Managing risks is a normal part of running a business. Your company no doubt invests significant effort to manage the risks it faces. Your company may be using what is called ‘enterprise risk management’, perhaps it follows traditional risk management - more likely, it is somewhere between the two. So, what is ‘enterprise risk management’, or ‘ERM’ and how is it an improvement over traditional risk management? Traditional risk management takes a silo approach allowing each department or business unit to manage its own risks. This creates a number of problems that can be summarized as lacking four C’s:
- Consistency
- Completeness
- Collaboration
- Communication
These deficiencies have long been recognized by key risk management experts, and several guidelines have been written to address them, most notably ISO 31000 1 and COSO 2 . The first versions of these guidelines focused too much on adhering to processes rather than creating and preserving value, but this is now at least partially addressed by the latest versions of the guidelines. The ‘enterprise’ in Enterprise Risk Management can be thought of as referring to four objectives discussed below.
Complete understanding of risks
Each manager, from the CEO right down through the management structure of the enterprise, fully understands the risks (and opportunities) that can impact the part of the business for which they are responsible.
Consistent evaluation of risks
The evaluation of these risks is based on a methodology that is consistent throughout the enterprise and allows the portfolio of risks to be aggregated up through the entity structure of the enterprise.
Coordinated management of risks
The control and mitigation strategies for these risks are coordinated across the enterprise and seek to protect and enhance the value of the enterprise, not just one element of the business.
Shared responsibility for risk
The responsibility for executing the risk management plan is shared appropriately amongst the employees of the enterprise. In essence, employees work as a team. Risk (and opportunity) identification, assessment, management and communication is a shared responsibility and an integral part of the enterprise’s culture.
Customers are surprised how cost-effective Pelican really is.
Let us surprise you too.
Contact usWhy implement enterprise risk management?
The Second Law of Thermodynamics describes how everything in the universe moves from order to chaos unless effort is put in to create or maintain order. Drop a glass and it will turn into unusable pieces but drop the pieces and you won’t get the glass back. Disorder (called entropy in physics) is closely related to probability. A system has a small probability of coming together in an orderly fashion because there are so few orderly (helpful) arrangements and so many equally likely disorderly (unhelpful) ones. This law neatly describes the nature of risk.
It explains why plans rarely work out the way we hope. Left to chance, random events will almost always reduce rather than increase our accomplishments. Risk management is the means we have to tame the chaotic nature of the universe! Pelican helps us work out the best risk management strategy, and then operationalize and maintain that strategy.
Compliance
Responding to, and demonstrating adherence to, externally imposed corporate governance guidelines regarding risk identification, disclosure, management, and monitoring.
Survival
Anticipating and devising methods to control exposure to risks that can threaten the company’s strategic objectives
Harmonization and coordination
Bringing together and optimizing the management of risk by different internal silos, sharing knowledge about risk issues, eliminating risk-taking that is inconsistent with the entity’s risk appetite, improving communication and assigning responsibility for risk management activities
Exploiting opportunities and creating value
Taking calculated risks for higher rewards, reducing risk management costs by cutting out redundant controls, flattening risk-reward profiles across investments and exploiting the shared benefits of risk management actions.