ERM - UnitedHealth Group
Originally Published: July 01, 2005
Enterprise Risk Management (ERM) is a discipline at UnitedHealth Group that identifies risks and alleviates negative exposures while profiting from positive opportunities. The risks can range from financial reporting and compliance to planned business risks.
Some companies are adhering to Sarbanes Oxley Act (SOX) compliance and have not yet embraced ERM. However, SOX does not address some of the important value adding elements for stakeholders-strategic business risk and market/business environmental risks. The goal of ERM is to provide value and not primarily focus on enforcing risk reporting and monitoring.
Executive management can more effectively handle uncertainty in both positive and negative risks with an ERM model and process. The key is focusing on the recognition of risks and mitigating those risks within a suitable tolerance level.
UnitedHealth Group's mission is to improve the healthcare system. After the implementation of Business Risk Management (BRM) into their six diverse operating businesses, UnitedHealth Group believed they were prepared to fully integrate ERM into their business culture.
Business Risk Management is a process used to accomplish the following goals:
• create a framework to manage risks and
concurrently increase stakeholder value;
• build confidence in managers making decisions dealing with risks, and
• eliminate surprises that are avoidable.
After using BRM, value creation, accountability and transparency became the focus thereby creating an ERM discipline. Four ways to enforce stakeholder value are through awareness, alignment, resolution and accountability. In order to achieve success with BRM and ERM, UnitedHealth Group uses a number of on-going measures to stay on course. They recognize the importance of executive backing, strategic risk management, accountability, standardization, diversification, improvement persistence, and understanding the necessity to remain practical when the need exists.