ERM: Fitting to size

ERM is an emerging function in organisations. Its establishment is obviously faced with cost-benefit considerations. How much should organisations spend to establish ERM? Will the benefits justify the cost? Questions like these make ERM implementation a business case. When we consider the practices of organisations in fitting other well known functions to size, it becomes easily to apply same parity of principle for the ERM function.

The general ledger of an organisation’s accounting system, for instance, is the engine-room of its double entry postings. This is where the organisation’s chart of account is set up. When organisations deploy enterprise resource solutions, even within the same group, the chart of account is never a one-cap-fit-all design. The general ledger and the chart of accounts are usually fitted to suit an organisation’s peculiar description and tracking of financial transactions. The ERM function is set up in a similar way. The general ledger of an organisation, for simplicity, can thus be likened to its risk register and the chart of account to specific components of its ERM framework. The risk register is the engine-room of the risk management process. Like what the chart of account is to the general ledger, the risk register’s functionality is dictated by the appropriateness or otherwise of the ERM framework that drives it.

 

Fitting ERM to size becomes very necessary for so many reasons. There are a lot of Small and Medium scale Enterprises (SMEs) that consider that their sizes are not large enough to develop and deploy an ERM framework. Such thinking calls for the light that a topic as this is meant to shed. Also, most organisations that operate group structures often do not properly differentiate between group solvency and fitting ERM to the size of subsidiaries. They assert that a group ERM framework fits all the subsidiaries. This misconstrues ERM framework design. Therefore, putting the design of ERM framework in the right perspectives will enable organisations to institute proper risk defence structures and thus enhance the chances of achieving their objectives.

Coming back to the group structure, it is appropriate to illustrate ERM fit-to-size with how Risk Appetite framework component is deployed in organisations. A Standard Operating Procedure (SOP), for instance, is a typical documentation of an organisation’s step-by-step core processes’ routine procedures. A SOP prescribes an organisation’s risk appetite for core processes’ routines by specifying tolerance limits for turn-around time. Let us consider an organisation with a group structure and assume that it deploys a one-cap-fit-all SOP for all the companies in the group. It becomes obvious that such ERM framework will be deficient because at some point each of the subsidiary companies will have peculiar core processes, no matter how homogenous their operations might be. A one-cap-fit-all framework will fail to address peculiarity and thus limit ERM. This is just one reason why no one ERM framework fits a group.

The volume that the organisation drives is another important consideration in fitting its ERM framework to size. The size of an organisation’s risk governance system should therefore reflect its risk exposure. How large should the ERM function be? What should be the size of the internal audit function? Should ERM and Compliance functions be controlled by one department? How often should risk committees meet? Should an organisation outsource ERM or all of its governance systems? ERM fit-to-size design provides answers to these questions.

Interestingly, emerging global solvency capital reforms are fit-to size sensitive. The solvency capital reforms of most world economies leave room for organisations to decide how big or how small their governance systems should be, including outsourcing of same. Organisations thus have choices to implement solvency capital reforms with a fit-to-size variant. There is the more robust option with full internal modelling for all of Operational, Market and Credit risk management. This suits organisations with mega risk exposures. There is also the second option that requires partial internal modelling for one or any two combinations of Operational, Market and Credit risk management plus standard formula. This is a hybrid of full internal model and standard formula all through. Small organisations have the option to go for standard formula for all of Operational, Market and Credit risk quantifications, although they have to show proof of ERM with Internal Capital Adequacy Assessment Process (ICAAP) or Own Risk and Solvency Assessment (ORSA) requirement. ICAAP/ORSA places lesser burden than internal model. Emerging solvency capital reforms are best practices and a demonstration of proportionality. Fitting organisational ERM to size therefore requires that the cost of implementation, and subsequent running, must not exceed the benefits that are derivable.

 

Steve Nkwor MIRM (UK)

 

Steve Nkwor a risk management consultant and writes from Lagos, Nigeria. He is a passionate promoter of down side zero tolerance. He holds full membership of the Institute of Risk Management of London. He is also a fellow of the Institute of Chartered Accountants of Nigeria as well as an associate of the Chartered Insurance Institute of Nigeria and can be reached on [email protected]