Every organization is faced with risks and needs to practice some form of risk management in order to maintain the health of the entity. Many take a traditional approach, where risk is managed in silos, with each leader of a business unit (sales, operations, finance, HR, etc.) responsible for managing the risks that fall within his or her area of responsibility.
However, this traditional approach has its limitations. Trends such as globalization and evolving regulation are increasing risks, their complexity and potential impact on organizations. We see more and more companies embracing Enterprise Risk Management (ERM), which takes a holistic approach to risk by looking at all risks across the organization.
Our series, “Taking a Closer Look: Enterprise Risk Management” will explain what ERM is, its value to the organization, how it differs from traditional risk management and how it works.
So, what exactly is ERM?
ERM is a strategic discipline that allows businesses to manage all threats and opportunities throughout every unit and level of the enterprise. Its objective is to provide a top-down, portfolio view that identifies the most critical risks to the accomplishment of the organization’s most important goals. ERM centralizes the management of risk and is driven by an executive risk management committee.
Taking a portfolio view (versus a silo one), ERM contemplates every type of risk exposure that the organization faces; analyzes how various risks relate to one another; and determines if there are areas of the organization with significant concentrations of risk. The ERM approach considers:
- Internal risks such as potential investment losses, equipment breakdowns, forecasting errors or strategic misjudgments;
- Externally generated risks, such as credit rating downgrades, regulatory changes or bad press;
- The interests of the broad range of stakeholders in the organization: shareholders, the board of directors, employees, regulators, lenders, customers and suppliers.
This holistic approach to risk enables organizations to optimally prioritize risks and allocate resources to manage the exposures. It can also surface significant risks that might have been overlooked by the use of traditional risk management practices.
How is this accomplished? ERM applies a structured process or, framework, to the management of risk. The ERM framework is an ongoing process that consists of: strategy and objective setting, risk identification, risk assessment, risk response, and monitoring. The ERM framework addresses such items as the interaction of the executive risk management committee with the staff who are identifying risks; the criteria for measuring likelihood and impact of risks; and the design of questionnaires, workshops and other methods of identifying risks.
With a solid ERM program in place, you can improve the quality of both internal and external customer service, protect your financial and human capital resources, and safeguard your organization’s valuable reputation.
Contact us about the competitive advantage of ERM.
In our next post in this series, we’ll delve into the key components of establishing an ERM process.