ERM seeps into the ivory tower: enterprise risk management, a topic which for several years has found itself high up on the corporate agenda, is spreading to the ivory towers of the academic world where the subject has traditionally found a cool reception
Lawrence Richter Quinn
While enterprise risk management has become a hot topic in corporate risk management circles, academia has been cool to the idea. Universities and colleges that long have taught traditional insurance risk management have rarely touched on the ever-growing list of nonhazard exposures companies face. Now they are warming up to the subject.
“We recognize enterprise risk management as an excellent way to consider an organization’s approach to managing risk,” says Joan Schmit, professor of risk management and insurance at the University of Wisconsin at Madison.
In many eases, academia has taken a wait-and-see attitude because there is still no agreed-upon definition of enterprise risk management or what constitutes best practices in this field. At the same time, the corporate world–preoccupied with fulfilling financial reporting requirements under Sarbanes-Oxley–has been slow to buy into the need to design and implement enterprise risk management programs.
But perhaps most importantly, has been the inability to demonstrate quantitatively that enterprise risk management bolsters the bottom line, cuts costs and reduces losses or boosts shareholder value.
Fundamentally enterprise risk management is a holistic look at all the risks faced by an organization. Like any risk analysis, it involves balancing risk and reward, but enterprise risk management puts a special focus on what risks threaten the survival of the organization rather than focusing on risk in silos, such as hazard risk like fires, floods and hurricanes.
Now, though, colleges and universities are running out of excuses for failing to address the broadening definition of corporate risk.
In late September, the U.K.-based Committee of Sponsoring Organizations of the Treadway Commission, an organization dedicated to improving the quality of financial reporting, issued a blueprint for best practices, a set of documents known as the “Enterprise Risk Management Framework.”
While still controversial, many corporate executives and consultants expect the framework to become a widely accepted yardstick for best practices in enterprise risk management around the world. The underlying premise of enterprise risk management is that every entity exists to provide value for its stakeholders, according to the COSO report.
“Organizations worldwide now recognize the linkage between corporate governance, enterprise risk management and entity performance,” says John J. Flaherty, chairman of COSO. “Many seek to improve processes for identifying, analyzing and managing risks. Yet until now, there hasn’t been a comprehensive framework that truly meets the far-reaching demands of the new regulatory and competitive environment. Successfully managing risk drives better business performance and facilitates achievement of strategic operations.”
No wonder, then, that academia is jumping into the fray. “It’s a curious development (that) business practitioners have raced ahead in enterprise risk management, and that calls for more careful thought in the academic arena,” says Robert E. Hoyt, acting director of the Center for Strategic Risk Management at the University of Georgia in Athens. “We’re trying to signal through our enterprise risk management efforts that there’s a real paradigm shift in business strategy,” Hoyt says. “We’re committed to the fact that enterprise risk management has real staying power, so we’re going to ramp up our efforts in the research arena and other areas.”
Georgia State University also is trying to get out in front of enterprise risk management, says Richard D. Phillips, professor of risk management and insurance at the Atlanta-based university. “We see this as a unique opportunity to combine both financial risk management and insurance risk management and really have an integrated approach.” The department is increasing its faculty size to 28 from 22 in order to broaden its risk expertise beyond the hazard arena. “We started with insurance but will bring in math and economies, then business law and other expertise,” Phillips says.
A WINNING EDGE
Universities and colleges with traditional hazard programs are jumping on the enterprise risk management bandwagon because they worry that they could be left behind, and fear a weakening of their ability to attract the best students and corporate risk executives.
“As our faculty started noticing developing trends in the industry and broadening its definition of risk management, we started discussing our potential competitive advantage in developing additional expertise in this area,” says Hoyt. “We’ve had a well-regarded program since 1965, and we want to build on that.”
Academic institutions are pursuing broadly different strategies for bringing enterprise risk management into their programs. Some seek to become leaders in research into ERM and to work hand-in-hand with professionals who want to broaden their own set of risk management skills, possibly with the goal of becoming chief risk officers. Other institutions are more cautious, recognizing that they must teach more than hazard risk if their students are going to become competitive professionally. In both eases, colleges and universities recognize that they must strike partnerships with current risk professionals and those selling enterprise risk management programs in the private sector if they are to succeed.
“It’s extraordinarily difficult to say who may take the lead in ERM-related research, universities or the private sector, but you can’t do research in a vacuum, says Howard Kunreuth, co-director of the Risk Management and Decision Processes Center at the University of Pennsylvania’s Wharton School. “You’ve got to have real-world contacts.”
Educational institutions need to be in contact with enterprise risk practitioners to develop an effective curriculum, says James R. Jones, director of the Katie School of Insurance and Financial Services at Illinois State University in Normal. “We can take some leadership in the theoretical but it’s not easily applied in a practitioner setting,” says Jones. “I could get the faculty to put together a textbook but I’m not sure that would be practical for the industry.”
Universities, however, boast strength in research and theory.
“The thing that universities do well is theory and innovation,” says Mary Ann Boose, associate professor and coordinator of the insurance and risk management program at Indiana State University in Terre Haute. “Research and development is what we do. Very few nonfinancial corporations have the resources to devote to R&D outside of their core businesses so universities have got to be where it happens.”
The strategies that universities and colleges are pursuing differ greatly. Those embracing enterprise risk management fully not only are incorporating it as a component of their programs for undergraduates, graduate students and practicing risk professionals; they’re setting up new centers geared in part to enterprise risk management-related research. That’s the ease at both Georgia State and the University of Georgia. The University of Georgia’s Center for Strategic Risk Management was launched formally in 2001.
“The primary goal of the center is to coordinate efforts and activities within the College of Business that relate to the evolving definition of risk management,” says Hoyt. Funded by the Spencer Foundation, and affiliated informally with the Risk and Insurance Management Society Inc., the center runs the annual Spencer Educational Executive Conference for corporate risk managers.
The University of Georgia also expects a major leap into research activities next year. “One of the areas where we have real interest in focusing next year is the research side,” says Hoyt. “There continues to be a lag in academic or scholarly research in enterprise risk management.” Over the past three years, the university has built new enterprise risk management-related content into its full-time and night undergraduate and MBA programs.
For its part, Georgia State launched the Center for Enterprise Risk Management and Assurance two years ago in conjunction with its finance and accounting departments.
“We felt if we could develop enterprise risk management-related programs internally we could do it externally,” says Phillips. “If you’re going to have an integrated risk program, you need to understand financial risks, hazard risks and controls together.”
“How do you do this? The center provides one way and an opportunity to get it into our executive education program,” Phillips says. Georgia State is currently running through its pilot executive education program through the center, targeting risk managers 40 to 50 years old. The four-week program brings executives in one week a month over a quarter.
“The underlying philosophy is that you cannot teach enterprise risk management in a two-day seminar,” says Phillips.
The program, which costs $10,500, addresses the quantification of risk, the correlation between varying types of exposures, varying ways to manage that risk, the use of derivatives markets and hazard markets and the inclusion of appropriate controls.
NOT ALL SOLD ON ERM
While recognizing the importance of following the evolution of ERM, some academics aren’t rushing to design specific programs or classes around it. That’s the situation at Wharton, for instance, which may be running the oldest risk-related center on its campus.
Wharton’s Center for Risk Management, launched in the mid-’80s, specializes in teaching and research into low-probability, high-consequence events like natural hazards, terrorism and chemical accidents. The center is reaching out specifically to the insurance and chemical industries. Both Cigna and Rohm and Haas have been major backers of the center, which touches on some elements of enterprise risk management.
But you won’t find anything devoted solely to enterprise risk management, in research or teachings, any time soon, says Kunreuth. “I think that enterprise risk management is important in the sense that there are risk problems that cut across an entire firm, and the name ‘ERM’ implies that; that’s good,” says Kunreuth, who teaches a course on risk analysis and environmental management. “But you won’t necessarily find a specific course on enterprise risk management,” he says.
Ironically, the greatest challenge facing the academic world as it seeks to teach and study enterprise risk management more intensely may be exactly the same impediment facing the private sector. University courses touching on risk are concentrated in risk-specific silos with little contact among the departments.
“We frequently discuss the fact that colleges and universities are organized in silos,” says Hoyt. “Namely, departments are discipline-specific. But the whole point of the emerging definition of enterprise risk management within organizations is to expand the activities of silos across the business.
“It will be difficult for us to be believable if we stay slaves to the same silos you see in business,” Hoyt says.
LAWRENCE RICHTER QUINN, a Washington, D.C.-based writer, is a regular contributor to Risk & Insurance[R].
COPYRIGHT 2005 Axon Group
COPYRIGHT 2005 Gale Group