Standard & Poor’s Proceeding With ERM Ratings Analysis
Although the groundwork has taken longer than expected, Standard & Poor’s remains committed to integrating enterprise risk management (ERM) into its rating process for nonfinancial corporations.
Steve Dreyer, principal analyst at S&P, said in a July 30 conference call that the rating agency expects to complete its ERM criteria by the end of 2009 and to begin including ERM analysis in its overall ratings of nonfinancial companies immediately thereafter. S&P had hoped to begin the revised rating process in 2009 but ran into delays as a result of the financial crisis and the need to complete additional in-depth interviews with companies on the subject of ERM capabilities.
A status report published by Standard & Poor’s in July gives more information on the rating agency’s efforts to incorporate ERM criteria in its rating process.
ERM Initiative With Companies Launched Last Year
After training its team of analysts, S&P began ERM-related discussions with individual companies as part of their annual rating meetings, beginning in September of last year.
Interestingly, ERM discussions with nonfinancial companies were not as straightforward as anticipated. The process was complicated by the fact that rating analysts tend to meet with the CFO or treasurers of companies, while ERM responsibility might lie elsewhere.
Standard & Poor’s has undertaken about 300 ERM discussions with nonfinancial companies to date. But this represents only about 10% of the companies that S&P rates, and the firm does not feel this is a large enough sample to publish formal criteria.
“We have rigorous internal approval processes for new criteria, and we need to ensure these criteria have strong internal acceptance within the rating agency, as well as external validity and transparency. We intend to get them right so that they gain full market acceptance,” Dreyer told Towers Perrin in a separate interview before the conference call.
Dreyer also indicated that he expects the final criteria will build on the framework originally published, based on analysis of four components of ERM:
- risk management culture and governance
- risk controls
- emerging risk preparation
- analysis of strategic management.
Strategy and culture issues are likely to attain greater prominence in the final criteria, he said.
In the conference call, Dreyer stated that it is unlikely that the rating agency will assign explicit scores to a company’s ERM capability in 2010. However, the ERM discussions will contribute to S&P’s opinion of a company’s management, and thus will affect its overall rating.
Towers Perrin’s View
ERM is a key activity for any firm, independent of the stance of the rating agencies, and rating agency considerations in this area will reinforce the influences that have brought ERM as a discipline to top of mind for boards and senior management.
In the current economic environment, companies need to address both their immediate revenue and cost challenges while strengthening their governance and risk culture for the longer term. There are several tangible steps that companies can take today:
- Understand and manage cash flow at risk from diverse sources such as retirement obligations, securities investments, capital expenditure programs, supply and demand volatilities, and supply chain dependencies.
- Increase the efficiency of hedging and insurance programs by balancing the cost of risk transfer with the opportunity cost of holding capital against retained risks.
- Take stock of your firm’s risk management culture by ensuring that the appropriate board and management governance capabilities are in place.
- Benchmark the risk culture of the firm to ensure employees at all levels of the organization understand and respect defined risk parameters.
- Assess pay plans in the business units with the highest risk potential to ensure their design, metrics and governance encourage prudent -- but not excessive -- risk taking.
Our experience with financial and nonfinancial companies alike suggests that ERM is an essential part of creating and maintaining operating efficiency and developing organizational resilience. Actions by Standard & Poor’s and other rating agencies have reinforced the message that companies require a formal ERM approach to meet the needs and expectations of their stakeholders.
Practice Leader, Corporate Hazard Risks