Articles on Enterprise Risk Management (ERM) typically provide valuable examples, but many risk managers have been asking for quantitative evidence supporting ERM standards. With contributions from the RIMS ERM Committee, I developed the RIMS Risk Maturity Model to meet the need of actionable guidelines that risk managers could use to generate requirements for their ERM programs which were published in November of 2006.
Since my last posting in February, I have been busy analyzing data collected over a 14-month period from 564 organizations that have assessed their ERM programs using the RIMS Risk Maturity Model and drawing conclusions from this first of its kind research. Recently all that research has become public, the Risk and Insurance Management Society published the State of ERM Report 2008.
This report provides the empirical evidence that has long been intuitively known by risk practitioners, but up until today, never proven. Executives responsible for risk management can get a free copy of the report here:http://www.rims.org/rmm and receive a customized assessment of your ERM program.
There are four key findings:
- 93% of organizations with formalized ERM programs make better risk-informed decisions than those organizations without formalized ERM programs.
- Formalized infrastructures in well-managed ERM programs embody the 68 best practice guidelines presented in RIMS Risk Maturity Model for ERM.
- Only 4% of companies with an ERM program have a managed or better level of risk management competency.
- Distinct correlation between higher scores on RIMS Risk Maturity assessment and higher credit ratings and lower cost of capital.
Fully implementing the guidance criteria in the RIMS Risk Maturity Model is now proven to lower the cost of capital. The findings from this report provides the quantitative evidence that greater ERM competency is directly linked to better business performance. Further the research outlines definitive guidance of how to improve risk management competency to achieve improved business performance.
For example, directly involving front line management in risk assessment activities is one of the strongest ways to improve risk management competency in your organization and achieve higher credit ratings at the same. What is even more exciting is that the data was gathered BEFORE the announcements by Standard and Poor’s of their intentions to include ERM in their evaluation methodology. In these challenging times, taking action on the 68 guidance criteria outlined in the RIMS Risk Maturity Model and supported in the RIMS State of ERM 2008 Report will lead the way in 2009 for better business performance.