Ciara Izuchukwu explores how enterprise risk management can add value for a firm, and ways for students to contribute to the process

The word ‘risk’ has several different meanings. It can describe the quantifiable probability of a certain outcome, or it can refer to a company’s exposure. It can be defined by whether or not the company is dependent on future unknown events, or on past events that have already been assessed. Insurance companies are in the business of actively taking on risk and creating profit from it, and so robust enterprise risk management (ERM) frameworks have become an industry standard during the past 15 years.
The effectiveness of ERM processes was put to the test during the 2008 financial crisis. McKinsey research showed that the better an insurer’s ERM system, the better it performed financially in 2008 and 2009. The benefits of having an ERM, and the impact of the 2008 crisis, set the stage for the chartered enterprise risk analyst accreditation to be established in November 2009; this is now one of the ‘specialist principle’ exams that students can take as part of the journey to qualification.
The decade before the COVID-19 pandemic was one of economic growth, and for many companies ERM had become a simple box-ticking exercise. However, the pandemic has shown the need for companies to pay attention to their ERM programmes. Having an agile and effective ERM programme can allow a company to better deal with this type of fast-emerging risk, in which there is a wide range of uncertain outcomes. A proactive ERM team with clear processes and lines of communication will be better equipped to recognise when thresholds are being breached, and have the means to raise issues that can lead to swift and effective mitigation before more drastic measures need to be taken.
An example of a failure as a result of risk-management negligence is the Wells Fargo banking scandal that came to light in 2016, in which the bank had to pay US$185m (£152.8m) in penalties for inappropriate sales practices. In this instance, rather than poor risk management leading to a company being unable to cope in an extreme event, Wells Fargo’s risk management failures led to a crisis event. This led to penalties and lawsuits, which recently resulted in criminal charges and jail time.
ERM can also add value to a company. The process can be used to develop new products through consideration of the objectives and the risks that they will not be met. It can also be used to determine the level of risk that is desirable for a certain project – not simply deciding whether certain risks are acceptable, but also achieving adequate risk-adjusted return, and choosing between several projects. ERM can therefore add core value to strategic and operational decisions, and a company with a successful ERM programme should see its risk function as a sought-after ‘thought partner’ to the business. Technological improvements are allowing advanced risk analytics to be linked to key business procedures, so clearer and faster lines of communication can be established. From a capital-management perspective, a comprehensive economic capital model allows a company to make well-informed business decisions that can ensure its solvency is not jeopardised.
How does a company’s risk management affect a student actuary? For ERM to be successful, it needs to be integrated into the everyday way in which a company carries out its operations. This means that whether or not we are working in a risk department, we help to form the ‘first line of defence’ against risk to a company.
Student actuaries can provide a fresh set of eyes to look at existing processes and controls, challenging the appropriateness of the status quo and suggesting modern ways of doing things. ERM is constantly evolving, and the changes a firm makes to its ERM programme can be guided and informed by the new perspective that we students bring.
Ciara Izuchukwu is a student editor