(216) 609-3940
SandRun Risk
  • Home
  • What We Do
    • Risk Management
    • Insurance Claims
    • Insurance Archaeology
  • Blog
  • About
    • Team
    • Our Company
    • Articles
  • Contact

Enterprise Risk Management:  A Primer for Business Leaders – Part III (Evolution of the Corporate Risk Management Function and the Dawn of ERM, 1990 to 2020)

11/5/2019

0 Comments

 
Picture

​Until the 1990s, few business leaders thought of risk management as something broader than the procurement and administration of corporate insurance.  In this article, we discuss the challenges confronting the new field known as Enterprise Risk Management (“ERM”) since it has started to emerge over the last 30 years.

“A big part of being an ERM leader is to listen to the risk owners throughout the organization.  While we have developed a solid central risk management framework, we serve the needs of our leaders in IT, supply chain, legal and so on.  They all speak their own language, which you need to learn. Frankly, they don’t want to hear a bunch of risk theory jargon from ERM.  What’s important is that I appreciate what they see as the risks affecting their assumptions. This requires that I become an active listener and take the time to understand their business models and concepts, which I enjoy learning about.  Once you translate these risks, you can incorporate them into the central ERM framework.”

- Jeff Matsen, Vice President of ERM, Edwards Lifesciences, Interview conducted by Russ Banham for RIMS (Risk and Insurance Management Society), April 2019

The period in corporate risk management from 1990 to 2020 might be best described as the dawn of new era – the era of Enterprise Risk Management (“ERM”). As with any new era, change is not easy or straightforward.  It’s messy and controversial. Why? It’s because we are comfortable working within established and well understood intellectual frameworks and we don’t like change. In fact, the last thing normal experts seek to do is to refute the theories and assumptions embedded in their own paradigm.

Since the 1940s, corporate risk management has been oriented toward prevention of accidental loss, insurance purchasing and management, and solving specific insurance-related problems through some combination of avoidance, control and financing.  The predominant conceptual world view equated risk management with insurance management.  Consequently, before we spend time trying to understand the current state of ERM, it’s important to step back and learn how change occurs when we shift from one conceptual world view (risk management is the prevention of insurable loss) to another conceptual world view (risk management is an interdisciplinary and enterprise-wide effort for learning to thrive in a state of uncertainty).  

The best guide to understanding paradigm shifts is Thomas Kuhn and the book he published in 1962 which is entitled The Structure of Scientific Revolutions. Kuhn was trained as a physicist, but his intellectual breakthrough came as a result of being tasked to teach a course on science for humanities students at Harvard.  Kuhn built the course around historical case studies and in so doing, he had an epiphany.  Before Kuhn, scientific progress was thought to be the evolutionary outcome of researchers, theorists and experimenters peacefully collaborating to obtain an improved understanding of the natural world.  New truths were added to the stock of old truths, theories were better approximated to the truth, and past errors were corrected.  In sum, science was thought to be a continuous and relatively harmonious increase in a set of accepted facts and theories.

Kuhn’s compilation of historical case studies, particularly his review of Aristotle’s work, led him to a different conclusion. Instead of viewing science as steady, cumulative progress, Kuhn realized that experts work within intellectual traditions and that we should see the development of any field, such as risk management, as occurring in phases.  The first phase is “normal science” in which a particular community shares a common intellectual framework in which anomalies are resolved either through  incremental changes to the framework or by discovering an error in the practitioner’s methodology.  Imagine a piece of equipment fails to perform in the anticipated manner.  Normal science resolves the anomaly through newer and refined methods and instruments which, in turn, produces better equipment.

What happens when an anomaly can’t be resolved, or worse, anomalies begin to accumulate?  We move to the crisis phase where some members of the community begin to question the paradigm itself.  At this point, scientists lose faith in the existing paradigm and start to consider alternatives. Debate ensues and gives rise to competing articulations of new paradigms.  Eventually, the crisis is resolved by replacing the now-deficient paradigm by a newer one and the community returns to normal science based on the new framework. Interestingly, Kuhn observed that those who invent a new paradigm are often young or new to a field whose paradigm they changed.

Risk management as we presently know it is in Kuhnian state of crisis. In September 2019, RIMS, the industry association for insurance and risk professionals released its first ever survey on present and future challenges facing those working in the field.  Less than one-third of senior executives responded that risk management professionals of today are prepared to meet future challenges. Further, respondents complained that a significant challenge was obtaining “senior leadership buy-in, and resistance to ERM.”  This survey comes 15 years after the Harvard Business Review listed ERM as a “Breakthrough Idea for 2004.” (L. Buchanan, Breakthrough Ideas for 2004, Harvard Business Review, 2, 13-16 (2004)).

Why the confusion? If risk management is to be something more than the procurement and administration of corporate insurance, there must be clarity about the core purpose, objectives and methods of the new intellectual framework.  At present, there is no consensus about how to build institutional capacity within organizations to manage uncertainty, whether such uncertainty is simple, complicated or complex.  If consensus existed about how to construct an interdisciplinary and evidenced-based framework to manage uncertainty, each episode of uncertainty would simply provide another body of knowledge that would be disbursed throughout the organization, thereby increasing the overall group capacity to manage uncertainty.  Think back to our discussion of Stanley McChrystal and Paul O’Neill.  Unfortunately, their examples have not yet produced consensus on what ERM should look like in an organization.

Throughout the remainder of this section, we will take a careful look at some existing models for practicing ERM that have been developed over the last 20 years.  As we do so, it’s important to remember that these frameworks represent different world views about how organizations can manage uncertainty in holistic way.  Think of them as high level guidance that define a set of outcomes that an organization might want to achieve when building institutional capacity to manage uncertainty.  Recognize also that some/many parts of these frameworks will not apply to your organization.  

Moreover, as noted above in the observations of Jeff Matsen who serves as Vice President of ERM for Edwards Lifesciences, many components of an organization are accustomed to managing risk in their own way.  They have their own language, belief systems and skill sets for managing risk.  Yet we know increasingly that risks are seldom isolated in their effect and that they impact other areas of the organization in unintended and unforeseen ways.  If everyone is narrowly focused on what will make their particular silo successful, who will ensure that the organization remains a moral enterprise – a living community which thrives through continuous learning?  ERM is a way of helping organizations realize that there are better and worse ways of operating and that there are grades of excellence even if there is no single way that is the best of all.

​If your organization is moving away from an insurance-based view of risk management toward an ERM approach, it’s useful to begin by knowing something about the existing ERM frameworks in order to determine what might work for your circumstances.  Accordingly, we will look at the key elements of three frameworks sponsored by three different groups:  (i) the Standards Australia/Standards New Zealand 4360 Risk Management Standard which became the International Organization for Standardization Standard 31000 (“ISO 31000); (ii) the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”), and (iii) the National Institute of Standards and Technology (“NIST”). As we explore each model, we will focus on the common elements that are needed for successful implementation, all the while retaining a Kuhnian perspective.  That is, it’s important to remember we live at a time where there is no single framework for practicing ERM that is persuasive for all to adopt.  At best, there is an increasing shift to a more holistic approach to managing uncertainty that has produced a variety of allegiances to a variety of approaches.  Experiment; pick and choose the elements of an interdisciplinary approach that is right for you and your organization.

0 Comments



Leave a Reply.

    Authors

    Lori Siwik and Mark Siwik are the founders of SandRun Risk.  They apply the principles of vertical leadership and lean six sigma to the discipline of risk management.  From time to time they share their blog with guest authors who write about important risk management principles.

    Categories

    All
    Insurance Claims
    Mergers And Acquisitions
    Risk Management

    Archives

    May 2022
    December 2021
    September 2021
    August 2021
    July 2021
    June 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    June 2017
    May 2017
    March 2017
    December 2016
    November 2016
    October 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    June 2015
    May 2015
    April 2015
    March 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    May 2014
    April 2014
    March 2014

    Categories

    All
    Insurance Claims
    Mergers And Acquisitions
    Risk Management

    RSS Feed

What We Do.

Risk Management
Insurance Claims
Insurance Archaeology

Blog.

About.

Team
Our Company
Articles

Contact.

Legal.

Privacy
Terms of Use
 
Copyright ©2014 | 4199 Kinross Lakes Parkway, Ste. 275 Richfield, Ohio 44286 | 216-609-3940 | info@sandrunrisk.com