ERM remains a strategic process best implemented by integrating the disciplines of risk, strategy, and change management
Traditionally risk management was a “silo” approach, with risks often being managed in isolation without cognisance of how particular risk responses might affect other parts of the organisation or its strategy. ERM set out to strategically consider the interdependent effects of diverse risk events with the objective of balancing the organisation’s portfolio of risks to remain within the risk appetite of the stakeholders. The originally stated purpose of ERM was to increase the likelihood that strategic objectives would be met and that shareholder value would be sustained and improved. However, research has shown that many organizations, engaged in some form of ERM, initially launched their ERM efforts only in order to comply with SOX, new legislation, and other environmental pressures.
A survey by the Risk and Insurance Management Society (RIMS) survey found that 65% of businesses surveyed had, by 2008, begun or planned to implement a strategic risk management process.
Consequently, leading boards and senior executives are working to shift their ERM approach from a compliance focus to a strategic focus. They are back to the recognition that ERM is directly related to strategy setting. Further, to create value, ERM must also be integrated and directly connected to the strategy implementation and execution process.
Increasingly, boards are being held to account for strengthening their oversight of the risk management processes, and there is increasing emphasis on strategic risk management. There is growing demand for ERM to be embedded in strategy execution and corporate culture. Boards are demanding executives and senior managers to adequately assess vulnerabilities in their risk management processes and to strengthen the link between the company’s risk management and strategy setting activities.
Enterprise Risk Management can undoubtedly improve the quality of decision-making, reduce uncertainty, and improve the effectiveness of both strategic and operational management. ERM encourages business to give equal attention to the ‘key risk indicators’ and the ‘key performance indicators’. This increases the certainty of outcomes and contributes to an organisation’s ability to achieve performance goals, sustain shareholder value, and improve customer service.
It is becoming increasingly clear that for risk management to be effective in an organisation, Enterprise Risk Management and the inter-related disciplines of Strategy and Change Management must be integrated to ensure a unified overall solution.
So how does one go about this? For starters, client objectives and the strategies that have been set to achieve them must be clarified. Next, the risks that could prevent the achievement of these objectives must be identified and understood. Once risks have been evaluated and ranked, mitigation strategies must be collaboratively developed through cross-functional engagement across the ‘silos’ in the organisation. Risk ownership must be established and accepted. Finally, the specific disciplines of change management must be applied to ensure strategies are effectively implemented, executed, and monitored.