Balance exposure to strategic objectives.
Many companies are skeptical about the value of enterprise risk management (ERM), questioning whether the results will justify its cost, effort and the challenges involved.
ERM encourages top management and boards to foster and embrace a risk-aware culture that supports communication across every level of the organization and allows employees to identify, assess and communicate risk exposure.
A successful program has to capitalize on synergies between risk exposure and achieving strategic and operational objectives. This requires an effective level of communication across the enterprise and the identification of risk owners. Many companies have implemented reporting systems for allegations concerning harassment, discrimination and illegal activity. Similar reporting systems would identify potential operational or financial risks.
There is no one right way to implement ERM, and a company needs to tailor programs to its industry, strategic plan and internal needs. Integration reduces the likelihood that risks become trapped in silos and are underappreciated.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO), established in the US to provide thought leadership to executive management on critical governance issues, set up an ERM framework focusing on these interrelated components: internal environment; objective setting; event identification; risk assessment; risk response; control activities; information and communication; and monitoring
A company can’t accurately assess its risk profile without a comprehensive understanding of the regulatory environment in which it operates. ERM helps with regulatory compliance, reduces the impact of certain compliance failures, and produces other external benefits.
Like most initiatives, ERM does have costs and implementation challenges. Its cost may be viewed as another layer of administrative expense that increases overhead and negatively impacts the bottom line. Companies may need additional personnel and resources. Some, however, retain outside consultants to design their ERM programs and address related needs. Be aware of the potential costs and factor them into the cost-benefit analysis.
Challenges and benifits
ERM may also be viewed as additional “busy work” that distracts managers from their primary responsibility – running the business. Actually, it’s a task that boards, managers and employees should already be undertaking. An ERM is simply a more disciplined and effective way to perform that work.
Another issue is the effect it might have on innovation. A pure risk identification and mitigation approach to ERM might suggest that companies forgo valuable, yet risky, opportunities, becoming too risk averse. In fact, companies should use ERM to reduce barriers to innovation and foster projects within their appetite for risk.
ERM has received mixed reviews regarding its impact on the bottom line. Some companies get lost in the process, almost paralyzed by the information output. The value comes from understanding objectives and designing a program that minimizes barriers to the company’s forward trajectory.
Companies should not undertake an ERM program half-heartedly. Executed properly, it increases the flow of risk information and leads to better-informed decisions, greater consensus, and better communication for better management overall.
This article is adapted from a report written by Michelle Harner titled, The Potential Cost and Value of ERM, on behalf the of Conference Board, a US-based global research association. Download the report at http://www.conferenceboard.ca/e-library/abstract.aspx?did=5386.
Comments? E-mail firstname.lastname@example.org.
This article appears in the April 2013 edition of PLANT.