The paper said there was an "apparent failure to develop and reward internal risk management competencies. From the board room to the trading floor, individuals on the front line who were taking--and trading in--these risks ostensibly were rewarded for short-term profit alone."

Finally, the report said, there was a failure to "use enterprise risk management to inform management's decision-making for both risk-taking and risk-avoiding decisions."

Robert P. Hartwig, president of the Insurance Information Institute in New York, recently criticized current enterprise risk management frameworks in elements of the financial services sector.

He said in an e-mail, "The financial crisis is the result of a failure of risk management in the banking and securities markets on a colossal scale."

Mr. Hartwig said that "very fundamental and tough questions about the practice of risk management worldwide must be asked and answered. How did so many major, allegedly sophisticated financial players miss or overlook such huge, systemic exposures? What other shoes might yet be left to drop? How can we prevent this from ever happening again?"

Ms. Fox, who is senior director, risk management of Convergys Corp. said that to be effective, ERM must "fundamentally change the ways organizations think about risk."

When ERM becomes part of the "DNA of a company's culture, the warning signs of a market gone astray cannot go unseen so easily." She said that "when designed and implemented systemically, ERM can change future outcomes. When it's practiced fully, ERM enables overall business performance."

She explained that many financial organizations:

o Failed to adopt an ERM culture.

o Failed to embrace and demonstrate appropriate ERM behaviors.

o Failed to develop and reward internal risk management competencies.

o Failed to use ERM to inform management decision-making in both taking and avoiding risks.

She noted that RIMS believes the financial crisis is a "call to action," adding that the financial crisis makes an even stronger case for ERM.

"We consider this white paper an imperative and wakeup call." To "prevent another financial catastrophe," she said, "now is the time to consider implementing an ERM program--or work feverishly to improve the one you have."

Ms. Fox said that risk practitioners should take away the following key points:

o Use models judiciously, by paying attention to improbable events and questioning the underlying assumptions.

o Recognize that compliance and controls are important components of ERM but are not replacements for it.

o Set risk tolerance thresholds at levels that are expected to be breached, in order to force escalation and conversations at the appropriate levels.

o Reward risk management competencies as well as results.

o Advocate that ERM must be part of the culture throughout the organization.

She pointed out that RIMS is positioned to help drive leadership competencies with its Risk Maturity Model and other tools.

Ms. Fox also said that not all organizations failed in their ERM processes and that ERM made a difference for Goldman Sachs.

"When they started seeing deviations from their expected outcomes," she said, the company "began to look deeply at risks and, as a result, in 2006 began to pull back from these mortgage securities."

She said in the Webinar, "At a time when everyone else was jumping in, they were actually taking a reverse position than most of the market, which helped them to be one of the companies that was most resilient."

When reviewing their governance infrastructure, she said, companies need to be sure they have "authorized escalation points outside of the normal reporting" and ways to make sure important information gets to the board or decision-makers.