Spurred by greater recognition of the numerous risks facing their organizations, many executives are turning to enterprise risk management (ERM). By identifying and assessing risks and then determining methods to control these risks, a company can gain a competitive advantage over its rivals, says Terry Campbell, managing director of the Global Risk Management Practice for Arthur J. Gallagher & Co.
“Companies that implement an effective enterprise risk management program will have a lower cost of risk than their peers, which will provide them an advantage in the cost of their products or services that leads to greater growth and profitability for these organizations,” says Campbell.
Smart Business spoke with Campbell about enterprise risk management, the benefits it can provide and how to go about implementing a program.
What is enterprise risk management?
While ERM has gained traction over the last several years, there is still significant confusion as to what ERM really is, how do you implement it within an organization and what the benefits are. These are questions faced every day by risk managers and brokers alike when asked if they should implement an enterprise risk management program. While ERM has become a buzzword within risk management and the activity level in this arena has increased, the question still remains among many risk management professionals: What is ERM? In the absence of a defined and consistent definition, ERM is a process that allows an organization to:
- Effectively identify its significant risks
- Assess each of these risks
- Determine methods for managing and controlling these risks
- Implement selected risk control techniques to manage the risks
- Monitor ongoing controls and make necessary modifications as needed
How can a company benefit from having an enterprise risk management program in place?
An ERM program provides awareness to stakeholders within a company and provides a view of risk across the entire enterprise. It also allows a company to develop common language for evaluating risk as well as identify interdependencies within the organization. Finally, an ERM program enables you to aggregate the amount of risk within the enterprise and formalize the risk levels you are willing to assume. While ERM is not mandatory, competitive forces will drive organizations in this direction.
What are the hurdles associated with starting an enterprise risk management program?
The first hurdle is determining what the concept of an ERM program really means within your organization. When embarking on an ERM study, cross-functional cooperation is imperative. Fears arise in the form of peers evaluating the performance of your business unit without understanding the intricacies of your operation. This can also lead to the concern of ‘turf grabbing’ by individuals. The time required to go through the ERM process is significant and requires a commitment of time by key members of your organization. Sometimes, this investment is difficult to secure when the value to the enterprise at inception is undetermined and unquantified.
What does the ERM process consist of?
- Understanding the risk appetite of your organization and its enterprise values
- Evaluating the goals of the process and making sure they align with the mission of the enterprise
- Identifying internal and external events that could impact your objectives
- Conducting analyses on the events that have the greatest likelihood of impacting the enterprise
- Determining the proper technique(s) for responding to risk whether that is avoidance, acceptance, reduction and/or sharing. Whatever action is undertaken it must align with the organizations tolerance to risk
- Establishing and implementing policies and procedures to ensure that risk responses are effectively carried out
- Effective communication should flow throughout (down/across/up) the enterprise.
TERRY CAMPBELL is the managing director of the Global Risk Management Practice for Arthur J. Gallagher & Co. Reach him at (818) 539-1383 or firstname.lastname@example.org.