A December 2022 article by McKinsey discussed risk and resilience priorities from the Chief Risk Officer perspective. The article stressed that when business environments are subject to constant disruption, superior risk management becomes a competitive advantage in all industries.  It also noted that risk functions need to develop more sophisticated risk identification approaches to rapidly identify and respond to new risks. ⁽³⁴⁾

The three Lines of Defense Model is a common ERM component.  For example, Operational Management (front line managers who own a risk and corresponding controls) is the first line.  The second line is an internal monitoring and oversight function that develops and implements internal control and risk processes.  The third line of defense is internal audit that provides assurance to the Board of Directors and senior management through systematic evaluation and improvement of risk management, internal controls, and governance processes. ⁽³⁵⁾

Public companies are required to have Boards of Directors.  Companies listed on the New York Stock Exchange and the Nasdaq must have boards with majority independent directors.  Key board committees such as the audit committee are also required to include independent directors.

Boards serve a fiduciary role, making decisions on behalf of the company and its shareholders.  Board members’ responsibilities include helping set broad goals, supporting senior management’s achievement of goals, and ensuring provision of adequate resources. ⁽³⁶⁾

How, reasonable expectations for ERM were practiced, e.g., making superior risk management a competitive advantage, such as confronting market disruption, as well as how Boards’ fiduciary responsibilities were executed to minimize financial risk in the example companies remain unknown.

Summary

• The current and future value of ERM may be uncertain, but how widespread this uncertainty is remains unknown.
• Retrospectively, CEO statements about expected future success seem wildly optimistic now (e.g., Coke, Peloton, CVS, and perhaps Hertz) and were probably overly optimistic when made.
• Retail pharmacies and new venues for delivery of healthcare services are facing an uncertain future for a variety of reasons including those both internal and external to the companies.
• The COVID impact in early 2020 through 2021 was a massive anomaly, creating initial and later unsustainable pharmaceutical product and service demand. Consequently, the contraction for companies like Peloton, CVS and Walgreens was probably predictable, significant and may soon be catastrophic.

Conclusion – What happened to ERM?

Of course, it is impossible to know what may have transpired without inside information on the discussions of CEOs, CFOs, CROs, Boards of Directors, and others in the examples cited – the inescapable conclusion is clear – bad decisions resulted in $ billions in losses to society.

But the fundamental question remains – given the maturity of ERM guidance as evidenced by the 2017 COSO and 2018 ISO revisions and other literature on ERM – what happened?

Risk considerations for the examples cited above for strategy, internal operations, and external events were for the most part publicly invisible when using measures for results – brand equity protection (market share), shareholder return (dividends and share value increase), and reputation (trust).

Executive meetings, market assessments, risk assessments, customer sentiment surveys, consulting support, and similar related ERM activities might demonstrate internal existence of due diligence in terms of risk identification and mitigation, but at the end of the day if results were not delivered on measures that matter then these activities’ contributions were nil.

How publicly traded companies manage risk in turbulent times might very well affect your choice of companies you invest as well as your choice of employers.  What next for ERM?

Epilogue:

Why businesses made the business decisions they did was out of scope of this article.  Only publicly reported information was considered and then only in cases where decision errors appeared to result in public display of financial and reputational loss.  If ERM, with a 20-year ramp up and growth is in decline, might other business functions also be in decline?

Bio:

His career has been enriched through education, training and experience beginning in the early 1970’s as an investigator, and later as economist, statistician, operations researcher, adjunct professor, business owner, newsletter publisher, consultant, quality award examiner, risk and QA manager, and contractor.

The common thread throughout this time has been gathering, reducing, assessing, summarizing, and presenting findings to enable decision making.  With the arrival of COVID-19, it was recognized that methods and tools used for decision making in a business setting, particularly involving risk, can be adopted to individuals.

Toney is also an aspiring business fiction writer where his future works will be published on vucanites.com.