II: ERM IMPLEMENTATION AT LEADING ORGANIZATIONS
Part II is a collection of ERM case studies that give examples of how ERM was developed and applied in major organizations around the world. Note that there is no perfect ERM case study and the objective is for readers to assess what they believe was successful or not so successful about these ERM programs.
The first case study in this book describes ERM at Mars, Inc. Larry Warner, who is the former corporate risk manager at Mars, Inc. and now is president of Warner Risk Group, describes the ERM program at the company in Chapter 3. Mars is a global food company and one of the largest privately held corporations in the United States. It has more than 72,000 associates and annual net sales in excess of $33 billion across six business segments – Petcare, Chocolate, Wrigley, Food, Drinks, and Symbioscience. Its brands include Pedigree, Royal Canin, M&M's, Snickers, Extra, Skittles, Uncle Ben's, and Flavia. With such complex business operations, Mars recognized the importance of providing its managers with a tool to knowledgably and comfortably take risk in order to achieve its long-term goals. Mars business units use its award-winning process to test their annual operating plan and thereby increase the probability of achieving these objectives.
The case study in Chapter 4 entitled "Value and Risk: ERM in Statoil" was written by Alf Alviniussen, who is the former Group Treasurer and Senior Vice President of Norsk Hydro ASA, Oslo, Norway, and Hakan Jankensgard who holds a PhD in risk management from Lund University, Sweden. H&kan is also a former risk manager of Norsk Hydro. In this case study, the authors discuss ERM at Statoil, one of the top oil and gas companies in the world, located in Norway. In Statoil, understanding and managing risk is today considered a core value of the company, which is written into the corporate directives and widely communicated to employees. ERM is thoroughly embedded in the organization's work processes, and its risk committee has managed the transition from a "silo"-mentality to promoting Statoil's best interests in areas where risk needs to be considered.
Chapter 5, called "ERM in Practice at University of California Health Systems," is written by their former Chief Risk Officer (CRO), Grace Crickette, who is now the Senior Vice President and Chief Risk and Compliance Officer of AAA Northern California, Nevada, and Utah. The University of California's (UC) Health System is comprised of numerous clinical operations, including five medical centers that support the clinical teaching programs for the university's medical and health science school and handle more than three million patient visits each year. ERM plays an important role at the UC Health System and assists the organization in assessing and responding to all risks (operational, clinical, business, accreditation, and regulatory) that affect the achievement of the strategic and financial objectives of the UC Health System.
The descriptive case study in Chapter 6, written by Dr. Mark Frigo from DePaul University and Hans Læssøe, the Strategic Risk Manager of the LEGO Group, provides a great example of integrating risk management in strategy development and strategy execution at the LEGO Group, which is based on an initiative started in late 2006 and led by co-author Hans Læssøe. The LEGO methodology is also part of the continuing work of the Strategic Risk Management Lab at DePaul University, which is identifying and developing leading practices in integrating risk management with strategy development and execution.
United Grain Growers (UGG), a conservative 100-year-old Winnipeg, Canada- based grain handler and distributor of farm supplies, was an ERM pioneer. Chapter 7 called "Turning the Organizational Pyramid Upside Down: Ten Years of Evolution in Enterprise Risk Management at United Grain Growers" analyzes the ERM program at United Grain Growers 15 years later. When UGG announced that it had implemented a new integrated risk-financing program in 1999, it received a great deal of attention in the financial press. CFO magazine hailed the UGG program as "the deal of the decade." The Economist characterized it as a "revolutionary advance in corporate finance," and Harvard University created a UGG case study. While most outside attention focused on the direct financial benefits of implementing the program (protection of cash flow, the reduced risk-capital required, and a 20 percent increase in stock price), scant attention was given to the less tangible and therefore less measurable issues of governance, leadership, and corporate culture – the conditions that enabled such innovation. It was a combination of a collaborative leadership open to new ideas, a culture of controlled risk taking, and active risk oversight by the board that produced a strategic approach to UGG's risk management process. This chapter is written by John Bugalla, who is the principal of ermlNSIGHTS.
John Hargreaves has written Chapter 8 titled "Housing Association Case Study of ERM in a Changing Marketplace." He has a mathematics degree from Cambridge University and six years strategy consultancy experience at KPMG. This case study features four real-life charitable housing associations in England and Wales, each with a different strategy and risk environment. Simple yet practical tools to assist in risk identification and prioritization are also presented. This case study has two main aims. The first is to help develop an understanding of the importance of ERM in a charitable context, showing that modern charities are often very active organizations that face significant risks. Second, the case aims to illustrate the need for a close relationship between risk assessment and strategy development, particularly in sectors where objectives are defined in social as well as economic terms. Each of the four cases has a different perspective and challenges the student or practitioner to identify and assess the risk and develop possible risk treatments for each.
Chapter 9, "Lessons from the Academy: ERM Implementation in the University Setting," was written by Anne E. Lundquist. She is pursuing a PhD in the Educational Leadership program at Western Michigan University with a concentration in Higher Education Administration. This chapter explores the unique aspects of the University of Washington's (UW) risk environment, including how leadership, goal-setting, planning, and decision-making differ from the for-profit sector. The lack of risk management regulatory requirements, combined with cultural and environmental differences, helps explain why there are a limited number of fully evolved ERM programs at colleges and universities. The second half of the chapter explores the decision to adopt and implement ERM at UW, including a description of early decisions, a timeline of how the program evolved, a discussion of the ERM framework, and examples of some of the tools used in the risk management process. It traces the evolution of the UW program as well as demonstrates decisions that administrators made to tailor ERM to fit the decentralized culture of a university.
The case study in Chapter 10, "Developing Accountability in Risk Management: The British Columbia Lottery Corporation Case Study," demonstrates how ERM was successfully implemented in a Canadian public sector organization over a 10-year period. Jacquetta Goy, author of this chapter, was the Senior Manager, Risk Advisory Services at British Columbia Lottery Corporation and was responsible for establishing and developing the ERM program. Currently, Jacquetta is the Director of Risk Management at Thompson Rivers University, Canada. This case study focuses on initiation, early development, and sustainment of the ERM program, highlighting some of the barriers and enablers that affected implementation. This case study includes a focus on developing risk profiles; the role of risk managers, champions, and committees; and the development of effective risk evaluation tools. The approach to ERM has evolved from informal conversations supported by an external assessment, through a period of high-level corporate focus supported by a dedicated group of champions using voting technology to an embedded approach, where risk assessment is incorporated into both operational practice and planning.
Chapter 11, "Starting from Scratch: The Evolution of ERM at the Workers Compensation Fund," describes the evolution of a formal ERM program at a midsize property casualty insurance carrier. This chapter is authored by Dan Hair, the CRO of the Workers Compensation Fund. In this chapter, the motivations of executive management and the board of directors in taking existing strategic risk management discussions to a higher level are reviewed. The step-by-step actions taken by the company to develop the ERM program are explained in chronological order. External resources used are also commented upon. The chapter concludes with a discussion of striking an ongoing balance between program rigor, documentation, and business needs.
Chapter 12, "Measuring Performance at Intuit: A Value-Added Component in ERM Programs," shows how Intuit, maker of Quicken, QuickBooks, and Turbo- Tax, is committed to creating new and easier ways for consumers and businesses to tackle life's financial chores, giving them more time to live their lives and run their businesses. This case study shows how Intuit, a global company, is exposed to a wide range of customer-related and operational risks. Understanding the risk landscape enables Intuit to formulate and execute strategies to address potential pitfalls and opportunities. The author, Janet Nasburg, is Chief Risk Officer at Intuit. Janet is responsible for driving Intuit's ERM capability, ensuring that the company appropriately balances opportunities and risks to achieve optimal business results. Before Intuit, Janet spent 16 years in various finance roles at Visa, and has more than 30 years of risk management and finance experience.
Chapter 13 describes TD Bank's ERM program and how it has been developed to reinforce the risk culture and ensure that all stakeholders have a common understanding of how risks are addressed within the organization. This is achieved by identifying the risks to TD Bank's business strategy and operations, determining the types of risk it is prepared to take, establishing policies and practices to govern risks, and following an ERM framework to manage those risks. This chapter is co-authored by Paul Cunha and Kristina Narvaez. Paul Cunha is Vice President, Enterprise Risk Management at TD Bank. During his career at TD Bank, he has spent time in risk management, internal audit, retail banking, commercial banking, and corporate and investment banking. Kristina Narvaez is the president and owner of ERM Strategies, LLC, and is co-editor of this book.