Wednesday, January 13, 2010

ERM Exam – Part 4 of 4

by Dr. Rick Nason, PhD, CFA
Partner, RSD Solutions Inc.


Introduction

(Note to Reader:  This Introduction is a repeat of the Introduction to part 1 of this four part blog.  If you have already read this introduction, skip to the exam question below)

I teach a course in Enterprise Risk Management (ERM) in the MBA program at Dalhousie University in Halifax Canada.  Although I am a big fan of ERM, I also believe that it is a bit of a weird course to teach at a Business School. 

The reasons why I think that ERM is a bit of an out-of-place course in an MBA program are many.  To begin, ERM as a subject area is really quite trivial and probably not worthy of a Masters Level degree (of course that same criticism could be leveled against 90% of a typical MBA curriculum).  While there are many aspects and techniques to learn about ERM, each one of them is quite trivial, or based on obvious common sense (yes – I know that there is nothing common about common sense!)  What is NOT trivial about ERM are the implementation issues.  Implementing ERM is hard and requires great creativity, business insight and a PORTFOLIO of skills and techniques that few mangers or management teams possess.  The difficulty of teaching ERM to MBA students is that while they may have learned a diverse portfolio of techniques, that is a far cry from having a portfolio of SKILLS and also a far cry from having sufficient business insight.

A second issue that arises when teaching ERM in the context of an MBA program is the issue of whether or not ERM is a separate subject from strategy.  In a way it is analogous to the humorous Shreddies commercial when they talk about the “new” diagonal shaped Shreddies as opposed to the “old” square shaped Shreddies.  In a lot of ways ERM class looks like a business strategy class.  Perhaps that is not a bad thing as it reflects my bias that ERM should be critically tied to and inseparable from the strategy function within a firm.

A third issue is that ERM is still a young field academically.  That is, there is not a lot of academic research of note that has produced testable theories about good and bad practices of ERM.  Perhaps that is just as well, as I am not sure that business academic research is all that valuable.  (How much time do you think practitioners spend reading and digesting academic business journals?)

A final issue (there are many more, but I want to get to the real purpose of this blog) is that ERM studies do not have a natural home within the traditional silos of business schools.  Is ERM a quantitative subject or a qualitative subject?  Is ERM Finance, Statistics, Operations, Strategy, Organizational Behaviour, Accounting, or some other field?  In my mind, ERM has components of all of the above.  This bias of mine about ERM was the basis of my earlier comment that ERM requires a portfolio of skills and techniques.  However, business schools, in their striving for academic respectability are taking specialization to the extremes.  This of course implies that there simply is no time – nor is there any respect - for any subject matter that is not “pure” in an academic sense.

Despite all of these shortcomings, I – in my stupidity and naïveté – attempt to teach ERM to MBA students.  To make up for the shortcomings I try to teach it as much as possible as a seminar class.  That is, students are given a weekly set of readings, as well as an open ended set of questions or issues, and then we discuss the questions and issues in the following class.  The class is taught by the Socratic method, and I attempt to get as much debate as possible generated.  Students are challenged to be creative, and perhaps most importantly to peel back the “layers of the onion” to see the issues behind the issues and the issues behind implementation.  As stated earlier, my belief is that ERM as a subject (taken at its face level) is trivial.  It is only when you think about the consequences of techniques and the implementation issues that it becomes interesting and a challenge.

Thus we get to the purpose of this blog – namely, how should I structure an exam for this class?  In this, and the following three blogs I am going to put forth my exam questions, and why I asked each exam question.  I welcome reader’s comments and thoughts on my questions.  Each of the questions has been designed with my biases (as stated above) in mind.  In the very first meeting with the students I outline my biases and give them plenty of time to find a “real” class that they can take in place of ERM for the semester.  For some strange reason most of the students do not drop the class.  (I wish they would – it would mean less marking for me.)

In any case, I hope you enjoy this set of blogs – and I truly would like to hear not only your comments about my questions, but also what you might suggest as answers.


Question 4:

(a)   Prepare a briefing (as you would for example to a Board member) explaining why a corporation (such as General Motors) should adopt an ERM process.

(b) Prepare a briefing explaining why a corporation (such as General Motors) should NOT adopt an ERM process.

(c) Assuming you are a Board member of a corporation (such as General Motors), would you elect to adopt or not adopt an ERM process for the company? What would be the main factor in your decision? 


This question is the obvious “pros and cons” question that can be expected on every subjective subject exam at the graduate level.  My attempt here is to force students to take both sides of the debate as well as make up their own minds, despite the fact that they know I am a big fan of ERM as a process.

There are indeed many pros and as many, if not more, cons of implementing an ERM process.  Complicating this question is that the sample company in question (General Motors) is a company in crisis.  The experienced ERM reader will of course have internalized the message stated many other places that risk management is not crisis management (although newbies to the ERM field frequently think the two are interchangeable).

The pros of ERM include, but are not limited to, (in fact I am intentionally leaving some of the more obvious ones out of this discussion – dinner is almost ready …):
  • increase in organizational learning and organizational self-awareness
  • possible mitigation of the effects of the next economic crisis
  • possibly greater ability to capitalize on the next economic upturn
  • better corporate governance and organizational direction
  • better management and employee development
  • improved organizational response time to changing conditions
  • possible improvement in credit rating and ability to finance at better terms
  • earlier recognition of problems and opportunities
  • better accountability of line managers
  • better corporate integration and communication
  • better accountability to stakeholders
The cons of implementing an ERM program include (but again not limited to):
  • cost
  • organizational distraction from the task at hand
  • time to develop and implement (which in the case of GM, time is not exactly on their side)
  • the difficulty of answering the hard questions of what is the organizational definition of risk and the organization’s risk philosophy
  • the energy required to instill a common organizational understanding of the above stated definition of risk and the risk philosophy
  • the appearance of the intangibility of the successful outputs of ERM (note that I used the word “appearance” – I personally believe the benefits of a properly executed ERM program are very tangible)
  • the sheer size of GM makes implementing a proper ERM program all the more difficult (and perhaps all the more necessary)
Ultimately whether you consider it a good idea for GM to be implementing ERM at this stage is dependent on your beliefs on the time & energy tradeoff versus short-term benefits of ERM.  My opinion is that since ERM is basically an all or none exercise (more on this in a later blog), and since GM is still in crisis mode, and since ERM is a long term exercise, it might be best to take a page from the medical field and stabilize the patient first, and then you can start to work on the factors that improve long term health.

1 comment:

Trevor Levine (Riskczar) said...

I like to say that once you identify a risk, it becomes like an infectious disease: it may remain dormant but no matter how much antibiotics you take, it's always there festering inside you.

Against that backdrop, I understand that some managers would much prefer to never identify their risks because once they do, it is always there and they must do something about it. If a risk manifests itself one day into an event, I am not too sure shareholders would be too pleased to know management knew it was a risk (perhaps remote) yet didn't do anything about it.

One way to deny any awareness of risks is to ensure nobody every documents that they were identified in the first place. While this is completely idiotic, I submit it happens.