The next phase of ERM involves embedding risk management throughout a company to inform its critical decision-making processes. In this short film, Josh Corrigan explains how Milliman’s holistic approach to helping organizations prepare for “ERM 3.0” draws on a unique understanding of complex systems and behavioral science.
Josh Corrigan: ERM means enterprise risk management. Enterprise risk management is all about understanding the risks that the organization is exposed to and managing those risks holistically across the business in line with the business’s strategy and its appetite for risk. So that comes down to understanding the risks as they relate to the key outcomes of an organization, around profitability, solvency, liquidity, and reputation, for instance.
Enterprise risk management has gone through a couple of different phases. I would argue we’re probably around about the third phase now, where you’re starting to see ERM formalized in regulations that require companies to have an ERM framework and process in place. And that’s about not just quantifying risk, which was Phase 1.0, and it’s not just about the risk-return trade-off, which was kind of ERM Phase 2.0, but ERM Phase 3.0 is really embedding that throughout the organization so that a lot of the decisions that are being made throughout the organization at different levels and at different business units have risk as an element in that decision-making process.
I think Milliman’s approach to consulting around ERM is different because we don’t just do the technical quantitative side of things. Where ERM starts to become difficult is when you’re dealing with essentially complex systems that involve a number of moving parts where people are involved and people can’t necessarily be quantified or written down in an equation in terms of their behavior. That’s when Milliman’s approach, based upon using different types of sciences to understand the nature of people—how they behave, the behavioral aspects and how they relate to key business decisions—and tying those in holistically with a view of the risk of the organization as a whole as well as within each of the individual risk silos, becomes really, really important. And that’s where we can start to address some of the more difficult elements of the ERM 3.0 story around risk culture, around operational risk, around risk aggregation and allocation. All of these elements of ERM require an understanding of how the different pieces interact with one another in a very non-linear, complex way.