As a result of pressures from regulators, ratings agencies, and shareholders, many companies began to seriously look at implementing ERM or expanding their ERM programs, both to prevent future losses and to manage uncertainty. Responsibility for enterprise risk management began to move up the corporate food chain.

In the "Accenture 2013 Global Risk Management Study," 98 percent of respondents said risk management is a higher priority for their company today than it was two years ago. Ninety-six percent said the owner of risk management in the company reports directly to the CEO. And 81 percent said the risk management owner regularly discusses risk with the company's board. As Steve Culp, global managing director for Accenture's risk management practice, told Treasury & Risk back in October: "In 2009, when Accenture first undertook the study, risk management was moving beyond compliance. By 2011, it was becoming a source of competitive advantage for many businesses. Today risk management is increasingly connected within multiple aspects of organizations, including governance and leadership structures, analytics and reporting outputs, integration and alignment with other key functions in the investment and decision-making process, and importantly in the talent agenda."

The growing integration of risk management into processes for making investment, liquidity, and other strategic decisions is exemplified by the winners of this year's Alexander Hamilton Awards, sponsored by Kyriba and Strategic Treasurer. "Our philosophy is 'Everyone's a risk manager,'" says Erike Young, deputy director of ERM and director of environment, health, and safety for the University of California's Office of the President. "Anyone who's in a management position technically manages some type of risk."

The University of California may consider a large proportion of its 200,000 employees to be risk managers, but before it launched an ERM initiative in 2004, it was unable to uniformly manage risks. Processes and systems were disparate, and consolidating information was tedious at best. However, with the help of business intelligence software, Young and his colleagues established an organization-wide view of risk management. Today they distribute reports on key risks on a monthly basis, and users who want more details on those risks can get them with the click of a button.

Young's department has also undertaken a campaign to educate faculty and staff throughout the university system about the benefits of ERM. "We've actually started to use the term 'collaborative risk management' in addition to 'enterprise risk management,'" he says. "What ERM, or collaborative risk management, does is change the tone of the discussion from 'This is another compliance requirement' to 'Here's how these risk management procedures will support the university's mission of education, research, and public service.'"

The Alexander Hamilton Award-winning project at Siemens Capital Company focuses in on the management of counterparty credit risk. Even so, the project is broad in vision and in operational scope. Siemens Capital Company consolidates credit information about customers—both external information and internal experiences of Siemens business units around the world. Then the group assigns each customer a risk rating and distributes the risk ratings and other key insights about the counterparty's credit risk to the business units that work with the customer.

Like the University of California, the Siemens Capital team has discovered the power of risk management initiatives to bring together disparate parts of a large organization. "Collaboration among local credit teams on the ground, and between those teams and the Siemens credit warehouse team, is creating new opportunities to raise risk awareness across Siemens," says Doug Schoch, vice president with Siemens Capital Company and relationship manager for the captive business. Participating units have begun sharing ideas and discussing their common challenges, and the credit warehouse is enabling those conversations. Local teams are learning from one another, and the exchange of information is promoting process improvement."

Microsoft, this year's other winner in the ERM category, already had a centralized treasury and risk management infrastructure. But in reaction to events in the financial systems in Greece, Libya, Egypt, and other countries, the company undertook an initiative to reduce risk to its cash balances by rolling out a trio of sophisticated processes around the world: a zero-balance account structure, automated balance sweeps between banks, and a payments-on-behalf-of system.

The new systems minimize the volume of cash Microsoft holds in-country, and they've freed up a good deal of treasury's time for activities that are more strategic than just monitoring cash balances. "We have moved from being more transaction-focused to becoming very business-focused," says Jim Scurlock, senior manager of global cash management. "Treasury, capital management, and liquidity are key for any organization. Treasury needs to be an active participant in a lot of the leadership conversations that happen. It's important to have treasury sitting at the table to help ensure that the company is making the right decisions."

The best way to earn a seat at the table in strategic decision-making is to demonstrate the value of the treasury and risk management functions. All three of this year's Alexander Hamilton Award winners have passed that test with flying colors. They have taken on big projects that have given senior management a bird's-eye view of corporate risk.

Here are their stories.

Revamping Credit Management Around the World

Munich, Germany-based Siemens AG does business through affiliates in the energy, healthcare, manufacturing, and metropolitan-infrastructure­ sectors around the world. Although Siemens has centralized some financial services, individual business units manage their own credit and collections processes. Several years ago, that became a source of concern for corporate management.

"Although each credit team limited the exposure of its business unit to credit risk from any particular counterparty, we knew that the company overall had large exposures to some of our biggest customers," says Doug Schoch, vice president with Siemens Capital Company LLC USA and relationship manager for the captive business. "As the world economy began to falter and some of our major customers started having financial difficulties, we needed to be able to see which companies posed extraordinary credit risk to Siemens globally. That wasn't feasible when the data was stored in dozens of different databases around the world."

In 2008, Siemens launched an initiative designed to improve transparency into customer credit data. As a first step, it began consolidating information about short-term receivables from business units across the company. A credit warehouse group was formed within the corporate treasury function. This group built a data warehouse to store commercial customer data and then developed connectors between the database and individual business units' SAP enterprise resource planning (ERP) systems. Trade receivables from across the company began to transfer into the credit warehouse database on a daily basis via automated file transfers.

Then the credit warehouse team developed a system to assign a Siemens-level credit risk rating to each commercial customer. In addition to information about experiences with the customer compiled from different Siemens business units, the internal credit risk ratings are based on data from external ratings agencies and the customer company's financial reports, as well as credit reports. Depending on the level of Siemens' exposure to the customer, the credit warehouse automatically generates the risk rating for the customer or else an analyst manually reviews the account and assigns the risk rating.

A front-end application provides Siemens business units with access to the credit warehouse database. For each commercial customer, users with the appropriate permissions can see the overall Siemens exposure to that company, the internal risk ratings for the company, and the company's credit reports. "Previously, it was difficult for any business unit to get a holistic perspective of credit risk or of the receivables portfolio of Siemens as a whole," says Akhnaton Ngweh, a risk analyst with Siemens Capital Company LLC USA. "Today, a customer's risk profile provides a comprehensive, high-level perspective on the customer's overall risk, and the standardized methodology of the risk ratings helps ensure consistent handling and comparisons across Siemens. By combining this new outlook with their own expertise, local teams can make more-informed decisions."

Business units are using information from the credit warehouse in up-front credit approval decisions, to inform the collections process, and to determine how much to set aside in reserve for each open account. "The business units can use the credit warehouse information in making decisions about whether to extend credit to a particular customer," says Ngweh. "They can also use it in deciding whether to continue doing business with the customer and whether to take additional risk mitigation measures with that customer. And because the credit warehouse provides a holistic view of the risk profile of each customer, some business units have been able to use that knowledge to decide which pricing approach or terms of sale are most appropriate."

The credit warehouse team also built functionality that can automatically transfer the internal risk ratings from the database back to the SAP system of a Siemens business unit, to make use of the metrics even easier to incorporate into day-to-day processes. A daily rating-change report can show up in business units' ERP systems, as well. "The local teams are constantly being challenged to achieve more with tight resources," says Ngweh. "The risk ratings help in this regard because they provide a quick, reliable, and cost-effective measure of credit risk." On top of providing valuable insight into customer credit, the warehouse saves Siemens time by providing consistent credit information globally, avoiding the duplication of effort that may occur when a business unit is assessing credit for a customer base that may overlap with other Siemens divisions.

Siemens does not require business units to adopt the credit warehouse processes, and some groups have been faster to see the benefits than others. "The risk ratings are a bit of a new concept," says Ngweh. "The business units' credit managers are experienced professionals, and they have established their own processes for reviewing accounts through many years on the job. So one area of focus for the credit warehouse project has been to educate other groups to explain the value of the product."

To build buy-in, the credit warehouse team has invited credit and collection managers from across the company to attend collaborative education sessions. "The goal is to show them how they can use our risk rating information in their processes," Ngweh says. "We show them how we develop the risk ratings. We also share success stories of how different units are using our information."

One of the most important results of these sessions—and of the credit warehouse overall­—may be the increase in communication that has emerged among different credit and collections organizations. "The different credit managers are communicating with other Siemens entities to understand payment experiences and terms for customers they share," says Ngweh. "One business unit can avoid extending additional credit to a customer that has a past-due account with another unit. The business units are also sharing best practices."

Adds Schoch: "Collaboration among local credit teams on the ground, and between those teams and the Siemens credit warehouse team, is creating new opportunities to raise risk awareness across Siemens. Participating units have begun sharing ideas and discussing their common challenges, and the credit warehouse is enabling those conversations. Local teams are learning from one another, and the exchange of information is promoting process improvement."

Now the credit warehouse team is looking at ways to extend the information consolidation to support Siemens' procurement function. "We realized that some of our customers could also be our suppliers," says Ngweh. "So we thought that the tool could also help procurement users assess supplier risks. We're now helping advise procurement staff on how they can use our resources to assess the financial risks posed by different suppliers."

Repositioning ERM as Collaborative Risk Management

In a corporate environment, the support of senior management tends to help a project progress smoothly. In academia, however, leadership support doesn't necessarily translate into widespread buy-in. "At the University of California, we encourage academic freedom," says Erike Young, deputy director of ERM and director of environment, health, and safety for the university's Office of the President. "Corporations tend to have a certain way of doing things that is consistent between locations, but our campuses pride themselves on being different. Academically, we certainly want that. But from a risk management standpoint, we need consistency."

In 2004, an assortment of different risk management programs were in place across the 10 campuses and 5 medical centers in the University of California system, but no one had a big-picture view of risks organization-wide. "We had a lot of data, but we weren't doing anything with it," Young says. The UC Office of the President launched an ERM program in 2004, pulling risk information from across the organization into data warehouses. A few years later, analysis of this data was still manual and very time-consuming. "We needed a technology solution that would let us combine the data from disparate data sources and then easily analyze that data to gain a clear picture of risks across the organization," Young says.

That's exactly what Young and his colleagues set out to do. In 2009, the university deployed Cognos business intelligence software and, as a proof of concept, created a dashboard revealing key information about workers' comp claims. "Most universities keep an eye on the number of workers' comp injuries for every 100 full-time employees, but most of our campuses weren't looking at this regularly," Young explains. "Among our 200,000 employees, we had about 8,700 injuries at an ultimate cost of about $90 million annually. Tracking them manually would have required a full-time position in each department, so at most, they would run the numbers once a year at the campus level. We set up the Cognos tool to analyze workers' comp claims. Now, with the click of a button, we can see the data at the university level, the campus level, or the department level. We can see a five-year trend. What would have taken a tremendous amount of time to do manually now takes a couple of seconds."

The benefits of this level of visibility were immediately clear, so the university launched the "Working Smarter" initiative with the goal of implementing a system of targeted risk dashboards across all UC campuses. The UC Office of Risk Services was responsible for identifying key risk indicators in areas such as ergonomics, foreign travel, human capital, and medical quality control. Young and his colleagues in the Office of the President convened a panel of vice chancellors, controllers, chief risk officers, and other key managers from each campus to provide input and feedback on their plans for the risk dashboards. They also interviewed more than 300 executives, process owners, and program managers from across the university about their risk management concerns.

Through this process, Young and his colleagues identified 157 key risk indicators and developed 41 dashboards. Today the university maintains a data warehouse that collects source information for the dashboards from personnel data, student information, facilities, etc.

For the majority of users of risk information, the Office of the President pushes out PDF versions of the risk dashboards; most of these reports are generated and distributed on a monthly basis. "The reports show at a glance how well we're doing, with red, yellow, and green light indicators," Young says. "And if senior leadership sees that they're in the red, they're going to find out why. They also pay attention to how they're doing relative to the other campuses. Our campuses have begun competing not just in football, but in metrics." Staff members who want to drill down into the reports' information can do so through the dashboards; permissions are assigned according to the individual's role at the university.

Young and his colleagues educate other university staff about enterprise risk management in general, and the dashboards in particular, through an annual risk summit. The university held its first risk summit in 2005, an event that brought together 143 people. One of its primary goals was to reduce the university's total cost of risk by 15 percent over two years. The ERM program exceeded that initial goal handily, reducing the cost of risk by around 20 percent in the first 18 months. This success convinced the university to extend both the ERM program and the risk summit. Last year's summit included more than 1,100 participants.

"Everyone in the university is invited to attend the risk summit," Young explains. "Our philosophy is 'Everyone's a risk manager.' That's another way to describe ERM. Anyone who's in a management position technically manages some type of risk. So the risk summit includes all kinds of people—for example, rec center directors, occupational health managers, food safety directors, and managers in student affairs. It's a two-day meeting, during which we talk about what ERM is, explain new tools we have available, and share best practices that some of our campuses are doing. We also use it as an opportunity for marketing the idea that ERM is a good thing." The marketing campaign is paying off. Staff across the university's many locations have begun thinking about risk on a daily basis.

Because the university has been able to more accurately allocate resources to the activities that prevent injuries, it has cut workers' comp claims in half—from 8,700 injuries costing more than $90 million per year to 5,000 injuries with an ultimate cost of around $45 million per year. The school has identified over $7 million in savings just by having employees elect to receive their W-2 forms electronically, an activity that is monitored and reported to senior leadership via a dashboard. The Working Smarter program has reduced the insurance rates the university pays for general liability and employment practices policies, and it's even reduced the cost of the university's debt. "Standard & Poor's indicated in their RatingsDirect analysis of UC that ERM is a credit strength for us," Young says. "Our total average annual borrowing exceeds $10 billion. While we can't quantify the exact effect of our ERM program on the rates we pay, if it saves us just 0.1 percent, that would add up to $10 million in annual savings." All told, Young estimates that the Working Smarter program has saved the university $700 million over seven years.

That said, cost savings and compliance are not always the most powerful motivators among faculty members. "On the administrative side, we've achieved really good adoption of the ERM program," Young says. "Now we're working on expanding adoption on the academic side and in some other areas. The ERM team is playing a role of coach and facilitator, trying to have more of an open discussion about risk management. We've actually started to use the term 'collaborative risk management' in addition to the more familiar 'enterprise risk management,' with the idea that the Working Smarter program is a collaboration. It's about breaking down the silos. When we can understand operational and reputational risks at the university level, we can make better decisions in allocating resources."

Young and his colleagues are also helping faculty understand what ERM has to offer them at the individual or department level. "Take lab safety, for example," he says. "From a risk optimization perspective, we want to be the university of choice so that employers are eager to hire our graduates. We also want to be the university where parents want to send their kids. To accomplish these goals, we need to have the best safety program. What ERM, or collaborative risk management, does is change the tone of the discussion from 'This is another compliance requirement' to 'Here's how these risk management procedures will support the university's mission of education, research, and public service.'"

Bird's-Eye View of Corporate Risk

With 120,000 employees around the world, Microsoft is a company with truly global exposures. It is also a company with a truly global risk management program.

"We take a lot of pride in having a centralized treasury function that serves more than 350 subsidiaries in 126 countries," says Jim Scurlock, senior manager of global cash management. "A good portion of the company's risk team is housed within central treasury." Microsoft's treasury function has been closely monitoring global risks for years. Still, recent geopolitical events—including the Great Recession, the Eurozone crisis, and the Arab Spring, as well as turmoil in Greece, Libya, Egypt, and other countries—led the company to look at enhancing its risk management programs. "As our treasurer often says, corporates tend to be prepared for the last crisis but not for the next crisis," Scurlock says.

The primary concern was that if financial markets in a country were to freeze without much warning, Microsoft might not be able to pay salaries, collect revenue from customers, or pay suppliers. "Each time there's a geopolitical event, treasury focuses in on ensuring that we have the right amount of cash in the country at the right time," Scurlock says. "Our goal is to minimize the impact of the event on Microsoft. We determined that our capital markets and risk management organization should more actively and continuously monitor the local cash balances of our subsidiaries. We also decided to minimize cash balances held in local accounts around the world, in order to reduce our exposure to counterparty and sovereign risks."

The global cash management team undertook several major initiatives simultaneously; among them are three automated solutions that, together, have brought local cash balances as close to zero as possible. One is a cross-border, multi-company zero-balance account (ZBA) structure that Microsoft developed with a key banking partner. The bank automatically sweeps all the company's collection accounts into 20 money centers and creates journal entries via a custom-built text-messaging system. Several hundred accounts companywide now end every day with a balance of zero. "This has been absolutely instrumental for us in ensuring that we have all the cash invested in our portfolio at the end of the day," Scurlock says. "It's also significantly reduced the counterparty risks we were incurring by holding cash locally."

Second, the Microsoft global cash management group worked with the company's other banks to set up an automated balance-sweep solution among multiple financial institutions. "We set up a target balance on each account, and when the account balance exceeds that number, it triggers an automated transaction via wire transfer," Scurlock explains. "This was a little bit tougher to set up than the ZBA structure; because the sweeps cross organizational lines, we had to go with a target balance and standing wire solution. Obviously, automation is critical in making this feasible."

The third solution, which allows the business to operate smoothly even as bank account balances hover near zero, is a payments-on-behalf-of (POBO) approach to global accounts payable. Instead of paying suppliers out of local bank accounts, the company now makes the majority of its payments from a centralized portfolio account in a single money center. "The POBO structure has been key for us because it saves us from having to wire hundreds of millions of dollars to subsidiaries' bank accounts around the world," Scurlock says.

Together, these three solutions enable Microsoft to maintain cash balances near zero in most of its bank accounts around the world. The company also moved about 100 bank accounts from riskier, smaller counterparties to large multinational institutions. "Reducing our local cash balances is directly correlated with reducing the risk we face in those countries," Scurlock says. "And by automating concentration of cash, our team has gained more time to focus on long-term initiatives and adding value to strategic projects, as opposed to focusing on transaction-level activities related to manual cash sweeping."

At the same time it was setting up the automated solutions, Microsoft's global cash management team developed a framework that assigns responsibility for monitoring global risks and developed a contingency action plan to guide treasury decisions when a risk is identified. Now at the end of every business day, risk management staff from various areas of treasury meet to review what's happening in the world. Capital markets staff and portfolio managers discuss the political and economic climate. The financial risk team reports on counterparty and sovereign risks. Cash operations and global cash management staff speak to the amount of cash on hand in affected regions. The enterprise risk management team pulls this information into a consolidated report for distribution to treasury and the broader finance leadership group.

When this process indicates that Microsoft should be concerned about a particular geopolitical situation, the contingency action plan defines steps that each affected group should take. The global cash management team monitors subsidiaries' local cash balances daily, as well as keeping close tabs on regulations, capital controls, and the banking systems. The foreign exchange group ensures that the company has sufficient currency to make payments that are due. Cash operations increases the frequency of sweeping cash from local accounts. Payroll and accounts payable work to establish just-in-time funding for items that can't be paid through the POBO structure, so that suppliers and local staff receive payments but the company doesn't have any excess liquidity in local accounts.

"As the teams notice that something might be happening in a specific country, we start looking at how we can limit our exposures there," Scurlock says. "We start accumulating a lot more information about that specific country. We follow the news closely, and we look at what the bond markets are doing. The bond markets are usually a pretty good indicator of what the markets are thinking in terms of riskiness."

These new processes were put to the test in Cyprus in 2012. "We had a good sense of what was going on, but all of a sudden the markets shut down for a significant amount of time," Scurlock recalls. "Since we had been proactive, our cash balances held in the country were almost zero when the crisis hit." But because of how quickly the markets changed, payroll was an issue. "We worked closely with our financial institutions so that when the markets did open temporarily, we quickly initiated payroll transactions in that window," Scurlock adds. "Because of our contingency framework, we had the right answers when our CEO and treasurer started asking questions about cash balances in Cyprus."

Scurlock emphasizes that developing and implementing the contingency framework was a cross-functional endeavor, involving teams from within and outside of treasury. He attributes the initiative's success to the support of Microsoft's treasurer and corporate vice president, George Zinn. "Once you have the company's finance leadership teams engaged, it's much easier to implement change across the company," Scurlock notes.

Throughout the initiative, the global cash management group was responsible for corralling all the different participants and putting in place specific project plans. Its leadership role in this project, as well as the automation of many tasks the group used to perform manually, have expanded the role of the cash management team as a strategic partner to the rest of Microsoft.

In fact, Scurlock advocates automating as much as possible. "But you have to be aware that automation can have a negative downstream impact on other groups," he says. "Make sure you're creating a long-term plan that works, not just for treasury but for your business partners as well. Meet with them, and discuss the pros and cons, with the goal of showing them what their value-add is. And as you work with other organizations, be sure to frame your argument in a way that makes clear that your project is not just in treasury's interests, but in the best interests of the company itself."

This approach has really paid off for the treasury function at Microsoft. "We have moved from being more transaction-focused to becoming very business-focused," Scurlock says. "Now, as Microsoft is pursuing new retail strategies, or cloud computing, or expanding into other new ventures, we can spend more time working with the business to deliver solutions, as opposed to manually monitoring the movement of cash."

Scurlock believes it's appropriate for the treasury function to be involved in a company's strategic decision-making. "Treasury, capital management, and liquidity are key for any organization," he says. "We see the company's funding needs from a comprehensive viewpoint. Treasury needs to be an active participant in a lot of the leadership conversations that happen. It's important to have treasury sitting at the table, serving on the various committees that are responsible for strategic planning, to help ensure that the company is making the right decisions."