• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
2012 Risk and Finance Manager Survey Report - Towers Watson
 

2012 Risk and Finance Manager Survey Report - Towers Watson

on

  • 603 views

The Towers Watson Risk and Finance Manager Survey

The Towers Watson Risk and Finance Manager Survey
examines how North American companies use outside resources, tools and frameworks to address risk.

Statistics

Views

Total Views
603
Views on SlideShare
603
Embed Views
0

Actions

Likes
0
Downloads
1
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    2012 Risk and Finance Manager Survey Report - Towers Watson 2012 Risk and Finance Manager Survey Report - Towers Watson Document Transcript

    • 2012 Risk and Finance Manager Survey Full Report Executive Summary It might also highlight the need for more formal, thorough education about what ERM is and what it canThe Towers Watson Risk and Finance Manager Survey do for companies. The survey found that a significantexamines how North American companies use outside 40% of respondents answered that nobody has beenresources, tools and frameworks to address risk. Key able to articulate the value of implementing ERM,findings from this year’s survey include: largely consistent with our 2011 survey.•• 57% of respondents have ERM programs in place, With only 28% of respondents buying network just slightly improved over last year. liability policies, the lack of take-up in purchasing•• 95% have at least some concern over the hardening this coverage raises another glaring weakness in property & casualty (P&C) market. companies’ risk control efforts. Cyber-attacks and•• 22% are not aware of changes in property risk data theft are a major threat for corporations and will modeling. continue to grow as organized professional hackers•• 72% have not purchased network security/privacy find more sophisticated ways to infiltrate company liability policies. systems.Enterprise risk management (ERM) is receiving more Nearly two-thirds of survey participants were eitherattention worldwide from regulators, policyholders and seriously concerned (17%) or moderately concernedstockholders. Stability and financial health are more (46%) over a hardening market for P&C insurance.important than ever. The heightened scrutiny reflects Another 32% expressed slight concern. One wayrecent jolts to global financial markets that include a to address this issue is for respondents to moreEurozone debt crisis as well as continued uncertainty actively engage in the use of analytics to prepareover oil prices and economic recovery. And the recent their companies for a market change. This also offersmemory of the severe global financial downturn brokers an opportunity to help clients better see thecontinues to linger. In spite of these pressing reasons linkage between effective analytics and preparation forto implement ERM, the 57% implementation rate a hardening market. It is a connection that was not asdemonstrates that a disconnect exists, as little essential in a soft market where coverage was moreprogress was made to put programs in place over the accessible and relatively inexpensive.last two years of our survey. But if respondents are trying to prepare for a marketWhile ERM is important for the long-term health of hardening, there are still steps they need to take toall companies, companies outside of the financial become better informed about the market. A notableservices sector need to accelerate their efforts 22% indicated they were not aware there had beeneven more than those in the financial services changes to the assumptions being used in propertysector. Nearly three-quarters (72%) of financial catastrophe modeling, which has had a profoundservices companies, including insurers, had ERM in impact on the premiums charged to those companiesplace, compared with 54% of nonfinancial services with locations in catastrophe-prone areas.companies. This might be connected to efforts suchas the Own Risk and Solvency Assessment (ORSA)and other regulatory requirements that insurers willnow be required to complete.
    • A Closer Look 35% integrated risk metrics into the budgeting and planning process. These findings show that mostERM Implementation ERM programs are more qualitative and compliance focused. For the most part, financial services andERM implementation is slightly improved over 2011’s nonfinancial services had response rates that were54% response rate. This year’s 57% response offers a nearer the same. The one exception was the differenceslight reason for encouragement, although in a world in responses for integrating risk metrics into budgetingof heightened economic and political risk, the relatively and planning: 48% for financial services companiesflat implementation rate suggests that a lot more and 29% for nonfinancial services companies.needs to be done to encourage development ofERM programs. Figure 1. How risk appetite is determinedPrograms that are in place have attributes that 0% 20% 40% 60% 80%differentiate how risk appetite is determined, howERM is described, and how it is used to quantify At the corporate level based on qualitative judgmentrisks and potential mitigation strategies. 37 At the corporate level based on financial metrics (e.g., EPS)Nearly 60% of respondents said that risk appetite is 22determined either at the corporate level based At the operational/division level based on qualitative judgmenton qualitative judgment (37%) or at the corporate 9level based on financial metrics (e.g., EPS) (22%) At the operational/division level based on financial metrics (e.g., EPS)(Figure 1). Perhaps even more telling is the 26% of 3responses that indicated no risk appetite level is • Combination of factors at division and Otherexplicitly set. This large response rate may be due corporate levels/Combination of corporate 3 and operational involvementto several possible causes: Management wants to No risk appetite level is explicitly set • Variety of methodsremain nimble in the event company or economic 26circumstances change; there is reliance on a moregeneral range than a specific level; or respondents Note: Those giving a valid answer (percentages exclude ‘Don’t know’) n=14860% 0% 20% 40% 80%have not had the time, resources or understandingof how to establish a risk appetite level. Whatever At the corporate level based on qualitative judgmentthe reason, the lack of a definable risk appetite 14 53makes it difficult to effectively prepare for and 33manage potential risk. 14 At the corporate level based on financial metrics (e.g., EPS) 25Financial services companies, including insurers, 11 21had a better understanding of this need for definition. At the operational/division level based on qualitative judgmentA 10% response rate on “no risk appetite level is 6explicitly set” was far smaller than the 30% recorded 10for nonfinancial services companies. Financialservices companies were also more likely to make At the operational/division level based on financial metrics (e.g., EPS) 3decisions at the corporate level (53% based on 3qualitative judgment and 25% on financial metrics)than nonfinancial services companies (33%, qualitative Other • Combination of factors at division and 3 corporate levels/Combination of corporateand 21%, financial metrics). and operational involvement (both) 3 • Variety of methods (nonfinancial services)The overwhelming majority (88%) of those surveyed No risk appetite level is explicitly setresponded that their ERM identified, assessed 10and prioritized key risks and assigned risk owners. 30Over two-thirds (69%) indicated that their executivecommittees and boards of directors received regular Financial services, including insurance (n=32)ERM activity and findings reports. But a smaller 37% Nonfinancial services (n=116)regularly quantified key risks and use those metrics Note: Those giving a valid answer (percentages exclude “don’t know”)in making business decisions, and an even smaller 22 18 15 8towerswatson.com 2012 Risk and Finance Manager Survey 2 15 10
    • Risk Measurement expensive, far different from the 29% of nonfinancial services companies that responded to the question.When asked about the ERM framework that companies Existing risk management programs may explain thisused to quantify risks and potential mitigation willingness to accept resource requirements andstrategies, most organizations (52%) are doing this expenses.qualitatively using likelihood and impact scales,and a full 25% responded that they do not attempt Indeed, the need for more education also surfacesto quantify risks. Nonfinancial services companies when responses to questions about cyber-risk arehad a 27% response rate, and financial services examined.companies, including insurers, had a 16% rate. Thefinding is consistent with the overall 26% response Figure 2. Reasons for not having an ERM process in placerate for those that established no risk appetite level. 0% 20% 40% 60% 80%The two responses together present a picture of asizable minority of respondents that do not measure or Nobody has been able to articulate the value of implementing ERM to our companyunderstand how much risk they could bear. For those 40companies that do rank risks, 52% undertake the Too resource-intensive and expensive to pursue, regardless of valueexercise on both a frequency and impact scale. 25Even though a quarter of respondents do not quantify Too compliance-oriented and bureaucratic to pursue, regardless of costrisks and just over a quarter have not determined 14their risk appetite, over half (54%) of those polled We did an initial ERM project that was not viewed as successfuldid differentiate between their risk-bearing capacity 3 • In process/Coming soon/Looking into how to bestand their risk appetite/tolerance. Financial services Other implement one nowcompanies were much more likely to make this 18 • Not applicable/Not considered necessary given size/differentiation (78%) than nonfinancial services nature of businesscompanies (47%). 26 • Still in silos • We had one in place, but upon acquisition by another company, we have had other priorities. We are planningEducation a reimplementation at this time • UnknownThe lack of discernment among some surveyparticipants and reasons offered for not having ERM 14 Note: Companies not having an ERM process in place (n=65)in place speaks to the need for an organized, thorougheducation program to be put in place. A full 40% of 14 0% 20% 40% 60% 80%respondents indicated that nobody has been ableto articulate the value of implementing ERM, and 11 Nobody has been able to articulate the value of implementing ERM to our companyanother 25% cited ERM as too resource-intensive and 34expensive to pursue, regardless of value (Figure 2). 41These responses are slightly lower than last year’s Too resource-intensive and expensive to pursue, regardless of valuerespective 42% and 29%, suggesting that there may 0be some more awareness of ERM’s value from which 29a formal educational effort could be leveraged. Yet Too compliance-oriented and bureaucratic to pursue, regardless of costanother 14% responded that ERM is too compliance- 22oriented and bureaucratic to pursue, regardless of 12cost. This response rate is down significantly from lastyear’s 26% rate, a positive sign. We did an initial ERM project that was not viewed as successful 11Surprisingly, financial services companies, including 2 • In process/Coming soon/Looking into howinsurers, were nearly twice as likely (22%) than to best implement one now (both) Othernonfinancial services companies (12%) to consider 33 • Not applicable/Not considered necessary given size/nature of business (both)ERM too compliance-oriented and bureaucratic. 16 • Still in silos (nonfinancial services)Perhaps these respondents, in a heavily regulated • We had one in place, but upon acquisition bysector, believe that they already have too many another company, we have had other priorities. 10regulations and requirements. But financial services 30 We are planning a reimplementation at thiscompanies also need to control volatility and time (nonfinancial services) • Unknown (nonfinancial services)risk. It would seem that these survey participantswould understand that the advantage of effectiverisk management would outweigh any additional Financial services, including insurance (n=9)compliance burdens. Even so, no financial services Nonfinancial services (n=56) 22companies considered ERM too resource-intensive and Note: Companies not having an ERM process in place 18towerswatson.com 2012 Risk and Finance Manager Survey 3 15
    • Cyber-Risk analytics and preparation for a hardening market. It is a connection that was not as essential in a softAn important aspect of ERM is managing cyber-risk. market, where coverage was more accessible andYet nearly three-quarters (72%) responded that they relatively inexpensive.did not purchase a network security/privacy liabilitypolicy, roughly unchanged from last year. And those Companies are taking steps to prepare for a hardeningthat did purchase policies (28%), also relatively market. In both the property and casualty markets,unchanged from last year, opted for limits that were on companies are marketing their programs withthe low end of the spectrum. Forty-three percent said respective 69% and 63% response rates. A third ofthat their policies had a $1 million to $5 million limit. property respondents indicated that they are using broker-provided catastrophe modeling. Among casualtyA significant number of respondents expressed respondents, 44% are using independent, actuary-confidence in their own IT departments. When asked provided retained loss analytics and 30%, predictivewhy a network security/privacy liability policy was not modeling. However, predictive modeling is much morepurchased, 41% responded that their own internal IT likely to be used by insurers (38%) than noninsurersdepartment/controls were adequate. Another 25% (29%). A sure sign that companies are anticipating aindicated that they do not believe that they have a potential market hardening is the respective 25% andsignificant data exposure. Surprisingly, there was 19% response rates among companies participating inrelatively little concern over the prohibitive cost of the property and casualty markets that they are puttingtransferring risk (12%). out RFPs for brokerage services.Survey participants overwhelmingly responded But if respondents are trying to prepare for a marketthat they rely on their internal IT departments hardening, there are still steps they need to take toand are comfortable with their level of exposure become better informed about the market. A notable(78%). Less than half engaged in comprehensive 22% indicated that they were not aware that thereinformation security risk assessments (46%) and had been changes to the assumptions being used inconducted penetration tests (44%). Limit levels property catastrophe modeling.for network security/privacy liability policies werelargely benchmark- or broker-driven (68% and 50%, For those companies that do intend to reach out torespectively). insurance brokers or those that already have insurance brokerage services, depth of resources and knowledgeWhen respondents did purchase cyber-protection, are ranked as more important considerations thanexpertise was the single-largest determinant in the cost of services. Half of respondents ranked depthpurchasing decision, with 45% ranking it as number of resources as either first or second in range ofone and another 19%, number two. A positive finding importance for insurance brokerage services. Companywas that pricing was not the most influential factor in knowledge was ranked first by 27% and second byselecting coverage, suggesting that respondents are 20%, and industry knowledge received a respectivenot simply shopping for the lowest rates, but rather 20% and 28%. The response is an affirmation thatare interested in comprehensive coverage and carriers respondents are willing to pay for solid service andthat are committed to the business. Only 9% of survey reliability. But cost was only ranked first by 12% andparticipants ranked pricing as number one and 31%, second by 11%, for a combined 23%.number two. In a similar vein, technical skill, ranked most importantMarket Concerns by 46% of respondents, was the most important feature identified for actuarial services. And forIf cyber-risk was not a major concern for respondents, captive insurance companies, mitigating the impacta hardening market was. Nearly two-thirds of survey of insurance market price and coverage changes wasparticipants were either seriously concerned (17%) or the most important benefit of using captives, withmoderately concerned (46%). Another 32% expressed 41% citing it as the first choice. The ability to pursueslight concern. One way to address this issue is for innovative risk financing strategies, such as puttingrespondents to more actively engage in the use of employee benefits into a captive, ranked next mostanalytics to prepare their companies for a market important, with 33% ranking it first.change. And it offers brokers an opportunity to helpclients better see the linkage between effectivetowerswatson.com 2012 Risk and Finance Manager Survey 4
    • ConclusionRecent experience proved that there is a pressing About This Studyneed for ERM. Fallout from the roiling financial Towers Watson’s third annual Risk and Finance Manager Survey examinesmarkets of the last several years illustrates how how North American companies use outside resources, tools and frameworksdamaging unbridled risk is for companies. Global to address risk. The online survey was conducted from February 16 throughregulators have taken note and are in the process of March 12, 2012. A total of 153 companies responded, a 2% participation rate.instituting new regulations based on an ERM blueprint. The largest group of respondents, 34%, had total 2011 revenues of betweenBut even with compelling past and future reasons to US$1 billion and US$4.9 billion, followed by 23% of the respondents with totalimplement ERM programs, there is little movement revenues of under US$500 million. A significant 17% of survey participantsto do so. This year’s response is only slightly more had total 2011 revenues of US$10 billion or more.affirmative than results from last year’s survey. The three industry sectors with the largest survey representations wereWhat becomes evident is that more formal ERM manufacturing, with 22%; financial services, including insurance, with 13%;education would benefit any company that is and health care, excluding pharmaceuticals, also with 13%.interested, or should be interested, in managing itslevel of risk. That education needs to start at the Figure 3. Total revenues in 2011most basic level: identifying acceptable levels of risk 0% 20% 40% 60% 80%and prioritizing key risks. However, those companies US$10 billion or moreaiming to mature their ERM process should consider 17using quantitative tools to understand the potential US$5 billion – US$9.9 billionimpact of risks on the business, measure the return 13on investment from risk mitigation solutions, and US$1 billion – US$4.9 billionimprove the budgeting and planning process. 34Companies would also benefit from reexamining how US$500 million – US$999 millionthey treat certain kinds of risk, such as cyber-threats. 13For instance, it may be worthwhile for companies Under US$500 millionto consider an outside assessment of how current 23systems protect them from cyber-security threats. Mean = $2,284 millionThis could supplement heavy reliance on internal Base: Those giving a valid answer (percentages exclude “prefer not to say”) (n=144)IT departments. Companies should also reevaluatethe purchase of network security/privacy liabilitypolicies, considering the value of the benefits provided(e.g., defense costs, credit monitoring) versus the 14catastrophic nature of the exposure.It may be particularly important for companies to take 14action if, as many respondents indicated, the P&Cmarket is hardening. Companies are already starting 11to market their programs and make more use ofmodeling and analytics. They are also reaching outto brokers. Brokers need to understand how they canbetter position companies for any upcoming changes.About Towers WatsonTowers Watson is a leading global professional servicescompany that helps organizations improve performance througheffective people, risk and financial management. With 14,000associates around the world, we offer solutions in the areasof employee benefits, talent management, rewards, and risk andcapital management.Copyright © 2012 Towers Watson. All rights reserved.TW-NA-2012-24351towerswatson.com