Enterprise Risk Management
External stakeholders – including rating agencies – are explicitly taking into account the effectiveness of a company’s enterprise risk management (ERM) in their evaluations. This fact alone makes the need for ERM very tangible. But there is much more. Using a systematic approach to identify and understand threats to the organization will result in better planning, decision making and governance. Assigning employees at all levels distinct responsibility for addressing risk and giving them the tools to do so will result in more consistent execution of those plans and decisions. Systematic processes to measure and mitigate risk can help reduce costs by lowering the likelihood and impact of unforeseen loss events and volatility of results. In the final analysis, an effective ERM program extends beyond loss management and risk financing to the creation of value by helping an organization better assess and capitalize on opportunities.
-
Most popular related searches
What is ERM?
The purpose of enterprise risk management is to manage risk consistently and constructively across an organization’s functions and business units. To accomplish this, ERM typically incorporates the following components.
- Agreed risk management goals, objectives and metrics.
- Assignment of roles and responsibilities for managing risk.
- Board-level policy setting concerning risk appetite and risk tolerance.
- Thorough communications about risk issues up and down the organizational hierarchy.
- A consistent, ongoing approach to identifying and evaluating risk.
- A better balance of risk and reward in decision-making.
- Development of risk mitigation action plans at all appropriate levels.
- An efficient structure to embed risk awareness, processes and common terminology throughout the organization.
Implementing ERM
It is not uncommon to find well intentioned enterprise risk management programs launched with all the requisite senior level support and funding gradually deteriorate over time into form-filling exercises. In order to achieve sustainable success that consistently delivers value, ERM implementation should include:
- Risk assessment processes robust enough to regularly surface unknown or emerging risks
- Incremental rather than all-at-once implementation
- Going beyond qualitative risk assessment to quantitative measurement where appropriate
- Securing ownership and buy-in of ERM at the operational level
- Linking the measurement of risk, particularly in qualitative risk assessments, directly to the critical variables that most affect the organization’s performance, as further explained below
Connecting To The Organization’s Key Performance Indicators
Assessing the likelihood of losses and their impact on your organization’s performance indicators directly connects each risk to strategic and business unit planning and ultimately to business unit budgeting. This establishes ERM’s immediate relevancy to decision making in a very clear and meaningful way.
Once risks are assessed in relation to key performance indicators, decision makers can see the causes of performance volatility deserving the most attention.
This page includes an illustration of risk assessment output relating to two key performance indicators (price competitiveness and supply chain continuity). Individually rated risk scenarios are measured against the risk tolerance for each. Risk scenarios that are above the tolerance level require priority attention in business planning and budgeting.
Customer reviews
No reviews were found for Enterprise Risk Management. Be the first to review!