One of the best descriptions I have heard lately of enterprise risk management (ERM) came not from a risk manager, but from Cécile Coune, the CEO of specialist aviation insurer Aviabel. She and I were taking part in a seminar on risk management and internal audit organised by FERMA’s Belgian member BELRIM, and she was the opening speaker.
Michel Dennery – FERMA Vice President
Ms Coune said that she considers herself, as CEO, to be the number one risk manager of Aviabel. She chairs the risk committee and the financial and departmental managers are members. They have ownership of the risks in their departments, and risks are identified and considered as part of every day business decisions. This frees time, she says, for the dedicated risk management resources to deal with the transversal issues evolving across the whole company.
We wish that all CEOs would declare that they are the number one risk manager of the company. If that happened, there shouldn’t be a conflict between the risk management and internal audit functions of a business. As BELRIM President Gaëtan Lefevre remarked at the seminar, risk management is responsible for risk monitoring and internal audit is responsible for risk assurance.
There can be misunderstanding about risk management. It is definitely not assurance, nor certainty that risks will not occur. The risk manager is connected with all managers. His or her goal is to get an assessment of the level of risk that the company is taking in its businesses activities and to evaluate if the revenue generated is worth the exposures. This is the speciality of risk managers, not something that internal audit or internal control can do. The job of internal audit is to provide top management with real assurance that risk management is well done.
Today, the situation of many companies is very difficult because of the economic climate. They are under pressure to produce profits, which means taking risks, and yet to have the best control and governance possible. Across different functions, such as risk management, internal control and internal audit, we need to collaborate to support top management in this responsibility to generate returns and to reduce the cost of control and assurance. I am confident Ms Coune would agree.