In an effort to improve the overall quality of the credit rating process by broadening the scope of their analyses, the major credit ratings agencies are planning to incorporate an entity's enterprise risk management (ERM) activities as an explicit component of their ratings methodology. While this will come as no surprise in the financial services sector, where the agencies began using such evaluations as part of their ratings metrics as early as 2003, other industries will begin to be subject to these new analytics this year.

While the ratings agencies' intent in this area is unambiguous, it is potentially seismic--both in terms of the investment organizations may need to make in developing their ERM capabilities and in terms of what's at stake. Standard & Poor's (S&P), for instance, has said that changes in ERM assessments, good or bad, will drive ratings and outlook changes. Similarly, Moody's Investors Service has been working to further develop consideration of ERM as a component of its ratings methodology, through its Enhanced Analysis Initiative and by means of formal Risk Management Assessments, building on the work it has been doing with insurers and banks.

It's important to note, however, that the agencies are proceeding cautiously. The benefit (and threat) to their ratings process through explicit inclusion of ERM is still subject to some debate, and there are a number of logistical challenges still to overcome.

Not least of these will be ensuring that ratings committees have sufficient capability and understanding to be able to recognize, benchmark and differentiate ERM practices within the organizations they analyze.

Furthermore, agencies don't want to be seen as "quasi-regulators"; in other words, they don't want organizations to implement ERM simply because it interests the ratings agencies. Rather, ERM should be adopted as good management practice and as an end in itself--a natural outgrowth/ supporter of a company's business strategy, not just a compliance exercise.

Indeed, the agencies are unlikely to be inclined to delve into the details of a company's ERM processes. Their interest is more likely to involve a high-level review of ERM strategy and management's understanding and support of that strategy. And that will potentially carry great weight. Standard & Poor's Ratings Direct of Nov. 15, 2007 states: "We expect that deterioration or improvement in a company's ERM quality would potentially drive rating and outlook changes before the consequences are apparent in published financial results. Companies with superior ERM should have less volatility in earnings and cash flow, and will optimize the risk/return relationship."

Organizations considering the implementation of an ERM framework should assess the value such an investment may bring beyond the compliance aspects. A U.K. study, cited in Accountancy Age (March 2006), surveyed companies over a 33-year period and found a 25-30 percent share price premium for companies in the quintile with the greatest profit stability versus those in the most volatile quintile.

The rating agencies' initiatives may have several implications for public companies, including:

There will be independent assessment of the strength of ERM practices within organizations, and the results of such assessments may be publicly disclosed, as part of the ratings decision rationale. Organizations will be closely benchmarked against peers within their own industry sector and indirectly against other organizations and sectors.

The relationship between investment in an effective ERM process and its tangible value to an organization may become far more acute (and measurable) than in the past, as the financial effect of a ratings downgrade or upgrade may be dramatic and far-reaching.

James Maxwell is a Senior Vice President of Marsh Inc., based in its London, UK, office. He can be reached by email at james.maxwell@marsh.com.
http://global.marsh.com