In today’s global economy, companies face numerous threats geopolitical instability, supply chain interruption, ever-changing legislation, uncertain economies, tighter credit markets and transformative technologies each present a formidable challenge to today’s businesses.
However, by establishing effective enterprise risk management (ERM) processes, organizations can mitigate risks and identify new opportunities for growth.
“Enterprise risk management is a dynamic, complex process,” says Harry Cendrowski, the managing director of Cendrowski Corporate Advisors. “In order for risk mitigation to occur, all components of this process must work in concert with one another.”
Smart Business learned more from Cendrowski about ERM and how it can assist businesses in mitigating risks.
What are the essential components of ERM processes?
There are numerous components of ERM processes that must be in place in order for effective risk mitigation to occur:
- A culture of risk awareness
- Clear communication of a corporate risk/reward strategy
- Active risk event identification
- Continuous assessment of risks
- Timely response to identified risks
- Sound data collection and communication procedures
- Monitoring functions that ensure risks are being properly managed
Each of these components is critical to risk management processes: an ERM process is only as good as its weakest element.
How can organizations institute a culture of risk awareness?
Culture itself is not something that can be instituted it is largely a byproduct of management’s actions. Management must set a proper tone at the top that rewards employees for their awareness of risks rather than punishes them for bringing risks to the forefront.
Channels must also exist for employees to bring potential risks directly to the attention of management. This is often a challenge for many organizations channels of communication frequently flow downward, but less frequently upward.
For companies with boards of directors, these individuals can help ensure management’s actions promote a culture of risk awareness. While the board itself is not responsible for an organization’s day-to-day operations, it is responsible for ensuring management carries out the company’s strategic vision and adheres to an established risk management policy.
What do you mean by clear communication of a corporate risk/reward strategy?
Every organization should have a strategy that specifies its beliefs regarding appropriate risks.
This strategy should be developed by management in conjunction with the board; however, it must be communicated to members of the organization at all levels in order for them to act in accordance with this strategy.
Communication of this strategy requires management to do more than circulate a memorandum regarding the strategy; it requires that they demonstrate adherence to the strategy through their actions and decisions.
How can risks best be identified and assessed?
While high-level executives are often tasked with managing organizational risks, it is important that employees of all levels participate in risk identification and assessment processes. Employees are on the front lines, and may see organizational risks differently than their managers. Including employees in the risk identification and assessment processes can help executives obtain a full and complete perspective of identified risks.
One important point, however, is that executives may want to meet with managers and employees separately in order to foster more candid dialogue and discussion.
Who monitors the risk management process?
Monitoring is a key component of an ERM process, and requires involvement from employees, managers, executives, and board members. In brief, all members of the organization at all levels must be involved in monitoring activities.
Using such a comprehensive approach to monitoring assists those managing ERM processes to more clearly understand any gaps that exist between risk management plans and execution.
It also helps individuals take ownership of the ERM process by empowering them through the oversight process.