Substantiating the claims made by its proponents for years, a study released yesterday by the Risk and Insurance Management Society (RIMS) confirms that companies with established enterprise risk management (ERM) programs perform better than those without. The report, billed by RIMS as “the first truly in-depth study on ERM practices,” also found that companies with ERM programs in place enjoyed stronger credit ratings.
The study, “RIMS State of ERM Report 2008,” solicited 564 corporate risk practitioners, recording their assessments against 68 ERM-related readiness indicators. The results confirmed that companies that used ERM programs benefited, with 93 percent of these organizations making better-informed risk decisions according to the RIMS risk index.
Though risk management is a task that faces most companies, ERM requires an integrated approach to risk that involves a coordinated effort amongst a given organization’s employees on both operational and strategic levels. The RIMS report finds that better ERM procedures lend themselves to better business: “Better-managed companies tend to have higher credit ratings—and higher ERM competency. Thus,
over time, the likelihood of success is better for organizations that have appropriate ERM discipline, methodology, and infrastructure.”
Despite their claims that coordinated risk management contributes to better performance, the vast majority of companies that utilized an ERM program were still unable to achieve better risk maturity, with a mere 4 percent of surveyed companies meeting a “managed” level of risk competency according to the RIMS rubric. The data attributes risk shortcomings to a failure to collect risk information and detect dependencies across departments, among other problems.
The study found that companies with ERM programs in place tended towards higher credit ratings, though few of these companies ranked very well, most between the two lower grades on the RIMS scale of risk management competency.