ERM Outlook - Where is ERM Going?

The economic crisis of the last few years has forced a renewed focus on the process of risk identification, management and mitigation. Executives are taking a much closer look at their strategic risk management challenges in order to formulate more rigorous and effective Enterprise Risk Management programs.

Howard Rosen FSA, MAAA, CERA is the Senior Director and Insurance Enterprise Risk Management Practice Leader at Standard & Poor’s. He will be a key speaker at the marcus evans Enterprise Risk Management Canada Conference taking place in Toronto on August 30-31.

Howard is responsible for ERM analysis for insurance companies in the U.S. He manages the U.S. ERM team's activities, particularly in support of new criteria development, the analysis of insurers’ ERM programs, and the reviews of economic capital models. He has been published on various topics and is a frequent speaker at industry events.

Mr. Rosen answered a series of questions written by marcus evans to explain where the future of ERM is going and the importance of an industry-wide ERM plan. All responses represent the view of the Mr. Rosen and not necessarily those of Standard & Poor’s. (Note that the responses have been approved by S&P.)

ERM is simply good management and essential to good corporate governance. Would you agree and why?

HR: We, at S&P, would totally agree. All businesses come with some measure of risk. Some, such as insurance businesses, have more risk than others. In order for businesses to succeed, whatever their definition of success, those risks have to be understood by management. For those risks to be understood, they need to be managed, and in order to be managed, they need to be measured. If you can’t measure it, you can’t manage it.

Further, in order to measure the risks, the company must have the tools to perform the measurements. That measurement process needs to consider the presence and impact of other risks – not only risks that are created by virtue of the business itself, but risks resulting from the environment in which the business operates. The entire process needs to operate holistically, that is, from an enterprise perspective. Therefore, management needs to be aware of its environment, not only today, but it needs to think about how the environment may change tomorrow.

Finally, given the general need for and likely scarcity of capital, there needs to be a process by which the risk/reward propositions of strategic options can be prioritized and compared on a level playing field. There you have it - all the elements of ERM in a nutshell: culture – does management understand its risks; controls – can the company manage its risks; emerging risk management – is the company thinking about how things might change in the future; risk models – does the company have the wherewithal to measure the risks so that they may be managed; and strategic risk management – can the company evaluate and optimize its options for the future?

How can ERM keep evolving as a positive value within an organisation?

HR: Companies which S&P views as having the most effective ERM processes are those which have a feedback loop from actual experience to their ERM frameworks. That is, they learn from their mistakes. For example, one of the most significant lessons learned from the financial crisis was that risks truly have tails that are a lot “fatter” than people thought: things can get a lot worse than history would lead you to believe. So, for example, companies are now considering hedge programs to protect against both the risks that interest rates could go down even lower, or could spike suddenly. Certainly few expected the yield curve to look as it does now and look that way for as long it is has, which may continue into the future. Companies learn! In fact, in S&P’s ERM reviews, we look less favourably at an ERM framework that remains static over the years as opposed to a dynamic framework that evolves over time as risks are better understood.

What role does ERM play in strategic planning and shareholder value creation?

HR: Strategic planning involves weighing strategic options against each other, unless, of course, the availability of capital is not at issue. Wouldn’t that be a nice environment! In order to compare those options, one needs a “value currency” - one or more metrics that measure, on a consistent basis, the importance of each of those strategic options to the company. The combination of risk models and strategic risk management within a robust ERM construct allows companies to more effectively complete strategic planning exercises.

Why is it important to develop a long term, industry-wide ERM plan?

HR: Although my answer relates more specifically to the insurance industry, one can analogize to any industry. In some cases, the insurance industry takes on risks whose exposure can continue for many years in the future. As examples, consider either permanent forms of life insurance or product liability exposures. Once assumed by the insurer, those risks must be managed over the long-term. Further, the world is changing around us: there is global warming; people are living longer; weather patterns are changing; and interest rates move in unpredictable patterns. In order for the insurance industry to continue to thrive, risks must not only be managed today, but they must be managed for many tomorrows into the future. ERM must be a living, breathing creature and evolve as the industry and the world evolve. We view the evolutionary process more favourably if it is not only reactive, but proactive as well.

How can ERM shed light on critical dimensions of risk that determine overall creditworthiness?

HR: In S&P’s view, risk management can be a critical element of an insurance company’s success. For this reason, it is one of eight separate, but related elements which comprise the process we use to rate insurance companies. Therefore, S&P views ERM as a key element in the evaluation of our view of an insurance company’s creditworthiness. ERM gives our analysts an enhanced lens into many areas of the rating process: management and corporate strategy; financial performance; capitalization; investments; and financial flexibility to name a few.

The marcus evans Enterprise Risk Management Canada Conference will take place in Toronto on August 30-31.

For further details on the upcoming conference, please contact:
Michele Westergaard
Marketing/PR Coordinator
marcus evans
Telephone: 312 540 3000 ext 6625

About marcus evans
marcus evans conferences annually produce over 2,000 high quality events designed to provide key strategic business information, best practice and networking opportunities for senior industry decision-makers. Our global reach is utilized to attract over 30,000 speakers annually, ensuring niche focused subject matter presented directly by practitioners and a diversity of information to assist our clients in adopting best practice in all business disciplines.
Votes: 0
E-mail me when people leave their comments –

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community


  • Hi Padmavathi - this conference is meant for senior executives within Risk, ERM and Internal Audit. We also invite risk consultants and IT solutions executives.


    If you have any further questions, please feel free to email me at

  • Is this conference only meant for Business Executives
This reply was deleted.

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!