By Rob Starr, Content Manager, Big4.com
According to PwC US’s 2012 U.S. Insurance ERM & ORSA Readiness Survey, while the U.S. insurance industry is making strides toward Risk Management and Own Risk Solvency Assessment Model Act readiness, a definite gap appears to exist between the perception of RMORSA preparedness and the actual completeness of insurers’ enterprise risk management frameworks.
“Setting the risk strategy, implementing and validating a capital model and developing effective risk reporting capabilities could take a couple of years. Our survey shows that many organizations may be underestimating the amount of work it will take to meet the RMORSA requirements” said Paul Delbridge, leader of PwC’s risk and capital management services practice. “Achieving a risk-aware culture through the organization will require all areas to understand their roles and responsibilities in relation to risk identification, measurement, mitigation and monitoring within the ERM framework.”
The RMORSA Model Act, which is in the process of being implemented in state law, requires insurers to manage a comprehensive ERM framework that is embedded within company operations by January 2015. While 82 percent of survey respondents believe that their existing ERM processes are largely adequate for the requirements, 38 percent of company boards are not engaged or are only passively engaged in risk management, showing that risk governance may not be up to RMORSA standards. In addition, 35 percent of companies indicated that they do not have a risk appetite linked to business strategy and financial goals, which is crucial to a comprehensive and effective ERM program.
PwC’s survey addressed the four main parts of an ERM program that have direct influence on RMORSA preparation, namely risk strategy, risk governance, risk management and risk quantification. Key findings in each of these areas include:
Risk strategy – 25 percent of companies reported that risk appetite metrics are not part of the business planning process, while only 57 percent include some, highlighting a significant disconnect between risk management and strategic decision-making. A quarter of companies do not have a risk-specific limit framework to guide the business’ compliance with risk appetite. A robust risk appetite and limits framework enhances risk governance and provides a platform on which to engage every stakeholder.