Categories
Risk Management

Survey says: ERM implementations maturing

A survey conducted in July and August of 2009 by Aon has revealed that companies are moving beyond “basic” ERM implementations:

62% of the survey respondents in the Global Enterprise Risk Management Survey 2010 reported going beyond basic ERM, compared with only 38% in Aon’s inaugural ERM survey in 2007.

I wonder what happened between now and 2007 that would’ve affected companies’ willingness to ramp up their risk management practices…

The survey asked respondents (of which there were 201) to rate the maturity of their ERM implementation, from “initial/lacking” through “basic”, “defined”, “operational” and “advanced”.

My take is that respondents are more likely to overestimate the maturity of their implementation and generally more likely to respond the more advanced they (feel they) are in the process. Still, the survey is a welcome indicator that ERM efforts are on the rise.

I also think the fact that ratings firms are taking ERM into account when they determine their grading is helping executives point to a tangible financial benefit and obtain buy-in from all stakeholders, which is critical. In my mind the primary indicator of maturity in a company’s risk management program is how comprehensive it is across all departments and divisions, as the “initial/lacking” stage is exhibited by a rigid, siloed approach.

The survey is available on Aon’s website (if you give them some personal information first).

Categories
Risk Management

Political risk for market dominance

A recent article on the New York Times about the political costs that Google is facing due to its market dominance, and their strategy to reduce those costs, caught my interest:

Google has begun this public-relations offensive because it is in the midst of a treacherous rite of passage for powerful technology companies — regulators are intensely scrutinizing its every move, as they once did with AT&T, I.B.M., Intel and Microsoft. Some analysts say that government opposition, here or in Europe, could pose the biggest threat to Google’s continued success.

Google’s SEC filings make repeated mentions of the high level of competition the company faces in their business. Microsoft and Yahoo are specifically named as the two biggest competitors, and Google notes that Microsoft has more cash and employees, and both companies have longer relationships with advertisers.

I find it interesting that Google is taking the strategy of talking about the “formidable competition” they face as a risk to their business instead of (or in addition to) the risk posed by increased government regulation as a result of their perceived market dominance.

In the section where they talk about government regulation and the risk it poses to their business, they discuss issues like privacy laws, copyright infringement and even net neutrality. But I couldn’t find mention of the risk presented by regulation due to the perception of unfair competition.

Does your business face political risks like Google and other tech companies?

Categories
Risk Management

How the risk of a pandemic might affect your company

A few days ago, probably through Twitter, I found an interesting site for auditors and other risk and compliance professionals called Compliance Week. Based in Boston, they publish a monthly magazine, a weekly email newsletter, and host several blogs and forums on the web.

What led me to the site was a link to a blog post on the risk posed by the swine flu virus, and the observation was made that companies are beginning to include this risk in their disclosures to regulators.

The outbreak is more likely to impact the disclosures of companies in certain industries, such as those in the retail, hospitality, travel, restaurant, or gaming sectors, as well as cruise ship, theme park, and mall operators… For some companies, the pandemic could potentially affect customer traffic, while for others it could affect their ability to staff their own locations or their supply chain.

One of the most interesting projects I’ve worked on since leaving public accounting was a risk assessment, because it encompassed not just the types of risks that I was comfortable with such as reporting and compliance risks, but also more operational and strategic risks. The risk posed by a pandemic wasn’t one that I had thought of at the time, which is likely because my business isn’t in any of those industries mentioned in the article.

footnoted.org recently posted on the topic as well, noting that Starwood Hotels & Resorts included pandemics and specifically swine flu in their first quarter 10-Q, and in doing so have joined other companies such as American Express and Expedia.

How would a pandemic affect your company’s business?