Risk Management is an increasingly important business driver and stakeholders are becoming increasingly concerned about the way corporate risks are managed.
Enterprise Risk Management (ERM) is a rigorous and co-ordinated approach to managing all key business risks and opportunities of an organization with the intention of maximizing stakeholder value. ERM is concerned with the reduction of risks but also with maximizing the return of the opportunities that arise.
ERM involves the:
- Identification and evaluation of significant risks
- Assignment of ownership (and responsibility) of risks
- Management of risks within the risk appetite of the organization.
The output of ERM includes the provision of information to management in a way that:
- Improves business decisions
- Reduces uncertainty
- Provides reasonable assurance regarding the achievement of corporate objectives.
The impact of ERM is to:
- Improve efficiency
- Improve allocation of resources
- Increase stakeholder value
- Enhance risk reporting to stakeholders.
The benefits of ERM are:
- Financial:
-
- Reduced cost of funding and capital
- Better control of CapEx approval
- Increased profitability
- Accurate risk reporting
- Enhanced corporate governance
- Infrastructure:
-
- Operational efficiency
- Achievement of the “State of No Disruption”
- Improve of supplier and staff morale
- Targeted risk and cost reduction
- Reduced operating costs
- Reputational:
-
- Good reputation and publicity – Improved perception of the organization
- Regulators satisfied
- Improved utilization of corporate brand
- Marketplace:
-
- Commercial opportunities maximized
- Higher ratio of business success
- Lower ration of business disasters
Different organizations have different attitudes to risk. Some are risk averse and some others are risk aggressive. To an extent, that depends on:
- The sector of the economy they operate in
- Their positioning within their sector
- The maturity of the organization
- The attitude of the individual board members.
Successful ERM initiatives involve all departments, units and levels of an organization. Even more, they all have the following common characteristics.
They are:
- Proportionate to the level of risk the organization faces
- Aligned with the other activities of the organization
- Comprehensive in nature and extend within the organization
- Embedded within the daily activities of the organization, and they are
- Dynamic and responsive to emerging and changing risks.
Very important elements of implementing a successful ERM initiative are:
- The “tone from the top”, and
- The prevailing risk culture within the organization.
The global financial crisis in 2008 demonstrated the importance of adequate risk management.
It also demonstrated the importance of having comprehensive and fully stated corporate objectives and that, even then, the objectives themselves need to be challenged and the assumptions on which they are based should be rigorously tested, as part of the ERM process.