As a society or organization, we need to take risks to grow and develop. From energy to infrastructure, supply chains to airport security, hospitals to housing, effectively managed risks help societies and organizations sustainably grow and achieve objectives. In our fast-paced world, the risks we have to manage evolve quickly.
Enterprise risk management (ERM) involves understanding, analyzing, and addressing risk to make sure organizations achieve their objectives.
ERM includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives.
The risk management process involves:
1. Establishing Context: This includes an understanding of the current conditions in which the organization operates on an internal, external and risk management context.
2. Identifying Risks: Includes the documentation of the material threats to the organization’s achievement of its objectives and the representation of areas that the organization may exploit for competitive advantage.
3. Analyzing/Quantifying Risks: Includes the calibration and, if possible, creation of probability distributions of outcomes for each material risk.
4. Integrating Risks: Includes the aggregation of all risk distributions, reflecting correlations and portfolio effects, and the formulation of the results in terms of impact on the organization’s key performance metrics.
5. Assessing/Prioritizing Risks: Includes the determination of the contribution of each risk to the aggregate risk profile.
6. Treating/Exploiting Risks: Includes the development of strategies for controlling and exploiting the various risks.
7. Monitoring and Reviewing: Includes the continual measurement and monitoring of the risk environment and the performance of the risk management strategies.
The primary risk functions in organizations that may participate in an ERM program typically include:
a) Strategic planning – identifies external threats and competitive opportunities, along with strategic initiatives to address them.
b) Marketing – understands the target customer to ensure product/service alignment with customer requirements.
c) Compliance & Ethics – monitors compliance with code of conduct and directs fraud investigations.
d) Accounting / Financial compliance – directs the Sarbanes–Oxley Section 302 and 404 assessments, which identifies financial reporting risks.
e) Operational Quality Assurance – verifies operational output is within tolerances.
f) Operations management – ensures the business runs day-to-day and that related barriers are surfaced for resolution.
g) Customer service – ensures customer complaints are handled promptly and root causes are reported to operations for resolution.
h) Corporate Security – identifies, evaluates, and mitigates risks posed by physical and information security threats.
