The document discusses the evolution of risk management in corporate business management. It outlines three main implications of the current competitive environment: 1) companies' top lines are becoming more volatile; 2) the range of risks companies face is wider; and 3) firms and funders evaluate each other based on risk analysis abilities. As a result, risk assessment now includes new risks, higher senior management involvement, and inclusion in business plans. Risk management requires widespread company attention and risk managers should collaborate with operational departments to identify and mitigate risks. The goal is for risk managers to become essential partners that help measure and communicate risks to support business decision making.

1. M. MARSH
MAGAZINE
Issue 3 — December 2014

2. INDEX
2 Insights on the market
4 Ebola: is it the next pandemic risk?
8 The state of the power market in Europe:
the lost era of regulatory certainty
10 2015 political risk map highlights challenges
for foreign investors
12 Arctic shipping: navigating the risks
and opportunities
17 NAT CAT modelling - One piece of the
jigsaw puzzle
20
Employers still cite cost as a barrier to
employee choice programmes, despite clear
evidence of cost reductions.
22 Women in the labour force and economic
growth in europe
25 How risk managers can become more
valuable than ever
26 Managing operational risk
28 Risk management interest grows
in strategic issues
30 The evolution of risk management in
corporate business management
4
After isolated emergence in the
US last summer, the first Ebola
incident in Spain and other
suspected cases in Europe have
triggered widespread public
concern.

3. 30Marsh
THE EVOLUTION OF RISK MANAGEMENT
IN CORPORATE BUSINESS
MANAGEMENT
The current competitive environment is characterised by
several key factors which have significantly influenced the
risk-management activity of enterprises.
Globalisation has played a central role in stimulating
competition among companies operating with different
legal systems, thus impacting heavily their costs of
inputs (e.g. labor costs). In addition, the increase in trade
worldwide and the concentration of production sites have
led to a higher degree of correlation between economies
across different countries and industries.
Nowadays, companies are required to have a greater
ability in interacting with financial markets, in order to
gain access to financial resources.
Traditional markets are indeed much more demanding on
risks evaluation, a central factor for the definition of a fair
investment return.
The current context has three main implications:
• Companies’ top lines are becoming more and more
volatile;
• The range of risks to be managed by enterprises is
wider compared to the recent decades;
• Firms and funders evaluate their counterparts mainly
on the basis of their ability to analyse and understand
risks related to markets and industries they are
operating in.
As a consequence, both companies and regulators
are moving towards:
• A comprehensive risk assessment, in which new and
alternative risks are included;
• A higher involvement of firms’ senior management
aimed at achieving a broader risk evaluation;
• The inclusion of risk evaluation drivers in their
yearly business plan.
As of today, risk assessment shouldrefertoallcomponents
that might have an impact on the company performance.
Those risks must be industry-related and can’t be limited
just to financial and operational risks. Indeed, the current
business environment pushes companies to assess the
impact of risks generated by procurement or neighboring
markets.
For sure some kinds of risks are shared across different
sectors. For instance, the increase in online sales or, more
generally, the web-dependency of corporate departments
forces enterprises to focus on cyber risks.
Companies normally don’t have the competences and
tools to mitigate all risks they are faced with, but, at the
same time, they can’t ignore the exogenous ones which
might significantly affect their business. With regard
to this, we might refer to country-related risks for firms
operating in unstable socio-political environments and
especially to regulatory risks: as an example, the impact
of ineffective authority policies for rivalry protection could
seriously harm company’s business.
According to this analysis, risk management can’t be
assigned to just one person, namely the risk manager. His
figure should be considered more likely as a supporting
management role, helping in identifying risks and setting
up solutions to mitigate them, with any real “operational”
power.
As a matter of fact, risk management requires a
widespread attention across the company in which
operational managers play a central role: by being fully
committed to the company they can better evaluate risks
and implement the correct actions.
The prevailing business culture foresees a consolidated
methodology to mitigate financial risk, being this risk
insurable and therefore manageable.
On the contrary, operational risk is still relevant
because of its complex nature: it requires a structured
management approach and it can’t be entirely
FabioTomassini
DirectorofFinance,PurchasingandIT,NTVS.p.A.

4. 31 Marsh
EXTERNAL CONTRIBUTORS
transferred through any kind of collateral.
In this perspective, the risk manager should develop
a well-rounded expertise so as to increase the level
of collaboration with the operational departments of
the enterprise. The goal is to become a landmark in
supporting and defining risk management actions,
therefore representing an essential partner for the
company. The main tasks of a risk manager generally
involve a risk-assessment activity – relevant both as an
opportunity for debating inside the company and as a
statement for representing risks to the Board of Directors
and to the supervisory bodies, being compliant with the
legislation.
Risk-assessment has therefore become a critical tool
in order to face risk management in a systematic and
structured way, also crucial for allocating responsibilities
in terms of risk reduction and risk mitigation.
From this point of view, risk-assessment must be
considered as an integral part of the business plan,
giving that the financial results - or rather, the expected
return of the core business - have to be compared with
the risk profile incurred by the company. The Board of
Directors consequently ratifies the company’s business
plan, knowing clearly its managerial implications so that
managers are able to represent risk capital performances
to partners and shareholders.
Several signals in the business environment provide
a glimpse of firms’ reactions to the ever changing
competitive market. It is vital to keep in mind that
technological disruption and globalisation effects are
pushing managers towards an holistic approach
– the only way to manage effectively business affairs.
As we have seen in the 2000’s, when Chief Financial
Officers were switching to a business partner perspective,
or in recent years, in which Chief Information Officers
have become Chief Digital Officers by applying the
concept of digital to all business departments, especially
marketing and sales, we can expect in the near future
the transition of the Chief Risk Officer towards acquiring
a more central role in the company. He will need a
deeper expertise in order to make corporate risks easily
measurable and understandable: the final goal of this
process is to enable managers to undertake all possible
actions that will mitigate, even if just partially,
the risks run by the company.