But ERM is a relatively new concept and a challenging undertaking for any institution. "Part of the challenge here is to understand what people mean by enterprise risk management," says Sandeep Vishnu, a senior manager in risk practice for McLean, Va.-based BearingPoint.
As a result, the jury is still out as to where banks are along the road to ERM. While some call it just a developing concept, others insist that it's a necessity and that banks that are not pursuing ERM are at a competitive disadvantage.
"It's absolutely a reality," says Virginia Garcia, global strategist for risk management at Brookfield, Wis.-based Fiserv. But, "It's all a matter of how you define it."
Even regulators have weighed in on the subject. During an April speech at an ERM roundtable at North Carolina State University, Federal Reserve Gov. Susan Schmidt Bies defined ERM as "a process that enables management to effectively deal with uncertainty and associated risk and opportunity, enhancing the capacity to build stakeholder value."
According to Guillermo Kopp, VP of TowerGroup's (Needham, Mass.) cross-industry practice, ERM is about integrating different types of risk as well as different products throughout an organization. It includes policies, technology solutions and IT infrastructure, he says.
"ERM is a pervasive process discipline; it's not necessarily a single technology that delivers immediate results," Fiserv's Garcia says. "That's really where a lot of the confusion comes into play."
IBM's Rosenoer, however, seems to define ERM more narrowly, adding to the potential confusion. "It's not clear that anybody has actually implemented an enterprisewide risk management system," he counters. "It's still in the design stage -- still in the stage of pulling these systems together."
Regardless, improving risk management is a top priority for financial institutions. According to TowerGroup's Kopp, banks' spending on risk management solutions will rise at a rate of 5.3 percent a year through 2009. Currently, 60 percent of that spending, or $12 billion globally in 2005, is on third-party solutions. But, Kopp notes, the percentage of spending on vendor products is on the rise. Not surprisingly, the functionality provided by vendor offerings reflects the industry's changing view of risk.