ALM Intelligence’s Naima Hoque Essing, Senior Analyst, Lead for Risk Consulting, recently had the opportunity to connect with Jonathan Burnett to discuss developments in Crowe Horwath’s Enterprise Risk Management Consulting practice. Jonathan is the leader of Crowe Horwath’s Global Risk Consulting practice.
ALM Intelligence: What are client needs with respect to Enterprise Risk Management?
Burnett: Client needs run the gamut and are bracketed by extremes with tremendous variety in the middle. On one end, clients run ERM as an annual administrative process that they roll out to demonstrate to regulators and other stakeholders that they have a program in place. On the other extreme, clients realize that although ERM may be an unavoidable cost, they should seek to derive as much value from their ERM investments as possible. Regardless of the situation, our clients want us to help them make decisions quickly and while Crowe is a very structured organization with eight global solutions and a fixed number of specialized industries, we remain agile to help meet our clients’ most pressing needs.
ALM Intelligence: ERM can be a nebulous subject. How does Crowe Horwath approach ERM?
Burnett: Our Sustainable Risk Management framework emphasizes ERM leadership attributes over technical attributes, which differentiates us from other well-known industry frameworks. The technical attributes of ERM, which include how companies identify, monitor, assess, respond to, deploy IT systems, and report on risk, we view as core risk management processes, and many firms, including ours, tend to do this well. At Crowe, we emphasize the leadership attributes around the core process, which to us means focusing on culture. Like ERM, culture is another nebulous topic, but if one can really understand the client’s culture and find ways to effectively influence it through risk management, we believe clients are much more likely to end up with a usable, and thus sustainable, ERM program. Another leadership attribute is strategy. We find that strategy development is often conducted in a department separate from the risk function and we seek ways to better integrate and align risk management with the strategic planning and the investment process. How we do this varies greatly by client, but we have clients who seek to combine risk with strategy by integrating departments or nominating the head of strategy to chair the risk committee, since boards and executive committees are extremely conscious of their strategic risks; however, this structure and type of thinking are still quite rare.
ALM Intelligence: Why are these leadership attributes important?
Burnett: By linking risk management to an organization’s culture and strategy, as well as to their existing communications structure and management reporting systems, we strive to create an environment where management is much more likely to use risk information in making strategic and operational decisions to protect their business as well as reduce their operating costs and improve their margins. So to us, ERM is not so much the way you assess or monitor risk, but how you use the information made available through the process to make the best business decisions.
ALM Intelligence: What are some trends you seeing in ERM ?
Burnett: We see the market moving away from providing standard risk assessment and business impact studies. Clients are no longer satisfied with static risk inventories and heat maps, which are often sitting within internal audit to be reviewed once a year. Clients now wish to understand their dynamic risk systems—that is how their risks are inter-related and may create contagion—now and in the future. This requires new methods and models such as scenario analysis and real-time risk dashboards so that leadership can understand and monitor change and allocate resources to prevent or mitigate root causes of risk that can impact their companies.