The first, from PwC, touches on the well trodden path of Black Swans, as well as giving the concept of ERM as a whole a bit of a black eye, suggesting that alignment of risk and strategy is infrequenctly achieved. I can certainly sympathise with the comments relating to the inflexibility of ERM frameworks and the onerous nature of running them in a way that contributes to wider boardroom debate. There is also some salient comment on how malfunctioning ERM can blur the lines of responsibility in an organisation, as well as the old "risk appetite is not explicitly defined" chestnut.
It does however lean heavily on the AIRMIC research from last year for content, and contains some startling generalisations (from an insurer's perspective at least);
- "In most organisations" risk is grouped into three main categories - operational, strategic and financial?
- "Under current risk management thinking, a risk that cannot be identified cannot be managed"?
- Audit committees cited as complaining that they receive too much risk information (as opposed to their job of financial statement scutiny and internal controls adequacy)?
- ERM "currently used by most major corporations" and has "a focus on providing stronger control over operational and financial risks"?
- Some critics claim that ERM "can encourage a box-ticking, process-led approach to managing risk"?
Next up Harvard Business Review and Zurich!