In an increasingly complex business
world, the need to effectively balance
risk is greater than ever. Myriad changes in the business environment, including
advances in technology, globalization and
the accelerated pace of conducting commerce, have all contributed to the growing
number and complexity of risks.
Spurred by greater recognition of the
numerous risks facing their organizations,
many executives are turning to enterprise
risk management (ERM). By identifying
and assessing risks and then determining
methods to control these risks, a company
can gain a competitive advantage over its
rivals, says Terry Campbell, managing
director of the Global Risk Management
Practice for Arthur J. Gallagher & Co.
“Companies that implement an effective
enterprise risk management program will
have a lower cost of risk than their peers,
which will provide them an advantage in
the cost of their products or services that
leads to greater growth and profitability for
these organizations,” says Campbell.
Smart Business spoke with Campbell
about enterprise risk management, the
benefits it can provide and how to go about
implementing a program.
What is enterprise risk management?
While ERM has gained traction over the
last several years, there is still significant
confusion as to what ERM really is, how do
you implement it within an organization
and what the benefits are. These are questions faced every day by risk managers and
brokers alike when asked if they should
implement an enterprise risk management
program. While ERM has become a buzzword within risk management and the
activity level in this arena has increased,
the question still remains among many risk
management professionals: What is ERM?
In the absence of a defined and consistent
definition, ERM is a process that allows an
organization to:
- Effectively identify its significant risks
- Assess each of these risks
- Determine methods for managing and controlling these risks
- Implement selected risk control techniques to manage the risks
- Monitor ongoing controls and make
necessary modifications as needed
How can a company benefit from having an
enterprise risk management program in
place?
An ERM program provides awareness to
stakeholders within a company and provides a view of risk across the entire enterprise. It also allows a company to develop
common language for evaluating risk as
well as identify interdependencies within
the organization. Finally, an ERM program
enables you to aggregate the amount of
risk within the enterprise and formalize the
risk levels you are willing to assume. While
ERM is not mandatory, competitive forces
will drive organizations in this direction.
What are the hurdles associated with starting
an enterprise risk management program?
The first hurdle is determining what the
concept of an ERM program really means
within your organization. When embarking
on an ERM study, cross-functional cooperation is imperative. Fears arise in the form of peers evaluating the performance of
your business unit without understanding
the intricacies of your operation. This can
also lead to the concern of ‘turf grabbing’
by individuals. The time required to go
through the ERM process is significant and
requires a commitment of time by key
members of your organization. Sometimes,
this investment is difficult to secure when
the value to the enterprise at inception is
undetermined and unquantified.
What does the ERM process consist of?
- Understanding the risk appetite of your
organization and its enterprise values - Evaluating the goals of the process and
making sure they align with the mission of
the enterprise - Identifying internal and external events
that could impact your objectives - Conducting analyses on the events that
have the greatest likelihood of impacting
the enterprise - Determining the proper technique(s)
for responding to risk whether that is
avoidance, acceptance, reduction and/or
sharing. Whatever action is undertaken it
must align with the organizations tolerance
to risk - Establishing and implementing policies and procedures to ensure that risk
responses are effectively carried out - Effective communication should flow
throughout (down/across/up) the enterprise.
TERRY CAMPBELL is the managing director of the Global Risk
Management Practice for Arthur J. Gallagher & Co. Reach him at
(818) 539-1383 or [email protected].
