From natural perils, market volatility and regulatory compliance to human nature and technology, the exposure to risk and uncertainty is embedded in everything we do.
But a risk-intelligent organization’s proactive approach to identifying, understanding and effectively managing risk makes the difference between creating value and jeopardizing success. It is crucial to be a risk-intelligent organization. Stakes are high, and losses can be catastrophic. Senior executives and board members are increasingly challenged to ensure that appropriate risk-assessment and risk-management practices are in place.
Beyond traditional risk management
Risk management is the process of planning, organizing, leading and controlling the activities of an organization to minimize the effects of risk on an organization’s capital and earnings. Enterprise risk management expands the traditional risk-management process to include the entire range of risk faced by the organization, not just the risks associated with accidental losses. The expanded concept of enterprise risk incorporates financial, strategic, hazard, operational and socio-political risks.
Based on this comprehensive approach to risk, enterprisewide risk management evolves an organization’s risk management capabilities from a fragmented, ad hoc and reactive process to an integrated, systematic and proactive approach to master business risks. This integrated risk management process enables the organization to better evaluate and prioritize its risks and make appropriate strategic decisions to manage these risks efficiently.
Enterprise risk management can be viewed as a comprehensive process that helps companies identify major risks and create consistent, enterprisewide solutions for dealing with those risks.
- Identifying relevant risk exposures faced by the organization
- Quantifying the risk exposures in terms of impact and likelihood
- Mapping and scoring the risk exposures to prioritize management action
- Establishing a company’s risk appetite given its overall corporate strategy
Developing a risk-management framework and implementing effective infrastructure and process
Enterprise risk management’s benefits
- Aligning risk appetite and strategy. Risk appetite is the degree of uncertainty an enterprise is willing to accept to reach its goals. Risk appetite is a key factor in evaluating strategic options. Enterprise risk management helps management consider risk appetite when setting goals that align with overall corporate strategy and manage risks related to that strategy.
- Linking growth, risk and returns. Enterprise risk management enhances the capacity to identify events and assess risks and then set risk tolerances consistent with growth and return objectives.
- Improving risk response. Enterprise risk management provides tools for identifying and selecting different risk responses, from acceptance and sharing to reduction or avoidance.
- Reducing operational surprises and losses. Enterprise risk management helps organizations recognize potential adverse events, assess risks and establish responses, thereby reducing surprises and related costs or losses.
- Managing enterprise-wide risks. Every organization faces multiple risks that affect different functions and operations. Enterprise risk management emphasizes the interrelated impact of risks and supports integrated solutions for managing them.
Enterprise risk management creates robust risk information, which allows management to deploy resources more effectively, thereby reducing overall capital requirements and improving capital allocations.
To determine if enterprise risk management is relevant to your organization, ask yourself four questions.
- What risks does your organization currently face?
- Who are your risk owners?
- What is the value of your risk-management investment?
- Have you evaluated nontraditional risk exposure?
Clearly, no risk management program, no matter how well designed and executed, can guarantee results. Nevertheless, adopting an enterprise risk management framework can bring significant benefits to an organization seeking to manage its risk exposures efficiently.
Robert Higgins, CPCU, ARM, ARMP, CRM, CIC, FRM, CRIS is a vice president with Schiff, Kreidler-Shell in its risk services department and has more than 25 years of experience in insurance and risk management. He is a graduate of the University of Kentucky and Xavier University’s MBA program. Reach him at (513) 977-3188 or http://[email protected].