September 15, 2009
Securities and Exchange Commission
Chairman Mary Shapiro
100 F Street, N.E., room 10700
Washington, D.C. 20549
RE: SEC Release NOS. 33-9052 Proxy Disclosure and Solicitation Enhancements, File Number S7-13-09
Dear Madame Chair:
The Securities and Exchange Commission has proposed an expansion of the disclosure requirements for public companies to include information regarding the role of the board of directors in the management of risk (SEC Release NOS. 33-9052 34-60280 IC-28817 File S7-13).
The goals outlined to enhance transparency on activities that materially contribute to risk profile are well articulated.
1)However, more emphasis on the need for businesses to disclosure their enterprise risk management process to specifically directly engage non-executive officers in their analysis of risks with material impact. To extend down to the level of risk where activity occurs, a robust object and repeatable process is required. The process of determination of which risks materially contribute to a companys risk profile is as important as the disclosures themselves.
In the RIMS State of ERM Report (see attached or download from www.rims.org/rmm) it was determined that 96% of public sector organizations do not have adequate enterprise risk management processes in place. Those organizations achieving a managed level of maturity in their enterprise risk management processes will already have the complete and accurate information to satisfy this revised disclosure process with minimal additional time.
2)A standard set of industry independent enterprise risk management guidelines should be referenced in the guidance so that boards, management, regulators, auditors and rating agencies can objectively evaluate and measure risk management competency.
To objectively measure risk management competency across different organizations and across different industry segments these critical process aspects must be in place.
1. Formalized industry independent indicators to measure risk competency
2. Infrastructure to gather information and perform analysis in a timely fashion and
3. Robust and consistent scoring methodology relevant to all risk cultures and industries.
The Risk and Insurance Management Societys Risk Maturity Model for ERM (RMM)(see attached or download from www.rims.org/rmm) meets all three of these criteria. In 2007, risk practitioners from 564 organizations of all types participated in an in-depth assessment of ERM. Using the RMM, participants compared their organizations ERM activities against 68 key readiness indicators identified as risk management competency drivers across all industries. The result of the study concluded at the 95% confidence level the positive correlationóthe direct relationshipóbetween higher RMM scores and higher business performance.
3)Compensation must also be tied to risk management competency at the front-line management level. According to the RIMS State of ERM Report direct, extensive involvement in ERM by front-line management at all levels is the competency driver that is most strongly positively correlated with higher business performance. Three other competency drivers that also have strong correlation are:
1. the degree to which risk assessments are effectively conducted by all business areas and aggregated
2. the extent to which corporate goals and risk management issues are clearly understood at all levels and
3. the depth to which ERM is woven into strategy and planning.
There remains a significant disconnect between the knowledge of risk management processes at the executive team level versus what actually takes place on the front-line. Formally tying a portion of compensation to risk management competency, the type of imbalance between risk and reward will be effectively addressed. Using the existing performance review process as a mechanism to assess this risk management competency will incent both front-line management and senior management with minimal impact to operations. ERM should not be conducted in a silo as a separate activity, but rather it is a standardized and common framework approach to operational management to surface and prioritize the most material issues for remediation or disclosure.
In closing, the disclosures proposed by the SEC will benefit all shareholders and investors of all industries by increasing the transparency of the registrants risk management competency which has been proven to be correlated positively and directly with increased business performance.
Chief Executive Officer
(Attached File #1: s71309-121a.pdf)
(Attached File #2: s71309-121b.pdf)