What you don't know about corporate "enterprise risk management" (ERM) may hurt you - and probably already is. Think of the number of post-Enron cases that have resulted in retirement benefits and stock value being wiped out overnight and weaknesses in corporate information technology systems that have allowed hackers to steal your identity (if not your wealth). All of these and a growing number of events are debacles you might have avoided had companies had an effective ERM program in place.

What Exactly is ERM?
Enterprise risk management is difficult to define, but generally it's a relatively new (less than a decade old) management discipline that calls for corporations to identify all the risks they face, to decide which risks to manage actively, and then to make that plan of action available to all stakeholders (not simply shareholders) as part of their annual reports. (To read more about risk, check out Determining Risk And The Risk Pyramid and Measuring And Managing Investment Risk.)

In putting together ERM initiatives, companies are supposed to focus not only on the downside of risk but the upside as well. The traditional approach was to focus on the downside - the losses from currency or interest rate trades in financial markets, for instance, or financial losses that might be caused by a disruption in a supply chain or cyber or terrorism attack that impairs a company's information technology.

In thinking about the upside, companies are supposed to consider competitive opportunities and strategic advantages that might arise out of deft management of risk. Some of these "better decisions" involve items like where to locate a plant or office abroad based on a risk analysis that would look at the political environment in a country.

Evolving Risk Management
Studying how corporations manage the incredibly diverse number of risks they face - everything from movements in currencies, interest rates to public perceptions of their reputations is playing an extremely important role in the investment process. Knowledge of individual corporate "risk profiles" might have led you to invest in companies with the confidence that they could meet corporate objectives and investor expectations (not only in good times, but also in bad). Knowledge of these profiles might have also helped you identify up-and-coming organizations for investment - or helped you better understand which companies to let into your community through a new plant or office, believing that they would do everything possible to avoid environmental damage and to treat employees well.

Until now, particularly in the U.S., the vast majority of corporations have made very little information about their overall risk profiles available to stakeholders. Companies in many other industrialized countries, like Canada, the U.K. and Australia, are much more forthcoming about their risk and ERM activities.

The situation's poised to change as rating companies start to factor in a company's ability to manage ERM. Stakeholders will start to gain a plethora of new risk-related data and information available to them. This story of risk management is likely to expand greatly over the next decade.

ERM: A Constantly Changing Management Discipline
Of course, companies have been managing risk for years. Historically, they've done this by buying insurance. More recently, companies have managed risk through the capital markets with "derivative instruments" that help them manage the ups and downs of moment-to-moment movements in currencies, interest rates, commodity prices and equities. From a mathematical point of view, all of these risks or "exposures" have been reasonably easy to measure, with resulting profits and losses going straight to the bottom line.

Where ERM comes in is where companies manage the risks that defy easy measurements or a framework for management. These include crucial risks such as reputation, day-to-day operational procedure, supply chain, legal and human resources management, financial and other controls related to the Sarbanes-Oxley Act of 2002 (SOX), and overall governance. All of these and other exposures fall under the ERM umbrella.

Back to the Upside
The "upside" that we discussed earlier also includes focusing on preventive measures that help a company avoid potential disasters down the road. For example, some of these actions may include determining when and how the physical assets they own need to be maintained and replaced. This way, the company can avoid unexpected and costly plant and equipment failure that might result in shutdowns, explosions or other events that put a company's employees, communities and reputations at risk.

Understanding that their most important and valuable asset is their reputation, some companies work proactively to protect the company when dealing with man-made or natural disasters. In one of the most storied reputation risk management stories in recent history, Tylenol found itself in need of a burnished reputation in the face of product tampering. It reacted by being honest with the media and quickly and aggressively removing and replacing its products at retail outlets. From 2006 to 2008, the recent push for companies is to prove they are "going green", hoping that aggressive environmental risk management will position their products, plants, supply chain and other operations positively with current and future customers. (Read more about this in For Companies, Green Is The New Black and The Green Marketing Machine.)

How to Find ERM-Friendly Companies
It is a difficult task for investors to discover which companies are working to manage risk from an enterprise-wide perspective - and an even more difficult job discovering who is doing so effectively. Many board members don't understand ERM, believing it to be simply another potentially costly, hard-to-measure regulatory fiat from Washington. Many others believe that effective ERM can be achieved simply by expanding their SOX-related reporting and controls efforts, which is not the case.

Because it's a new management discipline, what constitutes "best practices" in ERM has yet to be defined; currently it's being defined industry by industry, but few if any companies promote themselves as being "best of the best" in ERM or risk management.

So, how do you know who's working hard at effective ERM? A growing number of companies, particularly outside the U.S., devote a significant portion of their annual reports discussing risk management, regardless of whether they specifically call it ERM. Generally, investors interested in discovering who's doing a comprehensive job at risk management - and reporting it publicly in their annuals - need to look abroad. Just north of the border, Canadian-based companies discuss risk extensively in their annuals and they are a good place to start looking into this area further.

One way to quickly see if the company you are researching does have ERM is to check for a Chief Risk Officer (CRO). While CROs are most often found in the energy, banking and insurance industries, more aggressive manufacturing companies are moving in that direction as well. Another clue is found in a tiny nut of companies that have managers specifically in charge of coordinating their ERM efforts. These managers will have the words "enterprise risk" in their titles.

Intensive additional sleuthing from investors may offer worthwhile dividends. Simply searching "enterprise risk management" online will give investors access to numerous recent conference agendas on the topic. Investors should then take note of which companies have executives lecturing on ERM. Also check out the websites of the few associations dedicated to promoting ERM, such as the Risk & Insurance Management Society in New York or the Committee of Chief Risk Officers. The Conference Board in New York also has a dedicated practice examining corporations and their ERM endeavors, and the National Association of Corporate Directors has done a somewhat dated but invaluable Blue Ribbon report on how corporate board members think about risk - and how that needs to change.

Risk Management Doesn't Mean Risk Free
As a word of caution, just because a company has a CRO - or brags about what it's doing in ERM - doesn't mean you should take it at its word; you'll need to look deeper and ask investor relations executives detailed questions. For years, the banking industry has boasted of having the best risk management and ERM programs of any industry. None of that, however, prevented the 2007 credit crunch and mortgage meltdown. (Keep reading about this subject in The Fuel That Fed The Subprime Meltdown

The investment landscape is constantly changing and it is important to get a handle on which companies are doing a good job at managing enterprise risk. This is a relatively young field of study, but it is worth considering because it will continue to play a significant role in the investment community for many years to come.

Related Articles
  1. Investing Basics

    Calculating the Margin of Safety

    Buying below the margin of safety minimizes the risk to the investor.
  2. Mutual Funds & ETFs

    ETF Analysis: PowerShares S&P 500 Downside Hedged

    Find out about the PowerShares S&P 500 Downside Hedged ETF, and learn detailed information about characteristics, suitability and recommendations of it.
  3. Mutual Funds & ETFs

    ETF Analysis: Guggenheim Enhanced Short Dur

    Find out about the Guggenheim Enhanced Short Duration ETF, and learn detailed information about this fund that focuses on fixed-income securities.
  4. Mutual Funds & ETFs

    ETF Analysis: iShares Morningstar Small-Cap Value

    Find out about the Shares Morningstar Small-Cap Value ETF, and learn detailed information about this exchange-traded fund that focuses on small-cap equities.
  5. Mutual Funds & ETFs

    ETF Analysis: iShares MSCI KLD 400 Social

    Find out about the iShares MSCI KLD 400 Social exchange-traded fund, and learn detailed information about its characteristics, suitability and recommendations.
  6. Mutual Funds & ETFs

    ETF Analysis: iShares Agency Bond

    Find out about the iShares Agency Bond exchange-traded fund, and explore detailed analysis of the ETF that tracks U.S. government agency securities.
  7. Mutual Funds & ETFs

    ETF Analysis: Guggenheim BulletShrs 2018 HY CorpBd

    Find out about the Guggenheim BulletShares 2018 High Yield Corporate Bond ETF, and get information about this ETF that focuses on high-yield corporate bonds.
  8. Mutual Funds & ETFs

    ETF Analysis: PowerShares DWA SmallCap Momentum

    Find out about the PowerShares DWA SmallCap Momentum Portfolio ETF, and explore detailed analysis the fund's characteristics, suitability and recommendations.
  9. Mutual Funds & ETFs

    ETF Analysis: ProShares Large Cap Core Plus

    Learn information about the ProShares Large Cap Core Plus ETF, and explore detailed analysis of its characteristics, suitability and recommendations.
  10. Mutual Funds & ETFs

    ETF Analysis: iShares Core Growth Allocation

    Find out about the iShares Core Growth Allocation Fund, and learn detailed information about its characteristics, suitability and recommendations.
  1. Exchange-Traded Fund (ETF)

    A security that tracks an index, a commodity or a basket of assets ...
  2. Profit Margin

    A category of ratios measuring profitability calculated as net ...
  3. Quarter - Q1, Q2, Q3, Q4

    A three-month period on a financial calendar that acts as a basis ...
  4. Debt Ratio

    A financial ratio that measures the extent of a company’s or ...
  5. Price-Earnings Ratio - P/E Ratio

    The Price-to-Earnings Ratio or P/E ratio is a ratio for valuing ...
  6. Compound Annual Growth Rate - CAGR

    The Compound Annual Growth Rate (CAGR) is the mean annual growth ...
  1. How do companies identify and manage business risk?

    In each stage of the business life cycle, companies face both internal and external risks that can have detrimental effects ... Read Full Answer >>
  2. What is enterprise risk management and why is it important?

    Enterprise risk management is a plan-based business strategy that aims to identify, assess and prepare for any risks that ... Read Full Answer >>
  3. What is the formula for calculating compound annual growth rate (CAGR) in Excel?

    The compound annual growth rate, or CAGR for short, measures the return on an investment over a certain period of time. Below ... Read Full Answer >>
  4. Is my IRA/Roth IRA FDIC-Insured?

    The Federal Deposit Insurance Corporation, or FDIC, is a government-run agency that provides protection against losses if ... Read Full Answer >>
  5. When does the fixed charge coverage ratio suggest that a company should stop borrowing ...

    Since the fixed charge coverage ratio indicates the number of times a company is capable of making its fixed charge payments ... Read Full Answer >>
  6. What is the difference between the return on total assets and an interest rate?

    Return on total assets (ROTA) represents one of the profitability metrics. It is calculated by taking a company's earnings ... Read Full Answer >>

You May Also Like

Trading Center

You are using adblocking software

Want access to all of Investopedia? Add us to your “whitelist”
so you'll never miss a feature!