The Global Financial Crisis taught us the importance of robust risk management practices in identifying and addressing issues that have the potential to impact on overall business objectives. Many organizations have implemented risk management programs, however a significant proportion of these have yet to realize the benefits of upgrading their programs to best-practice Enterprise Risk Management.
What’s the problem with traditional risk management programs?
Historically, risk management has tended to focus only on the negative – how do we identify what might go wrong? How bad will things get if it does? How can we stop it?
Another feature of old-fashioned risk management has been the tendency for it to be “siloed”, with each section of an organization having its own approach to managing risk.
Modern, best practice Enterprise Risk Management has moved contemporary risk management programs and thinking beyond these limitations.
Why is Enterprise Risk Management better?
Enterprise Risk Management (also known as ERM) has a range of benefits for contemporary businesses:
- ERM achieves efficiencies across the whole of the organization by integrating a common approach throughout all functional areas.
- ERM avoids the pitfall of concentrating on minor risks (such as slip hazards) at the expense of big picture risks (such as failure of critical infrastructure).
- ERM captures the positive side of risk management, by also considering opportunities for new services, process efficiencies, improved methods of service delivery etc.
What strategies assist adoption of Enterprise Risk Management?
QRMC frequently assists organizations to develop or expand their risk management programs to embrace Enterprise Risk Management. Our experience suggests that useful strategies to successfully move to Enterprise Risk Management include:
- Strong committed, visible leadership.
- Recognizing that risk management is an ongoing (not once-off) process.
- Treating risk management as a tool to achieve business objectives, not as a compliance exercise.
- Extensive consultation with, and training of, personnel (at all levels).
- Consistently integrating ERM across all systems and functional areas within the organization.
Special considerations for business or department amalgamation
A regular feature of contemporary business is the process of amalgamation, either of existing segments of an organization, or of one business with a completely independent second business (M&A).
Determining the business objectives of a new organization formed in this way is not always a straightforward exercise. The clarity provided by the risk management process greatly assists this determination.
However, amalgamation poses particular difficulties when it comes to the risk management program:
There are often difficulties involved in assimilating risk-related information from different sources, produced using different methods.
Amalgamation poses the threat of extending the commonly experienced problem of risk management “silos” (as mentioned above) even further by creating silos based on the original business or department entities.
On the positive side, these difficulties present an opportunity to reach solutions by upgrading existing risk management systems to Enterprise Risk Management. Moving the new entity to Enterprise Risk Management provides opportunities to:
Clearly identify the objectives of the new entity, and what risks and opportunities exist in achieving these objectives.
Break down barriers and foster a new organization-wide approach to risk management and the determination of uniform risk appetite.
Risk management as a discipline has proven its value over time. Now businesses can extend this value even further by upgrading to Enterprise Risk Management.
For more information on Enterprise Risk Management, safety management, business continuity management and management systems, contact us. We are experts in providing independent and objective facilitation of the process of upgrading or developing new Enterprise Risk Management programs. You can also access other informative articles on our News page dealing with Enterprise Risk Management, as well as newsletters downloadable from our Publications page covering Enterprise Risk Management issues.