Enterprise Risk Management Manifesto

Enterprise Risk Management - risk matrixEnterprise Risk Management is now finding its place in creating strategic value.

Traditionally confined to either loss control in the realm of commercial insurance, or financial controls and audit, enterprise risk management has now taken an evolutionary step to encompass the entire spectrum of strategic and operational risk.

Risk has gained, in recent years, a high profile in the public mind, as waves of corporate malfeasance, natural disaster, security threats and economic meltdown have rocked the foundations of organizations in all sectors, and created profound distrust among stakeholders. ERM implementation is now proving its value as conventional risk management duties expand to embrace strategic planning and innovation.

One recent tell-tale sign: the title of this fall’s RIMS ERM Conference, November 1-3, 2011, San Diego, is “Where risk meets innovation”. Enterprise risk management signifies examining strategic direction, asserting values, and scrutinizing operational processes to support innovative change. The RIMS online course Creating Value: Risk Manager as Innovator pursues this agenda.

Here is a closer look at the business drivers by sector.

Key drivers of Enterprise Risk Management

PRIVATE COMPANIES – Excellence in corporate risk management and governance is now essential. Standard & Poor’s has extended Enterprise Risk Management criteria to all private companies.

GOVERNMENTS AND PUBLIC SECTOR INSTITUTIONS – Accountability must be demonstrated to gain the trust of constituents. Complex public policy issues, with multiple stakeholders and conflicting agendas, demand a transparent decision process.

POST-SECONDARY EDUCATION – Increasing complexity in administration and academic programs require a structured decision-making methodology. The enterprise risk management framework brings diverse expert views into harmony around common aims.

What does successful ERM look like?

Examples of successful ERM implementation each look somewhat unique, just as organizational cultures are always different. A formal planning process can give a suitable framework to identify risk. Yet planning can be ad hoc in the first place, which in itself is a risk.

Many will begin with formal policies and elaborate frameworks, before even understanding the core process. One wonders a little too late: how to do risk assessment? The most effective way to start ERM is to conduct trial risk analysis on a key plan, project or operational process. The method, done properly, will help to break down business dilemmas, identify barriers to successful implementation, and move the plans and projects forward. Once proven in pilot, this method can be replicated in an incremental way across your organization. Therefore the first key to adding value with risk assessment is to use it to help people reach business solutions.

Risk assessment – best practice

The use of a comprehensive risk identification process is crucial. You will agree that, despite the fact that reports and analysis can look sound and insurance policies are in place:

  • class action claims still happen
  • expensive projects still fail
  • competitors can still destroy your markets

Yet such eventualities are discernible in a comprehensive risk ID process. This means using a multi-disciplinary round table and a systematic future scenario methodology.

While managing a risk financing portfolio or hedging against systemic risks constitute good treatments, ERM demands the upstream deployment of effective risk assessment, both in strategy and operations, to help ensure the organization achieves its goals.

[Revised. Originally published 17 November 2008.]

If you enjoyed this post, make sure you subscribe to my RSS feed!

Tags: , , ,

Leave a Reply

Name required

Mail (will not be published) required