ERM 2.0 makes everybody a risk manager.

• Author: Smiechewicz, Walter
• Position: Members speak out - Enterprise risk management

Enterprise risk structures have expanded within the United States economy since the 1990s with the goal of strengthened governance, sharpened focus on risk and improved compliance.

But the recent economic crisis--and its apparent lack of risk management--has caused many to ask: "If the ERM structure was providing ongoing advancements in governance and we have been at it for more than 10 years, then why are financial and mainstream media headlines filled with commentary on the systemic failure of risk management in companies?"

It's a valid question.

The discussion now needs to shift toward corporate cultures. That's because even the best ERM systems and structures cannot overcome a culture within a company that regularly takes on a disproportionate amount of risk. ERM structures were given the responsibility and, in fact, did produce well-crafted protocols, assessment systems and reports showing the level of risk in a company to the board of directors.

If chief risk officers took objection to increasing risk residing on a balance sheet or elsewhere within the company's strategy and operations, they were often overridden. The issue, therefore, was not if the ERM structure performed--in most cases, they performed quite well by assessing and reporting on the risk positions.

The issue was the risk being taken due to the strategies employed. It was a question of risk to and from the strategy the company deployed.

So what is the next generation of risk management structure that should be implemented to adjust a company's enterprise-wide culture so that sustainable returns to shareholders are generated and protected?

To affect this cultural change, compensation structures must be re-engineered to make everyone in a company a risk manager.

This will be the defining issue for what I call ERM 2.0.

Implementing ERM 2.0

To implement ERM 2.0, every manager must be a chief risk officer over the business division he or she manages. This is accomplished the same way aikido masters position themselves for success--by using forces that appear to be in opposition to each other (aggressive strategic growth; conservative risk management) to one's advantage. This can be accomplished through the design and use of what I call a "Governance and Risk Escrow account" (GREa).

A GREa will hold a sufficient portion of an executive's annual bonus in escrow so that compensation timing is aligned with the timing of the risk taken. Currently, there is a timing mismatch...