QUESTION 1

Joe Rizzi: I think of enterprise risk management as basically being a consolidating risk view from the top down that cuts across all the business units and all the risks in the organization.

Todd Perkins: To add to what Joe said, I will read a few sentences from our ERM framework that we use at Southern Company:

ERM at Southern Company is an ongoing and evolving effort by which the company attempts to enhance the value of the firm by efficiently and effectively managing risk across the Southern Company system. ERM recognizes that risk management occurs throughout the company and either explicitly or implicitly is part of virtually every decision. The goal of ERM is to ensure that structures, processes, and communications are in place to promote the achievement of the following three critical elements of ERM: Risk governance oversight and leadership; risk identification assessment, mitigation and monitoring; and risk quantification and reporting.

Enterprise risk management broadly encompasses a large number of processes, controls, decision tools, governance, and oversight structures, as well as behaviors and corporate culture. As such, risk governance and oversight is largely embedded in existing organizational and control structures such as normal management oversight, project review processes, internal auditing, legal and regulatory compliance programs, and Sarbanes-Oxley compliance. The ERM governance structure is meant to provide a structure to bring together these efforts in order to facilitate communications across the entities and functions, promote consistency, and the use of best practices, creating a unified view of risk, and helping incorporate risk in strategy considerations.

Pat Concessi: I’d like to build upon your comment that ERM should integrate the strategy consideration, and emphasize that it is important for enterprise risk management to be related to the strategic objectives of the company. With that, I think we have a comprehensive definition.

Robert Kolb: I think of enterprise risk management as both a process and also a commitment. The process part being: developing techniques for looking at risk throughout the firm, and not focusing on just those kinds of risks that are highly quantifiable; realizing that some of the most important risks that a firm faces really are not so amenable to quantification; and bringing all of that into a unified framework. The commitment part is committing to treat risk seriously even if it’s not so easy to quantify it because so much of the risk that a firm faces really isn’t quantifiable—at least not with the precision of financial risks.

Bruce Branson: I agree that it’s a process, although that word sometimes gives me a little bit of discomfort. In some sense, ERM is a mindset, a culture that permeates your entire organization. With the goal ultimately of having your employees, your managers, your executives, your board of directors, all risk aware, risk intelligent, looking for both opportunities and threats that add greater value to the enterprise.

Michael Hofmann: To me, ERM is also a mindset, a way of thinking to improve decisions. Yes, it is supported by processes, governance, effective communication, et cetera, but it is really an attempt to, as objectively as possible, incorporate uncertainty into decision making. It starts with clarifying a firm’s risk tolerance, which can be challenging, and then creates a focus to identify, estimate, and communicate risks to effect behavior. Different risks require different capabilities but the aim of ERM is to create a common vision, risk understanding, and approach to risk-adjusted decision making.

John Fraser: I’d like to add two aspects of ERM that make it especially valuable: the first is the fact that it is forward looking at what uncertainties could impact the organization’s business objectives, for example two to three years hence; and secondly, the process of prioritizing such risks to meeting the objectives and ensuring that resources are allocated on a prioritized basis to mitigate such risks.

QUESTION 2

Simkins: Now that we’ve established a view of what ERM is, let’s discuss where your company or university is in the ERM process, including discussing challenges encountered such as difficulty with risks that are hard to be quantified. Pat, we will start with you.

Concessi: In general, we would say that the application of ERM within the energy sector should really be considered a work in process. Some risk categories like price risk and credit risk have been the focus of risk management activities for some time. Many companies have developed a clear quantitative view of their exposures and of mitigation strategies, such as hedging or insuring risks. Other risk categories have not received the same level of attention. So reputational risks and operational risks lag considerably behind in the application of risk management techniques. With this unevenness in the quantification of risks, it is hard for companies to aggregate the different risk types together.

We observe that some companies begin to implement ERM and then for some reason stop part way. There are interesting statistics on the number of companies that have completed the implementation of ERM versus the number of companies that have tried. Some of the reasons would be that implementing ERM takes a champion from senior management—somebody who cares about it, who is going to protect funding, and who will keep a focus on it. At the same time, implementing ERM can be a multiyear process, so if there are changes in the senior management roles, if the champion moves into a different area or if there are substantial funding cuts, ERM might get truncated part way through. The second reason is perhaps taking on too big a scope by trying to integrate all risk types across all business units. Rather, companies should identify the big risks and get those under control. This shows ERM’s value early so that value is delivered before pressing further.

Perkins: I agree completely with Pat. At Southern Company, ERM started about 10 years ago through unrelated activities. We started by looking at some of the smaller noncore businesses and did risk assessments and risk profiles for those businesses. At the same time, we started developing risk policies and risk oversight structures primarily for our energy trading and marketing activities. There were no big changes or big efforts to create a consolidated ERM effort for about five years. Around 2003 there was a dedicated effort to create an ERM program. We have come a long way since then and we have faced some of the challenges mentioned earlier. In terms of quantification of risks, there has been a tremendous amount of work with trading, marketing, and related risks. The focus since we started this effort in 2003 has really been trying to get our arms around some of those other risk areas. I’ll mention a few of them, which shows where we are today.

We formed a dedicated ERM group in the finance organization and it is very tightly integrated with our strategic planning group. We’ve implemented a company-wide risk assessment and risk profile process for all of our subsidiaries, business units, and functions. ERM has actually been pushed down within the organization to the point now where we actually do risk assessments and profiles at our power plants. Ultimately, what comes out of those processes feeds up into our consolidated view. There have been significant enhancements in our board reporting and the involvement of our board. The risk profile is reviewed by our full board at least annually. Our finance committee is very involved every quarter. They are updated with a financial plan risk assessment where we assess the risk associated with our financial plan for the next five years. The audit committee is also very involved, specifically related to ensuring our ERM process is in place and is working.

We’ve also done a lot in terms of reworking our risk governance and oversight structures so that the risk committees at the highest level of the company are in line with the top strategic decision makers at the company. We’ve formed a quantitative risk analysis group, which has brought together risk modeling expertise that lived in different parts of the company. We have integrated and created links among the various risk related functions as part of ERM. This includes: my group (the ERM group), internal auditing, legal and regulatory compliance, Sarbanes-Oxley, and business assurance.

Something relatively new for us is that we are beginning to become heavily involved in the disclosure process for the company. We want to ensure that we are disclosing the right risks, disclosing them appropriately, and communicating to investors what our risk profile is and why.

One of the biggest challenges we have faced is the natural reluctance of people to share a lot of information about the risks they face. I guess it is human nature and it has taken a lot of communication to get employees to share this information and not fear that it will be used against them.

One of the biggest challenges we face going forward is what I refer to as ERM fatigue. As ERM becomes more and more ingrained across our normal processes, I’m afraid that some of the things will be seen as routine and less value-added. This is something that we will fight—how to avoid ERM fatigue and keep the process fresh and new.

Rizzi: In our organization, we’re both blessed and cursed. Regulators and rating agencies are very interested. To follow up on your point, I think you can use enterprise risk management as Velcro to pick up everything. Unless you keep it focused as to what you’re trying to do and the value of that, you will you lose the freshness.

We try to develop enterprise risk management based upon four pillars as shown in Exhibit 26.1. The first one is the information pillar, which is like a dashboard of knowledge that allows senior management of our organization to get a consolidated view. Exhibit 21.2 in Chapter 21 of this book provides an example of the dashboard. It’s an evolving document and not cast in stone. It has to do with narrowing down the reports that people have to read by simplifying it down to one smaller report.

The second pillar is to complete a governance report, to make sure decision rights are where they are supposed to be. Also, there is accountability so if people screw up, it wasn’t necessarily a surprise; it was a risk that we accepted.

The third pillar that we tried to do was to enact a communications program that was addressing the cultural change. The motto that we use is basically that “everyone is a risk manager.” We want people to think that risk management is just as much a part of their job as going out and selling to the customers and making a profit.

The fourth pillar is to make enterprise risk management, or risk management, real. You have to get ERM into the budgets and the bonuses. If you don’t get it linked to the compensation system, you go nowhere. Once you do this, people start to say “ah this is real” and then it takes traction.

Concessi: When a number of us were thinking about our definitions of ERM, we talked about the requirement to integrate what would otherwise be treated as silos. So rather than measuring market or price risk separately from credit risk and operational risk, we really haven’t finished the job without looking at the correlation between those risk types. If it’s important to measure market risk and it’s important to measure credit risk, then it’s important to look at the interaction between those two risks. When really bad things happen to companies, it’s often not because of risks in just one silo but because of the interaction between two.

Simkins: Yes, for example a joint survey by the Economist and Lloyds of London found that very thing: that many unexpected risks a company had faced that had the greatest impacts were the results of two unexpected and unrelated events occurring simultaneously.⁶

Fraser: We launched our version of ERM in 2000 following the principles in the Australian/New Zealand Risk Management Standard 4360. We did a literature review of available thinking on the topic and commenced doing semi-annual risk profiles and some risk workshops. A year or two later we introduced our risk methodologies into business planning, whereby all expenditures are prioritized based on mitigating risks to achieving our business objectives. Our board and management team cautioned us to focus on the big picture and not get caught up in detailed data analysis and number crunching (note that detailed analysis tends to be done in the various operating departments such as engineering or customer operations). After four years of ingraining these methods we decided to just stay in a maintenance mode as we were achieving our objectives of aligning board, executive, and management thinking and priorities about risk. Our ERM processes are now so ingrained that we all take it for granted that this is how risks should be managed and resources prioritized. It’s hard to imagine managing any other way.

Hofmann: Our approach also evolved over more than 10 years and is based on our culture and management approach, Market Based Management. We started by developing a vision and realized that we had to clarify our risk tolerance. We developed our risk mentality to clarify which risks are unacceptable and which we are willing to absorb. We developed a common language and a framework to aid decision making based on a risk-adjusted economic capital concept. We also developed the capability to better identify, estimate, and communicate risks. In addition to a Koch Industries team we established risk teams in our various businesses based on the unique risk profiles of each business and invested in the necessary tools and systems. By far the most important progress came when we combined all of the components and tied them to decision rights and our incentive system. We have made good progress but will of course never be finished; market conditions and risks change, our businesses evolve, we continue to learn, and we can always get better.

Branson: At NC State, our ERM Initiative has hosted over two dozen ERM roundtable presentations that typically involve bringing in senior executives who have been tapped with the responsibility to develop ERM programs in their various organizations. Issues we frequently hear about include how companies have been inundated over the years with various change initiatives and that ERM is not yet particularly well-developed for many. A challenge for ERM is that it may be perceived as just another management fad (as total quality management has been often derided). A common issue for ERM program managers is in convincing others in the organization to invest time and effort on ERM implementation without fear that it’s going to fade away in the not too distant future.

A key to successful buy-in is the alignment of incentives and program goals such as Joe mentions. This reminds me of a story told by David Whatley, one of our ERM roundtable speakers. This story illustrates how traditional corporate organizations have a series of compartmentalized silos with individuals and business units essentially managing risks in their various areas of responsibility but perhaps without sufficient regard to the risks they might be lobbing elsewhere within the business. David had recently stepped down from running the ERM program for Home Depot. One of Home Depot’s important strategic objectives was to increase market share through an expansion of their geographic footprint. Home Depot was trying to move very aggressively into West Coast markets, and, in particular, into the San Francisco Bay Area. They tried for a period of four years to gain zoning variances that would allow them to build stores in these markets. The reason they were getting pushback was due to a history of stores failing to comply with local ordinances related to marketing product out in their parking lots.

From an individual store perspective, think about how a store manager is typically compensated. They typically have a tremendous incentive to drive sales revenue. For example, most of us have seen lawn tractors out in the parking lots of Home Depot stores (or competitors). For an individual store this is an easy decision—they can pay a $250 fine and generate $15,000 in sales that weekend. Of course, they are going to absorb the $250 fine without really thinking about how that decision may affect overall corporate objectives. This behavior hurt Home Depot because it prevented opportunities to expand in some new markets. David Whatley’s point with this story was to show a real need to adjust store managers thinking (via a revised compensation package) to ensure that a more robust consideration of enterprise-level risk took place.

Simkins: Thank you Bruce. The Home Depot story is an excellent example of the importance of aligning incentives with ERM.

Bruce, since you brought up the topic of management fads, I am going to be the devil’s advocate and say: “I think ERM is just another management fad.” So what I would like to hear from panelists is a counterpoint to convince somebody with this attitude. Or if you think it’s a fad, tell us.

Rizzi: I think that enterprise risk management is a step to get risk management back to corporate finance. The point I’m trying to make is that at least within financial organizations, we have seen the development of risk managers in white coats that do all sorts of interesting things. But basically they are historically focused on loss containment. Senior management is basically more future value and market oriented. And you can’t get these to talk—so you see things like we just discussed where people are not looking at the correlation or interaction. Where I hope ERM is going to help is to develop a risk strategy for the organization. What risk do we want to take? What risk do we want to get rid of? What should our capital structure be? All of this is very important to risk management and is a step in the right direction. If it becomes the specialist function where guys in white coats are walking around, it will be just another fad.

Simkins: Joe, your comments remind me of a term that John Fraser and I like to use to describe one of the problems with ERM: The Tower of Babble—where everyone is speaking different risk languages and they don’t communicate.

Kolb: Well, I’ll play a little bit of a devil’s advocate. I’m personally not so sure that enterprise risk management won’t turn out to be a fad and that is sad. I don’t think there is a single corporation that is finished with the implementation of enterprise risk management and has it all set up and running. On the other hand, as opposed to things that did turn out to be only fads, enterprise risk management has a lot of institutional support from regulatory bodies. This wasn’t present in cases of other fads. I have made a personal commitment to enterprise risk management, so I believe in it. But on the other hand, I think the jury is out as to where it will be achieved.

Concessi: I agree with your point, but perhaps for a different reason. ERM often turns out to be a bigger challenge than companies anticipate at the outset. And the reason relates to data management challenges. We’ve already discussed the need to integrate market risk with credit risk. And then for electric utilities another significant source of risk is weather uncertainty, which drives demand, and of course that’s correlated with price uncertainty. The risk assessment is based on the output of simulation systems that were developed independently and that work quite well on that basis. Normally, these systems work at a very granular level, so every single transaction and generating plant is modeled every hour of the year. These systems need to be integrated, and that is really hard to do. What can happen at this point is recognition that all of the data needs to be put into a common data warehouse, and companies may stop and say wait a minute, how long is this going to take, and how many millions is it going to cost. People rarely anticipated it being so data intensive.

Hofmann: If we define ERM as a mindset rather than a function, the ideal evolution would be for distinct risk organizations to no longer be necessary because risk understanding and risk-adjusted decision making would be fully integrated. I think that is an excellent goal to strive for but I also think that we will continue to benefit from risk professionals and specific ERM ownership. Not only because of technical skills but because as human beings, we are all subject to biases and can never be fully objective. We need to seek and share knowledge and challenge our thinking. We need other perspectives and benefit from the focus and challenge process provided by effective risk teams. And, because risks are often interrelated but not necessarily cumulative, most organizations should benefit from an aggregate perspective.

Simkins: Thank you everyone. We will drill down deeper into some of these issues later in the panel discussion. Recent surveys indicate that about 10 percent of companies say they’ve fully implemented the various stages of ERM—which means that 90 percent have not or are in the process of implementing ERM.

Let’s hear from the university panelists next about Question 2.

Kolb: ERM is a new addition at Loyola and there are three major components. First, we have a center for integrated risk management and corporate governance, which is headed up by Don Schwartz. Don directs our center and he recently secured a $1 million grant from the Chicago Mercantile Exchange. Some key things that the center is going to do: running annual seminars, having a series of interviews with prominent people in risk management, and allocating funds to stimulate research in this area.

Second, we have a new program: a Master’s of Science in Finance with a specialization in risk management. ERM is a key element in that program. The third major component is the position I’ve been lucky enough to be chosen to occupy—the Considine chair. As Betty mentioned, a lot of my work has been in derivatives. Part of the charge for this chair is to bring a broader perspective, such as ethics, into enterprise risk management. These are the three main elements of our program and we are in their formative stage on each.

Branson: The Enterprise Risk Management Initiative at NC State has been operating for approximately four years. Mark Beasley, our Director, served on the COSO task force that developed the ERM framework that was publicly released in 2004. That document has been widely embraced as a blueprint for developing ERM programs here in the U.S. After his COSO role, Mark began the process of establishing our initiative program within the College of Management as an interdisciplinary center to provide outreach, research, and education on this emerging discipline. We also were very fortunate to receive significant funding by the Bank of America Foundation that has helped us get started.

NC State is a land grant university so outreach to the business and professional community is an integral component of our mission. We have been engaged in several activities in the ERM area, most notably the development of our ERM Roundtable series over the last four years. We hosted our 25th ERM Roundtable this past September. These are opportunities for business professionals in our area and from Charlotte, Atlanta, Richmond, and other cities. We typically hear from a speaker that has been charged with some facet of enterprise risk management within their organization. These events have become very popular and we have as many as 200 individuals attend early on a Friday morning. In the last year we have also developed a variety of executive education opportunities including an ERM fundamentals open enrollment workshop. We have partnered with the North Carolina State Banking Commission to do bank director training on enterprise risk management issues. We are also working closely with the AICPA to develop a program for audit committee directors so that they may better understand their risk oversight responsibilities.

We have also developed an extensive set of resources covering ERM that is available on the Web at www.mgt.ncsu.edu/erm/. We have assembled various materials that both academic researchers interested in the topic as well as practitioners can go to and learn more about this topic. For example, various frameworks for ERM program development, summaries of our past ERM roundtable presentations, PowerPoint slides from speakers, and synopses of business press and academic articles are available.

We are going to talk later in the panel about curriculum development and research. These are two additional areas of emphasis for us. We offered our first ERM course at the graduate level last fall as an overview on enterprise risk management.

QUESTION 3

Simkins: In answering this question, we will start with the corporate panelists first and then the university panelists.

Concessi: Taxonomy is a good example of Betty’s comment on the Tower of Babble. It is really important to get a consistent taxonomy accepted through the organization. Operational risk is a good example for energy companies. In energy companies “operations” has traditionally related to the reliability of physical assets. Did your power generating unit start in the morning or did your gas pipeline compressor start when it needed to?

The ERM definition of operational risk relates to a middle office function associated with proper capture of transactions. This difference in definitions can lead to a lot of confusion in the energy industry. As a result, the Committee of Chief Risk Officers redefined the term for energy companies. They coined a new term, operative risk, which includes both operational and operations risk. Operational risk is defined as the possibility of human frailties and failure to properly capture transactions, whereas operations risk is the risk associated with operating physical facilities. The two terms are similar and easily confused. It is more important for an organization to get a taxonomy that is broadly understood across its own organization, in which case I might use the term “administrative risk.” To summarize, the most important thing is that the taxonomy of ERM used is well understood across the organization because it is important to the acceptance of the entire ERM initiative.

Perkins: We have really resisted efforts to force things into really broad buckets like an operational risk. We do look at each individual risk and we categorize to bring those together into buckets such as governance risk or environmental items. We have not tried the categorization of risks into buckets as large as operational.

Rizzi: I have concerns about operational risk. I know how it is defined and it just is too broad. It is something we are working with to come up with numbers point of view.

Fraser: We don’t use the term “operational risk” as it too broad to be meaningful or helpful. If you are going to address risks in a holistic way you need to avoid artificial groupings. Banks like this term as it allows credit and market risk managers to maintain their silos. The question I have is when a loan goes bad because the collateral loses market value and the collection department does not move fast enough—was that loss due to credit risk, market risk, or operational risk and does it really matter? I do agree that this is an area that begs for further study not only as to the categorizations being used but also the purposes of those categorizations.

Hofmann: I agree with John. Using a common language is very helpful as long as we don’t lose sight of the objectives. Risks have traditionally been categorized to take advantage of specialized skills/expertise but organizations formed around these categorizations tended to work in silos. The ERM concept evolved to break these silos down, coordinate, influence, and apply a common thought process and risk tolerance. In addition, the most significant risks are often either unknown or combinations. The challenge is to benefit both from specialized expertise and the broader perspective.

Kolb: This is one area where I think academics might be able to make some kind of contribution. If we look at the way risks are classified, there is no standard taxonomy. Consider the four risks: market, financial, credit, and operational. Now think about the different risks that a firm faces if ERM is going to provide a totalizing framework. Let’s look at climate change, which poses great risk to companies. It’s not financial risk, not really market risk, not exactly credit risk, so it must be operational risk. From my point of view, the operational risk bucket has become “catch-all” for all sorts of different kinds of risks that are not at all commensurable. A challenge for people to work in ERM especially on the academic side is to work on improving the taxonomy so that it becomes meaningful and is a standard taxonomy that works for every firm.

Branson: I agree with Bob’s point of view that this certainly is an area where academics can contribute. Regarding Todd’s point, it is critical that within your organization, they understand a common language or taxonomy so that at a minimum, you are all speaking the same language within your group. A common pitfall to ERM implementation success is the failure to first establish this common risk language and definitions of such risk terms as frequency and impact.

QUESTION 4

Simkins: First, this question will be discussed by the corporate panelists.

Rizzi: I would like to see the view taught that risk management is not just a specialist sector. Second, I would like to see the human element. You are not just dealing with numbers. The way you pay people also impacts behavior. The other thing that I would ask for is to try and integrate the CFO functions and CRO functions.

Fraser: ERM requires a wide range of skills and many of these are being taught currently, the useful thing would be to see these put in the context of an organization as a whole. Currently, a number of the professions who have highly quantitative skills (actuaries, market risk, and insurance) are struggling with how to move from being a technician to being a risk manager or chief risk officer. A knowledge of quantitative analysis is good (essential?) but also a knowledge of bias and how human error can creep in to decision making is important (e.g., Long Term Capital Management). I remember reviewing the actuarial liabilities of an insurance company in the late 1970s and noted they were calculating actuarial liabilities to 17 decimal places with great pride for accuracy while using 3 percent interest rate assumptions at a time when prime rate was around 15 percent and this reality was not being reflected in the models. ERM is a contact sport and requires a high level of knowledge about human behavior, politics, marketing, and other business processes. Management methods such as management by objectives, governance principles, and the “Delphi” method all play a role in constructing an overarching holistic approach to risk management.

Perkins: Since ERM really is all encompassing, all employees in the entire culture should accept it. What I am going to say may sound pretty obvious to the finance folks but it may not be so obvious to nonfinance people. More than anything, all employees need to have a very solid understanding of the relationship between risk and return and to understand that risk is not always the bad thing. A thorough understanding of risk and communication of risk can actually lead to better decisions and better allocation of capital. I think there is also need for a basic understanding of the statistical concepts of probability of risk. Everyone needs to understand that a good outcome is not necessarily the result of a good decision and that a bad outcome is not necessarily the result of bad decision. Generally, all employees across the organization need to understand that risk decisions are implicit or explicit in virtually every decision they make.

Concessi: I will speak specifically from the viewpoint of a consulting firm that provides ERM services to clients and what they look for in employees. I agree with the things that Todd and Joe have listed. What consulting firms need is people with strong quantitative capabilities. We probably have one of the largest groups of energy transacting quants in North America. But somewhat surprisingly to me (because I am a simple engineer), quants are not all the same. Some of them are financial engineers, quants who know how to value a transaction, and some of them are specialists in risk measurement. The ones we need for ERM are the quants who understand risk engines—the mathematics of how risks are correlated and the ability to build systems and understand the mathematics behind those systems.

Simkins: What do you mean by risk engines?

Concessi: We frequently implement what we call high-end risk engines that don’t just look at market risk or credit risk, but they are able to look at risks that are correlated across risk types. Examples are systems like Algorithmics, SAS, and QuIC. You really need a risk engine quantitative expert in order to get those risks modeled properly. It goes beyond common sense. I think it is something like stress analysis in Monte Carlo analysis where you build a correlation structure to get interactions among different kinds of risks.

Hofmann: In our experience, the most effective risk teams include professionals from multiple disciplines. We have individuals with engineering, mathematics, finance, accounting, economics, physics, and other backgrounds. Some of the modeling can be complex but critical thinking, economic analysis, understanding probabilities versus uncertainty, and the ability to communicate effectively form the core. In addition, it is very helpful to be aware of how human biases such as recency, risk aversion, framing, and anchoring influence decisions. I am encouraged by efforts to design cross discipline programs and encourage you to leverage faculty from different disciplines including business, mathematics, engineering, and so on when designing risk management curricula.

Kolb: Betty asked me to bring a sample syllabus. ERM is such a new field there are so few courses on it. This is our stab at the course and this course is elective for the MBA program. It is also our first course in the MS in Finance concentration in Risk Management.⁷

Branson: As mentioned earlier, this fall we have launched a curriculum on ERM education through our Jenkins Graduate School of Management. The course provides an overview of ERM to expose both MBA and Master of Accounting program students to ERM concepts and practices. In spring 2008, we will offer two more courses—one focusing on risk measurement tools that will investigate both quantitative and qualitative risk assessment, as well as a corporate risk management and derivatives course.

We offer an ERM concentration in our Masters in Accounting program to meet the needs of professional services firms that are rapidly moving into the ERM space. I am not sure we can satisfy Pat’s needs mentioned earlier. Our program is not focused on the quantitative side of risk measurement and management. We are much more focused toward strategic planning and corporate governance and how ERM can contribute to those endeavors.

Kolb: As I mentioned, I am in finance and Bruce is in accounting so risk management in general and ERM in particular finds academic homes in different departments. At Loyola, risk management and ERM are housed mainly in the finance area. By contrast, at NC State, I gather that risk management is lodged more in the accounting area. It would not be at all surprising if other universities have management departments handling risk management. So it is not at all clear where the natural home is going to be in terms of academic organizations.

QUESTION 5

Simkins: In your response, I would like you to discuss whether you think ERM contributes to shareholder value. For example, can it reduce the cost of capital at your firm? We know that the ratings agencies incorporate whether a firm has ERM into the ratings methodology. This is well documented for the banking, financial institutions industry, and insurance. Both Moody’s and Standard & Poor’s are now refining guidelines for nonfinancial firms, too.

Rizzi: When people zero in on those types of things it only looks at one side of the question. You need to also consider “What is the cost to get the higher credit rating?” Did you forego some activity, which you could have earned more money or could have created more shareholder value? I would just caution people that when they look at those trying to justify ERM that they cover both sides—because lowering the cost of capital does not necessarily create value.

Simkins: Yes, I used the cost of capital as just one example. Please discuss any way it can create value. Earlier in our discussion, we all agreed ERM is a value-adding activity.

Rizzi: The basic problem comes down with risk management trying to add value. They don’t have any statues in the park for people who prevented a crisis. For me, I look at risk management as to whether or not your firm is successful. Risk management at the end of the day has to make sure that the company has access to markets to fund a plan under all market conditions. In other words, not just perfect market conditions that we have had for the last three to four years but bear market conditions, too. If we do that, I think we are successful as risk managers. If it worked only under one particular environment and when the environment shifted, the value went down the drain, then we are unsuccessful.

Perkins: Because we are a large highly regulated company, we view managing and maintaining our risk profile as one of the most critical aspects of our strategy. Our strategy is based on maintaining a low-risk profile: delivering regular, sustainable, predictable earnings growth, and achieving the best risk adjusted return in our industry. Our strategy is predicated on risk management and our risk profile. So ERM certainly adds value to the degree that it helps us with our risk profile and to maintain that risk profile.

Concessi: I certainly believe that ERM contributes to shareholder value and in two ways: first in determining capital adequacy, and second in being the driver for capital allocation. But I come back to the point Joe made about “no statues in the park.” It is a really interesting image to create here. If you have done a really good job of risk management, people won’t notice that nothing went wrong. We run into this challenge fairly frequently when clients want to do a cost-benefit study for implementing ERM. This presents a challenge because you don’t necessarily put a risk management program in place to earn more profit. Your focus is rather on reducing the probability of an unanticipated loss.

It’s interesting to look at related incidents such as one I saw last winter when working in Europe. Europe had a really warm fall last year and many utilities had hedged their gas demand. They knew how much gas they needed on a historic basis to produce the power they had already sold. To hedge this, they purchased gas to match the power they had sold. However, the weather was substantially warmer than normal, reducing power demand and they ended up selling their over hedged gas position into a market of falling prices. The effective hedge would be to not just look at your expected gas demand but also the relationship between weather, electricity demand, and price. That’s where ERM gets complex because you need to bring together these two separate functions that don’t often have to talk to each other. The market risk hedging function needs to start talking to the demand forecasting function. A really sophisticated hedging operation requires you to bring those circles together to increase shareholder value.

Branson: An example with rating agencies is in regulated industries including financial services, insurance, and the energy sector. Standard & Poor’s (S&P) is now explicitly incorporating an assessment of ERM programs when they conduct their evaluations. Just recently, S&P has announced that they will begin to incorporate ERM evaluations across a broad spectrum of new industry sectors. Findings of material deficiencies in ERM can lead to material changes in corporate credit ratings.

There are some other pressure points as well. The NYSE now requires members of the audit committee to explicitly engage in discussions on risk and risk management policies across the organizations they serve. The recent Disney case also is an example. The Delaware Court’s findings can be interpreted as placing expanded responsibility on corporate directors to be aware of best practices in risk management so that they may be fully protected by the “business judgment” rule. ERM is arguably an emerging best practice for the management of corporate risks.

Fraser: I find it useful to think about organizations that do not have ERM (but should) and then ask if those that appear to be doing well are due to skill or luck. Imagine an organization where the board has one view of risks, while executive management another and line managers each have their own. Imagine a board that does not clearly understand the major risks to achieving its stated objectives. Imagine an organization where on the largest projects, or for the largest risks and or within each division there is no common discussion, agreement, and prioritization of the risks and how resources should be allocated fairly. If you can imagine organizations with these characteristics then you have an organization without ERM. However, when ERM is implemented successfully then you have the opposite—which we believe adds value: fewer surprises, and a common understanding and alignment of goals, risks, and mitigants. Measures would include reduced cost of capital due to meeting rating agency expectations, better comfort for shareholders and the investment community that the business is well managed, and better morale among staff in knowing that resources are allocated fairly across the organization based on agreed risk tolerances.

ERM is of greatest value to organizations in a rapidly changing industry, or for an organization undergoing great change or where the management team is new or changing. For a stable management team within a stable organization within a stable industry there is little need for ERM as there is less uncertainty and a greater common understanding of the business risks.

Hofmann: Understanding how we add value is not always easy but helps us adjust and prioritize. I am very fortunate to work for a private company and regularly review progress with our owners. Their perspective has been that effective risk management helps protect our capital but that is not sufficient without also helping improve risk-adjusted decision making. We therefore start with a “no surprises” (versus no loss) goal and also evaluate how we have helped improve decisions. Fortunately, we have specific measurable examples of profitable behavior changes and are confident that applying our economic capital framework adds significant value. I think the challenge for all of us is to develop good measures without falling into the trap of focusing too much on what is easy to measure. For example, it is easy for a credit person to measure losses and become risk averse. Measuring the lost opportunity of this risk aversion is much more challenging but may actually be more important.

QUESTION 6

Simkins: As part of Question 6, I would like panelists to discuss, if applicable, the following topics which are all related to the question: Do you think a separate ERM group is necessary in the organizational structure or what organizational structure is best? What skill sets do you think a chief risk officer should have? What is the role of the board of directors in this process and committees such as the audit committee? What role does resource allocation and culture change play in ERM? If possible, discuss the disclosure process in ERM and if this process is audited in your company. Joe, let’s begin with you first.

Rizzi: One of the things that we struggled with is: Where does the ERM function best fit in the organizational structure? What we decided is that there was no one structure but a series of options. The structure that we ended up using is the one reporting directly to RISK. Let me give you the reasons why. You do not really need a separate ERM group as that just adds another layer of bureaucracy. What you need is an ERM-type function that is composed of the risk people and the business people and is embedded with management. We want a real ERM-type function. What we tried to do is move into the implementation phase and this is the dashboard I mentioned earlier (see Exhibit 21.2 again). The reason why I think this so important is that it really allows you to take positions. People have to comment on what’s right and what’s wrong with it; it’s a report that comes out every month. Our senior management used it. In addition, six to seven reports from internal audit used it. Basically it was about 20-page report that drilled down to each of these areas.

Fraser: I’d like to pick up on Joe’s comment regarding ERM adding a layer of bureaucracy. While that happens in some models it is not the only way of doing things. Our model for ERM has the CRO’s role as a facilitator and to develop and implement the ERM methodology. Line managers manage their risks and make the risk decisions. Our role is to help ensure transparency and a common understanding. There certainly are models like in many financial institutions where the centralized risk group makes or vetoes key decisions. Our ERM group is seen as an enabler and not as a threat to management’s independence.

Perkins: In order for ERM to be effective, I believe first and foremost it requires a commitment from the very top levels of management including the board of directors. Also, it requires a certain level of risk awareness throughout the organization and a culture that is structured and allows open communication of risk issues. In addition, it is important to have a very engaged board of directors both in terms of ensuring that the ERM process is in place and also a board that is actively overseeing the major risks that are identified through the ERM process. Different organizational structures can achieve this, perhaps even some that do not have an ERM dedicated group. At Southern Company, we have a very small ERM group that draws upon resources and people across the organization. Having an ERM group is really just a place where it comes together and is a coordination function. However ERM is structured in the organization, it is critical it integrate it with strategic planning and governance. At Southern Company, ERM has been structured in the same organization as strategic planning but also works closely with our legal organization.

Branson: Does your board have a risk management committee?

Perkins: Our board does not but this is something that we are currently moving toward. Although it’s not fully implemented, we are assigning our major risks to various committees of the board. While we don’t have a risk management committee, we do believe that the other committees—the finance committee, the audit committee, and governance committee—can effectively address major risks.

Branson: Certainly one of the things that we see in many of the companies that we talk to is that often it’s the audit committee of the board that ends up with chief oversight responsibility for the ERM program. The reality is that the audit committee is swamped with other responsibilities as a function of the Sarbanes-Oxley legislation. There seems to be an emerging best practice leading to the development of a dedicated risk management committee that can sit on top of the ERM function and led by a chief risk officer with a direct reporting line to the board. This helps the board understand and oversee the ERM process.

Simkins: How many companies are you aware that have risk committees of the board?

Branson: I see it as an emerging best practice but not something that we see regularly.

Concessi: I would strongly recommend that during the implementation phase of ERM, there should be at least a small group of people who are dedicated to it full time. I have worked in implementations where the organization assigned responsibility to a number of people on a part-time basis. Implementation is just too time-intensive to get it done that way. The implementation phase is often more prolonged than people anticipate. I think there needs to have a dedicated small team in place.

The next question is whether those resources should be centralized or decentralized and there are pros and cons. If you focus on a centralized team, you will be emphasizing the bringing together of the risk measures and the consolidation. On the other hand, with a decentralized process, you are saying that people in the business units, who are closer to the risks, are better able to identify the risks and decide what the most appropriate measures are to address those risks. A critical topic is “whose risk measure are you going to use?” because business units will probably have their own risk measures.

In the most comprehensive ERM project that I worked on, a small centralized group was dedicated during the implementation. These people were in the corporate strategy group and once the implementation was finished, they returned to corporate strategy.

Hofmann: I think the specifics are dependent on the management approach and culture of the individual firm. In our case, we invest in a lot of different businesses and use a mostly decentralized approach but with very hands-on oversight. We considered both centralized and decentralized risk management approaches and concluded that we needed both. The business risk teams are responsible for understanding their business and helping improve decisions at that level. The Koch Industries team ensures needed capabilities exist, serve as a resource, aggregate all risks, support investment decisions, and provide governance and oversight. We focus a lot of our time on driving our vision, risk mentality, and economic capital approach while also trying to understand aggregate performance drivers and broader economic and strategic risks.

Fraser: What I’d like to add is that there are different types of skill required to make ERM successful. First, there has to be a real driving force, or champion at the right level. This often has more to do with their credibility than status. Secondly, there has to be some staff with the charisma and approachable personality that managers are going to feel comfortable with and who will be good at facilitating discussions, workshops, and the like. Lastly, there needs to be the analytical type(s) who manage large volumes of data and metrics and can produce the quantitative information required. These personality types are rarely to be found in one person and care has to be given to having this eclectic skill set working as a team.

QUESTION 7

Simkins: This is an important area companies actively pursuing ERM are facing. Todd brought up the term “ERM fatigue” earlier, which I think applies to this. When responding to this question, please mention, where relevant, your comments related to the authority process, asset allocation process, compensation, risk adjusted economic capital, or corporate strategy.

Perkins: To keep ERM actionable, you need specific, well-defined board of directors’ responsibilities. At Southern Company, the board committees have specific risk-related responsibilities defined in their charters. Taking it down a level, specific, well-defined management accountabilities and reporting requirements are needed. Similar to our board, members of senior management are in risk committees and groups that have charters with clear accountabilities and responsibilities. We have a company-wide framework that lays out those responsibilities. In fact, the framework uses language similar to what Joe mentioned earlier such as defining everyone as a risk manager and making ERM part of their goals. We do that explicitly at the senior management level and discuss how to integrate with strategic planning. It is very important for our ERM group to deliver specific value-added services to the company and not be seen as just another group.

Rizzi: I will follow up on a few of the things you mentioned. I think the way to keep ERM actionable is getting it into the planning process and into the compensation process. If you do that, people will take it seriously. To bring in the element of strategic risk, it was brought home to me this year rather clearly. My current organization was relatively good at the technical aspects of risk management, but missed the strategic element of risk and ended up getting involved in a rather messy takeover battle. At the end of the day, what managers are focusing on is not so much the shareholder risk as much as their job risk.

Fraser: Some of the ways we keep ERM actionable are ensuring that out of every risk workshop there are champions identified and specific actions to address the risks that are considered intolerable. We also find that doing corporate risk profiles every six moths is about right for us and keeps the key business objectives and risks on the table for discussion and assessment. In terms of funding, in our business planning process, all capital and operating funding is based on mitigating risks that are intolerable according to our corporate risk tolerances, thus forcing managers to articulate their funding needs in terms of meeting business objectives and dealing with the related risks, that is, no risk means no funds. This was a major part of the culture change management required in implementing ERM.

Simkins: This is a good point to talk about the subprime crisis, specifically the structured finance risk management failure that happened this past summer. Many of these companies had enterprise risk management programs in place. Were their ERM programs flawed?

Rizzi: This topic has been bothering me the most. I’m trying to figure out whether I should wear a bag over my head because we spent billions of dollars on risk management and as a financial organization or industry, we missed it. And how did we miss it? I think it came down again to the issue of how people were compensated. If you have an annual bonus situation and if you can play around with the options which are imbedded in these products, you can create a nice steady stream of income and also increase it if you want. The tail risk is open. You will make a nice bonus for four years in a row and eventually you get caught, but then you’re on to your next job. That is where I think enterprise risk and risk management as a profession has got to pick up the human element. It’s not just numbers and when you miss that, all heck breaks loose. You could replicate that by just taking a position in the index and have exposure—you’d be liquid and could diversify. But you can’t get a bonus for doing that. So you can take all these illiquid products that can be value-based upon a model, again which brings in the human element. That’s why I say we must bring in people, human behavior, into the equation to correct this problem.

Simkins: If they could go back in time and change the ERM process for these companies, what should they have done different to catch this?

Rizzi: Well, here’s the problem that I’m struggling with. The chief executive officer is getting paid based upon options. He’s going to roll the dice as well and this makes his options more valuable. The subordinates are lining up to a bonus schedule so they will roll the dice as well. So let’s fix that. Well, Warren Buffett tried to do that with Salomon Brothers. You lose all the bankers. If you’re the first player to move toward a more rational payment program for your employees, you lose all your talent.

Academics are going to have fun with this. With the 1980s crash, you look back at it and say that it wasn’t supposed to happen. This wasn’t supposed to happen either. Okay—but it did.

Fraser: I’d like to point out that ERM does not guarantee that people will do their jobs and therefore that specific risks will not hurt you. I do not view the subprime crises as a failure of ERM. I am sure that there are many companies who avoided these losses either through ERM or just good management. This was a failure of “credit or market risk management” depending at the stage of the product chain (e.g., relying on debt insurance from companies lacking adequate resources). Poor credit risk management is due to those credit managers and boards who believed that lending money to people without jobs or collateral was a safe bet, and poor market risk was evidenced from those trading the product who believed that overheated rising markets go on forever. More needs to be studied about the smart companies who avoided this risky business and what made them smarter (or luckier), as well as the relationship between the size of losses and the general quality of management of the companies with losses.

Hofmann: I think this is a good example of how difficult it is to actually maintain effective risk management. It is not just the identification and modeling but even more importantly how we influence decision making and behavior. Do we really have a clear vision and risk mentality? Do we maintain the discipline to stay within that tolerance without getting caught up in euphoria or rationalization? Are we too busy with details to think about the big bets and core and often only implied assumptions? At Koch, we start with the premise that the future is unknown and unknowable. We consider a lot of scenarios but because we cannot know the future focus on maintaining discipline, communicating effectively, and balancing our business profiles. Most of all, we assume that we will be wrong and try to ensure that no matter what happens we protect our ability to survive and have options to continue our growth strategy.

Simkins: Pat, would you like to talk about the climate change initiative?

Concessi: Climate change is an emerging risk for a broad range of companies. Certainly it is a significant risk for electricity generators and oil and gas companies that have significant CO₂ emissions. And it is also a risk for financial institutions that may be trading carbon instruments, as well as lending to companies that emit large volumes of CO₂. In the U.S., the topic of carbon regulation has become a matter of “when” not “if,” as both presidential candidates support creation of carbon markets, and regional markets are being developed in the northeast, California, the western states, and the mid-west. So carbon will become a potentially significant financial risk for large emitters. We are working with a number of companies to help them develop scenarios for future carbon legislation, to address their regulatory risk.

The risks associated with climate change are broader than just the risks associated with CO₂ emission. Companies should also be looking at their risk from the changing climate on the demand for their products and on their physical assets. These are termed their “climate change adaptation” risks. Risks related to climate change arise across the organization, are significantly correlated, and include all risk types. This makes them well suited to treatment with an ERM approach. The first step is to do risk identification, specifically on the climate change topic, to ensure that these new risks are included in your ERM process.

QUESTION 8

Simkins: Let’s move to the final question. There are two parts to this question and let’s just start with the first part. We’re always looking for new research ideas. I would like to start with Bruce.

Branson: We’ve heard several ideas in our conversations today that could benefit from academic investigation. I will also add a few comments from the handout that is available. In this document, I’ve listed a number of research questions that the ERM initiative has identified as opportunities for more research.⁸ An approach we have taken is to pull together a group of faculty at NC State interested in ERM and provide funding for them to conduct research that integrates with their existing research interests and skills. It’s difficult to ask researchers that have invested a lot of time and effort into developing a skill set to think about engaging in a line of research where it’s not clear where that research may ultimately be published. What we have tried to do is to encourage faculty to leverage their areas of expertise but to try and address the risk management question that would logically fit in within our focus on ERM. To do that, we floated requests for papers and requests for curriculum development. We had a group of faculty in the college respond to that call and they are engaged in six different projects, several of which have produced working papers and published papers.

What accompanied that call for papers was a list of questions that we thought were logical areas of inquiry. The questions span the gamut of various disciplines within traditional business schools. From this group, I think clearly one of the things we’ve heard today is maybe a real need to better understand ways that we might quantify some of these risks that fall in the operations area or operational risk. Another area where research is needed is to better understand correlations across these various risk categories or silos.

I mentioned the ERM initiative web site earlier, www.erm.ncsu.edu, and I encourage anyone interested in ERM and research on this topic to visit our web site. We have assembled significant resources such as a variety of funded projects underway by our NC State faculty and links to other research. We also have partnered with a group of faculty around the country and internationally that we refer to as our ERM Initiative Research Fellows. We’ve engaged with them to help us as additional eyes and ears—to help us be aware of ERM research or business press articles that they run across.

Simkins: Bob would you like to comment about the academic research?

Kolb: Well three things. First, and this is something we’ve already talked about: “How do you square finance theory with enterprise risk management?” Or does finance theory ultimately oppose enterprise risk management? Second, I think there are going to be more outlets for research in this area and we’re offering one. We’re going to have an annual risk management conference that will result in a published monogram. Finally, I think the field is wide open for research and it’s now just becoming ripe for research. Let me explain what I mean by that. If you look at what’s been written along the lines of research today, it’s largely anecdotal or case studies. And the reason for that of course is because there’s not much data available yet. And I think we’re right on the cusp of having enough experience with corporations such that one can start doing such empirical studies with sample sizes that are sufficient to give validity. In fact, one of the papers on the program at this conference, a paper authored by Richard Warr and Don Pagach, investigates financial results from enterprise risk management and finds the event that divides the non-ERM and the ERM is the appointment of a chief risk officer.⁹ So I think we’re right on the verge of actually being able to do a lot of research in this area across the full range of issues.

Simkins: Would any of our industry speakers like to comment on research ideas?

Rizzi: Just to follow up on what I said before, I was focusing on bringing some of the behavioral finance elements into risk management. It’s not just the number crunching. Does the structured finance debacle of the summer represent a failure of quantitative risk management? There are going to be a lot of people answering a lot of questions.

Hofmann: I agree and would also encourage more work in the area of decision making under uncertainty and when to apply and not apply common estimation methodologies.

Fraser: I think the research opportunities for enterprise risk management are endless. Little has been written to date in academia on ERM, despite the vast numbers of people and organizations now attempting it. Much of what has been written outside of academia has been by consulting firms with their own agenda and marketing motives. It is still an evolving science and therefore case studies and identifying “best practices” is needed, just like in the early days of exploration when new countries were first discovered (e.g., Darwin). What is succeeding? Why do so many fail? There is still mass confusion (Tower of Babble) where there is not even a semblance of alignment among the disciplines (even those present in this discussion) as to what ERM is. Comparative analysis studies of areas such as risk tolerances, risk profiles, and ERM policies would be of great benefit to the next generation of implementers and students. To produce someone who really understands and can deliver ERM requires a mixture of skills not currently found in any given discipline. Therefore, the challenge will be teaching methods and skills that may be outside of the academics area of comfort, for example, controls, workshop facilitation, risk tolerance bias, opinion bias, organizational behavior, nonfinancial risks like safety and environmental and reputation, governance, strategic planning, performance measurement, and so forth. I get calls from people asking where they can get trained and to date North Carolina State U is the only real ERM course of which I am aware.

Kolb: I think we really don’t know much about the intricacies of the recent failure. But let me give you an example of where there is perhaps a parallel opportunity for disaster that hasn’t occurred yet, and that is in the “carry trade.”¹⁰ The carry trade essentially bets against the interest rate parity theorem. And it is successful, and apparently continues to be successful year after year even though it shouldn’t be working. But it has been working—lots and lots of people are doing it. It’s kind of a lemming effect. And I think maybe that was the case with the mess this summer and going all the way back to Long-Term Capital Management. You have a kind of herd behavior. People act in a certain way that’s maybe not a failure to perceive the risk according to the models, but a failure of management to abstain from doing those things that are against the models and contrary to our understanding, just because they seem to be working presently.

Simkins: Next, get out your crystal ball and I would like you to give your forecast of what you think is going to happen over the next decade in ERM. And you’re going to go down in print on this, so we’re going to hold you to your forecast.

Concessi: I think we need to develop more sophisticated risk measurement applications. The ability to meaningfully quantify risk is impeding a lot of implementation right now. We also need to get better at identifying and addressing the really big risks that we are currently not capturing. If companies keep having losses that result from things that aren’t captured by the ERM program, and if those losses are relatively significant or larger than the risks that are captured, I think that would frustrate the whole development of ERM.

Kolb: I think certain kind of risks all get lumped into operational risks, but these risks are really very different. For example, in many classifications of risk we find the ethical failure of people at a high level in the organization, such as CEOs and directors, getting lumped together with completely different risks, such as natural catastrophes. Unless there is some work done at sorting those out and dealing with those really complex issues, say the differences between ethical failures and natural catastrophes, I think ERM can’t fully succeed.

Perkins: I guess to really just piggyback on that, I think we’ll see development down both of those paths. I think the quantification is critical that we do move forward on that but there are the qualitative aspects that have a long way to go. As we move forward, ERM is going to more and more become not a program, but part of a company’s culture. I think it has to be viewed that way to be successful. One last thing, the ERM process needs to ultimately feed into the disclosure process and be effectively communicated to investors and stakeholders.

Rizzi: I guess my three observations going forward would be: First, if the culture shift takes place and everyone becomes a risk manager, ERM’s function will basically disappear. It will be pushed into the business units just like strategic planning for the most part. Second, I think we will see happen in the financial organizations—the CRO and the CFO function are going to merge. They have to merge because right now it is just dysfunctional the way they work.

Branson: I think it’s possible that we may not hear the term “enterprise risk management” specifically but it will be there; it’s been successful; it’s become simply the way certain companies do business. It will be embedded in their culture and an important part of the regular strategic planning activity of the board and in the development of business plans. We just won’t be calling it ERM (perhaps). It’s there and it’s just good business at that point.

Simkins: We are now at the end of the roundtable discussion. Time will tell as to how ERM will evolve over time. ERM holds great promise and in my opinion, it is the natural evolution of risk management—whether we refer to it by name or it just becomes embedded in the culture.

In our discussion, we have covered many important aspects and highlighted excellent research opportunities on ERM. I would like to encourage academics to closely collaborate with practitioners to conduct research in these key areas of need. One way to do this is through PDDARI, which stands for Practitioner Demand Driven Academic Research Initiative. The FMA has established this research initiative to facilitate applied research, such as what we discuss in this roundtable, between academics and practitioners.¹¹

Please join me in thanking our panelists for sharing their expertise with us in this thought provoking discussion.