In the US credit lines are frozen, unemployment stands at 9.1% and national debt at $14.8tn. In short the damage has been done.

Following several government bailouts around the world, including the US insurance giant AIG, the question must be asked—why didn’t risk management, audit and governance controls pick up on the problems that were being stored in financial firms around the world?

According to many the crisis was the result of a failure of risk management.

Former AIG CEO, Hank Greenberg, said at the time of AIG’s troubles that the near collapse of the insurer was directly related to the ‘failure of internal risk management’.

Robert Hartwig, President of the Insurance Information Institute in the US, lashed out at current ERM frameworks when he said the ‘financial crisis is the result of a failure of risk management on a colossal scale. We may literally have to tear up the manual for ERM and start over’.

But Mr Clark and RIMS refute, at least in part, these allegations. “While it is certainly easy and gratifying to some to simply lay blame, a closer look reveals these issues did not arise from a failure of risk management as a business discipline. Rather RIMS contends that the financial crises resulted from a systemic wide failure to embrace appropriate ERM behaviours in certain distressed organisations.”

So whilst RIMS defends ERM as a practice it does admit to a lack of practical application.

Mr Clark said that the current crisis arose because organisations failed to truly adopt an ERM culture and embrace and display appropriate ERM behaviours.

Furthermore many failed to develop and reward internal risk management competencies. “From the boardroom to the trading floor individuals on the front line that were taking these risks ostensibly were rewarded for short-term profit alone,” he said.

There was also a failure to use ERM to inform management decision-making when both taking and avoiding risks.

This contributed to board level governance failures in the lead up to the crisis, argued the RIMS president. “Even with the most comprehensive ERM plan in place risk management warnings ultimately can be ignored or dismissed by management,” said Mr Clark.

Speaking of the failures of finance firms Fanny Mae and Freddie Mac, Henry Waxman, Chairman of the US House Oversight and Government Reform Committee, said the companies’ risk managers raised warning after warning of the dangers of investing heavily in the subprime mortgage market but that these warnings were ignored by the organisations’ two chief executives.

“This example illustrates that ERM governance failure prevented the correct connection between the risk management function and the persons responsible for monitoring the adherence to risk management principles, including risk tolerance limits,” said Mr Clark. “With no governance structure or with a silo risk approach corporations are more susceptible to risk…ultimately risk management responsibility belongs at the board level,” he continued.

Looking back at the crisis it is clear that risk appetite management, which includes setting appropriate risk tolerance levels, was one of the least mature competencies, as revealed by RIMS state of ERM report in 2008, explained Mr Clark. “As a minimum organisations need a mechanism to apply the brakes when certain thresholds are about to be exceeded,” he said.

RIMS believes that key ERM behavioural attributes, if designed and implemented comprehensively and systemically, could have identified, mitigated and prevented the losses that occurred in many organisations.

It argues that certain companies with correct ERM structures fared well in the financial meltdown. It highlights that David Solomon, Partner and Member of the Management Committee at Goldman Sachs, which fared well in the subprime crisis, said that the investment firm avoided trading in subprime-type deals as a result of its ERM.

RIMS believes that the 2008 financial crisis and subsequent mess was a call to action and an opportunity for ERM to demonstrate its value.

ERM requires practitioners to exhibit leadership and ethical decision-making from a strategic point of view, but also requires a degree of courage in cases where a company’s culture is not yet fully ready to embrace ERM, the society argues.

It contends that the recent economic downturn has had a significant impact on the role of the risk manager.

“Risk management is no longer an afterthought but a key element to a business plan and pivotal to its success. In the US and around the world risk is at the forefront and centre of boards’ agenda and is in some cases mandated by government,” said Mr Clark.

“With a sound ERM programme and a well-structured board governance model to support the programme in place, corporations are now better prepared to manage risk, turn it into rewarding opportunities and, most importantly, detect risks before they escalate to the extreme levels that they have reached today,” he added.

According to RIMS, ERM can and does help companies perform better and avoid surprises.

It defines ERM as a strategic business discipline that supports the achievement of an organisation’s objectives by addressing the full spectrum of its risks and managing the combined impact of these risks as an interrelated risk portfolio.

The newfound interest and devotion to ERM has resulted from corporate boards and directors recognising that internal audit functions failed many corporations in the recent global financial meltdown, argued Mr Clark. Boards are now finding it necessary to identify and manage risks in other ways, and ERM is the choice for many.

It is also the result of regulators looking to boards of directors and the risk management function to fulfil their role more effectively than before the crisis.

And, according to Mr Clark, the fear of onerous legislative initiatives is providing the impetus for some organisations to demonstrate they are capable of implementing risk management controls before government steps in.

Please sign up here to our full-time mailing list to ensure that you receive our weekly newsletter.

• More US News
• More Australia and New Zealand News
• More Risk Management News