<img src="https://secure.leadforensics.com/85060.png" style="display:none;">

Research shows value in measuring total cost of risk

total cost of risk (TCOR): drafting instruments

In the field of risk management, we’re fortunate to have at our disposal a growing volume of research into the evolving role of (and expectations on) risk management. For the risk manager, such research can be a useful confirmation of (or, sometimes, a corrective to) first-hand experience and viewpoints shared by peers. In other words, research offers a potentially valuable “macro” complement to the risk manager’s “micro” perspectives.

Equally important, such research can also provide quantitative, rigorous benchmarking for the risk manager to marshal in discussions with senior management about roles, expectations and resources.

I recently came across a KPMG survey report, released in late January, that confirms key findings from previous research by Aon (among others). I feel certain that the KPMG survey (which was performed by the Economist Intelligence Unit in December 2012) also confirms many risk managers’ personal experiences. Of special interest to risk managers might be the survey’s conclusion that risk management continues its ascent on the corporate hierarchy.

A little background

It’s something of a truism, but it’s largely accurate nonetheless to say that risk management was once regarded as a routine functional task performed by the risk manager alone, with little or no connection to the company’s broader directions or priorities.

We in risk management circles know from experience that risk management’s profile is considerably higher nowadays. But does the research confirm the conclusions many have drawn primarily from experience? Indeed, one of the KPMG survey’s top-line findings confirms both experiential knowledge and prior research by Aon and others:

Developed world economies face more complex regulatory and compliance environments in the aftermath of the financial crisis, while capitalizing on opportunities in the emerging world requires companies to understand new markets and navigate attendant risks. Consequently, risk management remains at the top of the global corporate agenda. (Emphasis added; see page 2.)

Further, the KPMG survey notes in the first of eight key findings that:

“Risk management is viewed as making a key contribution to the business; however, organizations need to improve how they measure risk management’s return on investment, and how they communicate its processes, value and effectiveness to key stakeholders.” (Emphasis added; see page 4.)

Focusing on the risk assessment process

Risk managers are well acquainted with the challenges in measuring and communicating the value that they and their teams bring to their businesses. Yet, part of the answer to this challenge might be found in the third of eight findings in the KPMG survey: “The C-suite sees risk management as critically important but few organizations are articulating their risk appetite.” (See page 6.)

When I read that finding about articulating risk appetites, I immediately thought of total cost of risk, or TCOR. In some sense (a relevant sense, I hope), risk appetite and TCOR are integrally connected. After all, if a business doesn’t know what its risk appetite is, what good is it to determine TCOR? Put another way, a business’s TCOR may come in at, above, or below established averages (according to the RIMS 2012 Benchmark Survey, average TCOR is $10.19 per $1,000 of revenue—or 1.02 percent of revenues). Yet, a TCOR of 1 percent of revenue may not be right for all businesses.

Aon has done some very useful research into organizational commitment to ascertaining and then optimizing TCOR. Aon's 2011/2012 Global Risk Management Survey found that although 61 percent of respondents consider lowering TCOR as one of the top benefits of investing in risk management, less than 40 percent of organizations actually track and manage all components of their TCOR (see pages 50-57). This finding seems to bring us back to the connections among TCOR, the risk assessment process and articulating a risk appetite.  

In the same section on articulating risk, the KPMG report notes that, “More sophisticated organizations regularly include risk considerations in making strategic decisions—consistently applying a risk lens equivalent to the growth lens.” I would argue that establishing a risk appetite based on a sound risk assessment process is critical to matching up the aspirations for risk management (aspirations held by the risk manager, senior management, boards, and other stakeholders) with the reality of what risk managers can actually deliver.

On the radar: risk management data

I think it’s well established that risk management (and risk management software, too) is increasingly seen as a key part of a broader financial management strategy and linked to corporate priorities. My next post will focus on how this reality necessitates effective use of risk management data. Making better use of data is not a silver bullet or magic elixir to risk management challenges, but as all financial executives know, you can’t manage what you can’t measure. Improving the aggregation and interrogation of risk and risk-related data is among the best ways to improve a business’s ability to measure what matters.

Jay Thierauf, ARM, is a solutions consultant with Aon eSolutions. Jay is based in Chicago.

risk management software ROI

Mar 25, 2013

 | Originally posted on 

Subscribe by Email

No Comments Yet

Let us know what you think