The CalPERS governance risk management initiative (GRMI) project team, led by Allen Goldstein of The Results Group, has reported to the board on phase II of the project, concluding with 17 preliminary observations of areas of improvement.
The project, which began in April and will be completed in five phases, aims to establish an enterprise-wide governance/risk management structure and strategy that incorporates the board’s business philosophy and successfully identifies, evaluates and manages risk in each of CalPERS’ primary business lines and support functions.
It also aims to establish an appropriate governance, risk management infrastructure to assist the board
and ensure the organsiation’s strategic business goals are achieved by “understanding what needs to go right to be successful”.
CalPERS, which now has assets of more than $200 billion, also aims to become a risk intelligent organisation, not risk adverse, that improves its decision-making by better understanding the consequences of its choices.
Once the fact finding phase of the project is compete the project team will recommend potential changes to enhance the effectiveness of CalPERS’ enterprise governance and risk management structure and processes.
Over the past few months the GRMI project team has interviewed 13 business units, including the investment office, and reported on the interviews.
The general preliminary observations for areas of improvement drawn from the interviews are:
*Formal risk management resides in fairly narrow silos
*There is no comprehensive risk policy within the organisation
*There is a general lack of common language and/or definition of risks across functional lines
*There are no documented common methodologies applied in assessing and reporting on risk
*Management of risk appears to be more reactive than proactive
*Risk appears to be addressed from a situational, rather than a causal approach
*To enhance intelligent risk decision making, communication between and among the divisions could be improved
*There are appears to be some confusion and redundancy for certain risk management responsibilities
*Risk analysis does not appear to be a formal part of the organisation’s decision making process, with the exception of the investment office
*Risk analysis is not aggregated into a quantifiable enterprise risk assessment
*The concept of enterprise risk assessment does not appear to be a natural part of CalPERS’ business cadence or culture
*Risk situations that are identified appear to be effectively addressed, but this is a reaction “not proactive” approach to risk management
*Risk situations could be mitigated more effectively with a strategic rather than a tactical approach
*Some of the informal risk management functions could have a more formally identified and defined role in enterprise risk management
*Risk analysis and reporting is not coordinated
*Enterprise de-briefing of resolved risk situations to identify lessons learned does not routinely take place
*The organisation currently spends about $4 to $5 million on direct risk management activities per year.