FTI Consulting: ERM: The Flipside of Strategy - Roger Carlile
After years of talk about enterprise risk management, some experts still feel that senior management has failed to understand its importance. For some, argues FTI Consulting's Roger Carlile, ERM should be embedded with planning and operations, and should be seen as the flipside of strategy.
The concept of enterprise risk has been discussed for at least a decade, but there is growing frustration that, so far, there has been more talk than action. Finally, however, a new attitude towards risk is emerging, which could bring enterprise risk management (ERM) to the fore.
The major corporate shocks that have rocked global business during the last decade have led more companies to take steps, albeit slowly, to implement systems and processes for ERM as they place more emphasis on risk management.
“Boards and senior management have experienced a lot of risks from Enron onwards. There have been losses of all kinds and these risks are making companies look again at ERM,” says Roger Carlile, Senior Managing Director of FTI Consulting.
RETURNING TO ERM
Carlile heads the forensic and litigation consulting segment of global business advisory firm FTI, which assists many leading companies with legal, financial and reputational matters. The organisation helps clients anticipate, illuminate and overcome complex business challenges, and in his role, Carlile has seen first hand the effects of corporate failures and the vicissitudes of global markets on attitudes to risk.
“If you went to your doctor and your recent history was fine and they told you that you needed to exercise more, you would hear it, but you wouldn’t necessarily take action. If you’d just had a heart attack, you might respond differently. So, companies are now more sensitised to the reality of risks,” comments Carlile.
Furthermore, agencies such as Standard & Poor’s now give ratings on the risk management capability of commercial enterprises.
“Investment in ERM is going on because, if you are rated on risk management, then you must see and understand the processes and control points that allow you to identify and mitigate risk,” adds Carlile.
Nevertheless, he fears that some companies still pay mere lip service to ERM. “Boards should not see it as just another compliance process. ERM is the other side of the coin to strategy. Companies are eager to spend time on strategy and operations, but to analyse positive outcomes and identify benefits you must look at the cost of risk in any strategy,” he adds.
NO SURPRISES PLEASE
Carlile firmly believes that ERM should sit with strategic and operational decisions, noting that, “ERM is about identifying the risks of strategy, which allows a company to either accept those risks or mitigate them. You need to know the risks of manufacturing abroad, for example, or of disruptions to production or distribution.”
Risk is part of the business of banks and insurance companies, and while firms in the financial sector may not have ERM, they at least have welldefined risk processes. Yet this sector, too, has suffered shocks to its system. Take the damage from the sub-prime mortgage market in the US, which shows how different decisions produce radically different results.
This also highlights how major financial blows can alarmingly catch financial institutions well versed in risk management by surprise.
“Goldman Sachs made a record profit in 2007, but others like Bank of America, Citibank and Bear Stearns were surprised when they lost their bets on the sub-prime market. If they had had strong ERM in place then there would have been no surprises. They would have known the best and worst case scenarios, as well as the most likely,” remarks Carlile.
“It is OK to make mistakes, but ERM at least means you are not surprised by any outcome. It allows users to identify and quantify major risks,” he adds, in the firm belief that now is the time for businesses to learn the lessons of the last decade and unleash the power of ERM.