees usually include the risk manager, the chief financial officer, perhaps a representative of the company's insurance broker and others, he said.

"We want to create a system to touch everyone, from the loading dock to the boardroom," Mr. Zaccanti said, adding that such committees allow companies to introduce an enterprisewide approach without creating another layer of management.

Mr. Miccolis noted that such committees could have another benefit, in that they can act as a sort of "virtual staff" to the enterprise risk management effort. That is particularly beneficial, he said, because many risk management departments have small staffs, and economic pressures have made it difficult to add personnel.

"Even for companies with (chief risk officers), it's quite usual to find an ERM committee as well, because, by and large, the CRO has a pretty small staff," Mr. Miccolis said.

Steps such as the formation of risk management steering committees speak to a point many ERM experts stress-that enterprise risk management is a process rather than a product.

"Frankly, there's no subset `ERM'; it's just risk management," said Michael J. McAndless, director of risk management at Agricore United in Winnipeg, Manitoba. "The way we see it here in our company, we're just applying risk management principles that have been around for a long time."

"We're just using these risk management principles to consolidate, coordinate and make them consistent to all areas of the business," Mr. McAndless said. "It's just a more-general use of the risk management process in meeting governance requirements and other business requirements."

Mr. McAndless recently placed grain volume coverage, insuring a major exposure his company first moved to address in the late 1990s as a key development of its enterprise risk management program. He conceded that the current insurance market makes the ERM task more difficult.

"It's not as easy a marketplace as it was in the late '90s," he said. "In the hard market, why should underwriters have to think about different things when they're doing extremely well and are extremely busy doing traditional things?" he said.

"But there are still people willing to talk about integrated programs," Mr. McAndless said. And, he noted, enterprise risk management is "not a marketing effort. It comes from organizations that have done some research and analysis and decided that they want to do some things."

`A management issue'

Marcia DeWitt, president and chief executive officer of consultant GuilfordPare in Baltimore, offered a similar view. She said that while some companies took advantage of soft market opportunities in the late 1990s to start addressing some enterprise risks, "it's important that companies that are really making progress are those that approach enterprise risk management not as a product but a process."

"It's really a management issue," Ms. DeWitt said. "I think that Sarbanes-Oxley has really made companies look very differently at some things and how they're operating. It's making companies go back and assess some things that they never thought of as risk."

However, the sluggish economy and concerns such as the possible impact of a war with Iraq seem to be slowing companies' action on some of the decisions that came out of those assessments, Ms. DeWitt said.

The consultant said that although she saw a lot of companies with an ERM "game plan" at the end of 2002, so far this year they're not adopting those plans as quickly as they might have originally intended. "If they said, `We're going to spend a quarter-million dollars on improving our capabilities,' I think they're saying, `Wait, let's spend $100,000 this year and implement it piece by piece,"' Ms. DeWitt said.

But new pressures on directors and officers stemming from governance laws and shareholder expectations "should have a very positive impact on getting companies to address things from an enterprise risk management approach," Ms. DeWitt said. "I think they're much more motivated, because they have a financial and legal obligation to do that."

Ultimately, the processes organizations apply and the risks they look to address vary by organization, according to Tillinghast's Mr. Miccolis. "Every company's doing something different. There's no universal approach to ERM," he said. "There's nothing wrong with that. It should be culture-dependent."

Mr. Zaccanti said he thinks that the enterprise risk approach is going to become institutionalized in the way many companies approach their business. Those that are considered "best in class," he said, will be those that "are going to embrace this and make it part of their corporate culture."

Mr. Miccolis said that a recent Tillinghast survey of insurance company executives showed many interested in adopting enterprise risk management approaches for their companies, often for just those sorts of reasons.

In responding as to why they wanted to adopt an ERM approach, "higher on the list were things like `It's just good business' or `We think it's a good way to get a competitive advantage' or `We need to get more intelligent about the way we make decisions, and this is a good way to do it,"' Mr. Miccolis said.

"Although the pressures from outside are a factor, there's more of an emphasis on proactive reasons," he said. "So it's kind of a combination of the nudge from outside and the realization from inside that `This might help us to do business better."'