Who owns enterprise risk management within an organization? Increasingly, it’s the financial planning and analysis group.
At one energy organization, for example, ERM landed in FP&A’s lap after residing with the treasury group. “I Just now had a meeting with the CFO outlining the messaging for the new [ERM] steering committee, defining its scope and how we will execute the first phase,” said the energy provider’s FP&A head. “We’re in the discovery process” so there are no lessons learned, he added.
However, he has learned lessons from previous ERM efforts.
The energy supplier began its ERM effort five years ago in response to credit rating agencies’ growing focus on ERM. While all agreed that the CFO needed to oversee the entire operation, the treasury group initially got the nod to manage the effort. The treasury group created a detailed risk registry, working with all business units that were handling risk. “While they may not have called it risk management, they were assigning responsibilities to different risks,” the FP&A head recalled. That led to a formalization of the role within business units. From there, the ERM effort was rolled out across the company. However, business leaders discovered that talking about risk to the treasury group just didn’t work. “It wasn’t that applicable at that level of detail across the treasury group,” the FP&A head said.
A consultant identified gaps between expectation for risk management and actual practices. “That’s when it started to evolve into an FP&A function,” the FP&A head said. “In a lot of our projects, one of the outputs is to apply a risk management framework to associate risk to the project to get a better understanding of capital allocation based on each project.”
Given that a lot of that decision support is housed within the business unit, there was initially a lot of push back, the FP&A head said. That caused the ERM project to lose momentum. “This was a huge lesson learned for us,” he said.
Given that multiple iterations have not taken root and treasury was unsuccessful in creating a risk culture, management felt it was time to take that role and incorporate it into the planning and analytics process.
Now that ERM resides in FP&A, “it’s probably more a deliberate response,” the FP&A head said. “This is more of a function of our vice president’s ability to message change and execute it.”
What’s important, according to the FP&A head, is ensuring that business unit leaders understand that ERM is a partnership and that there’s advantage to communicating their risks. “We need to find a way to consolidate those messages in an enterprise-wide report,” he said.
With that information in hand, the goal is to try to restructure capital allocation and the approval process based in part on these risks. “The process should be an input into the decision rather than making the decision for the business units. I think that’s really what killed the momentum before,” the FP&A head said.
A lot will depend on the role FP&A will continue to play in strategic planning. “If you’re not getting the return on capital, if there’s a true competition for capital that’s completely contingent on how projects fit within those returns, then you’re discounting by a weighted cost of capital based on how you define risk,” the FP&A head said. “I find it encouraging that ERM fell into our lap. There’s actually a natural fit. Once we get past the basic ERM implementation. It makes sense to provide the input and that additional layer into the project economics.”
Click here for more ERM resources.