Organizations across all industries are implementing some form of Enterprise Risk Management (ERM), because ERM can provide significant value to the strategic development and execution of business plans.
Many organizations struggle with implementing ERM and identifying how, and at what level, to integrate ERM into the business. Managers often indicate they are already aware of the relevant risks for their respective areas of the business. In these situations, what value does ERM provide, and how does it enable any better perspective or management of risks and risk data?
What is ERM?
ERM is a process which is:
• Effected by the entity’s board of directors, management and other personnel.
• Applied in strategy-setting and across the enterprise.
• Designed to identify potential events that may affect the entity, and manage risk within the risk appetite and/or risk tolerance.
• Implemented to provide reasonable assurance regarding mitigation, avoidance, and management of risk factors and circumstances, as well as promote opportunities to capitalize on risk events and thresholds.
Five Key Benefits
The most impact and recognition of value is often perceived more at the executive and director levels, than other layers of management. Five key benefits and values from ERM include:
• Increased consistency and communication of risks within the organization
• Enhanced reporting and analysis of corporate risks (risk data)
• Improved focus, attention and perspective to risk data
• More efficient and effective activities related to regulatory, compliance and audit matters
• More cost-effective management and monitoring of risks
Increased Consistency and Communication ERM provides a standard terminology and conceptual framework for all members and departments in the organization. This consistency and commonality provides improved opportunities for communication and coordination among various layers and departments.
In addition, communication regarding risk is often lacking within organizations due to concerns of confidentiality, propriety and job security. As a result, data and information relative to strategic risks, and risks to achievement of corporate objectives and plans, are not shared across department lines.
Enhanced Reporting Implementing ERM supports better structure, reporting and analysis of risks. Risk “dashboards,” consolidating risks across the entire enterprise, increase the focus of directors and executives, enabling better decisions relative to risk thresholds, risk appetite and risk tolerance. The reporting, therefore, has better categorization and classification of risk data, allowing various types of reporting (department vs. entity-wide, financial vs. compliance, high vs. low risk, quantitative vs. qualitative factors, etc.).
Ultimately, the greatest overall value from ERM and related reporting is the timeliness, conciseness, and flexibility, which facilitate improved decision making capabilities within the executive and director levels, and in other layers of management.
ERM helps “unlock” synergies and potential for increased analysis and assessment of risks by aggregating and sharing all corporate risk data and factors, and evaluating them on a consolidated basis.
Improved Focus and Perspective of Risk Data Utilizing ERM methodologies and techniques provides a means to further identify and assess key performance indicators regarding risks. This allows a method to “measure” and better quantify risk factors and tolerances. The use of key metrics and measurements of risk further improve the value of reporting and analysis.
ERM models also permit more effective and complete viewpoints of risk. Traditional risk practices focus on risk from a perspective of mitigation, acceptance or avoidance. However, effective ERM processes will give management a framework in which to evaluate risk as an opportunity to increase competitive positions and exploit certain market, operational and related conditions.
More Efficient Coordination of Regulatory and Compliance Matters Bond rating agencies, financial statement auditors, regulatory examiners and other audit activities (including internal audit) have begun to inquire, test, and often leverage and utilize monitoring and reporting data from ERM programs. Since ERM data involves identifying and monitoring controls and mitigations relevant to various risks across the organization, this information can provide an effective means for leveraging and reducing the effort and cost of such audits and reviews.
Cost Effective Management of Risk Through all of the benefits noted above, ERM enables better cost management and cost effectiveness related to audit activities; better management of market, competitive and economic conditions; and increased leverage and consolidation of disparate risk management functions.
Organizations can use ERM data and reporting to more effectively coordinate with investment custodians, better manage capital/investment decisions and make more timely decisions regarding hedging instruments. By potentially reducing the overall cost of risk management processes, reducing audit costs or minimizing resources needed for regulatory responses, and streamlining monitoring and reporting functions, ERM has the capability to reduce the cost of the existing processes and functions for these respective components within the organization.
To search the archive of Perspectives articles, go to the Search page