The Institute of Enterprise Risk Practitioners (IERP®) is the world’s first and leading certification institute for Enterprise Risk Management (ERM).

Image Alt

IERP® International Institute of Enterprise Risk Practitioners

  /  Thought Leadership   /  Global Conference Highlight: Using Enterprise Risk Management as a Strategic Tool

Global Conference Highlight: Using Enterprise Risk Management as a Strategic Tool

A common excuse given by those who are not convinced of the use of risk management is that there is ‘no time’ for it, especially if management often has to make quick decisions. However, Leonard Ariff Abdul Shatar, Group Managing Director of CCM Duopharma Biotech, notes that many mistakes (and the subsequent costs) could have been avoided if additional thought and effort had been put in. As a public-listed company, it’s a requirement for CCM to have a risk management function. For CCM Duopharma Biotech, risk management was split up as it was thought that the audit function was overshadowing it.

At CCM Duopharma Biotech, Leonard Ariff faced the monumental task of reshaping the business to resolve issues relating to ageing products as well as ageing assets. A key part of the strategy was to move into biosimilar medicine, which is medicine that is highly similar to their reference product (distinct from generics, which are exactly identical to their reference product). In order to build the capabilities required of this endeavor, the company needed to establish partnerships with companies already in the field — CCM had concluded that building in-house capabilities would take 8-9 years.

The Integration of ERM with Operational Plans

When it comes to proposing or executing plans, the ones who do the risk reviews should not be the risk managers but the promoters of the investment or the staff on the project. In effect, ERM and operational plans need to be in parallel with each other. This can start with the Annual Business Review, where best practice is to delineate goals, articulate the budgets, risks, and KPIs, so that you will be 80% confident when bringing the plan to the board.

Risks, resolved or not, should be included in the risk register — the risks identified should not just be operationally-focused as assumptions made at the beginning may become irrelevant during the project.

ERM should be part of the DNA of an organization, that is, it should be embedded into everyday business processes. For example, induction lists for new staff, for example, should include the risk register to communicate its importance to the company’s ecosystem.

All in all, it’s vital that organizations consider (1) what could go wrong (the risks), (2) what the company has in place to prevent them from happening (the controls), and (3) what else the company can do about the risks (the treatment).

What Next?

Interested in how to wield Enterprise Risk Management frameworks as tools for strategy and performance? Learn more about our flagship Enterprise Risk Manager (ERM®) certification program, a comprehensive 12-day course covering the latest and best practices in ERM in relation to business continuity management, corporate governance, and strategy (next intake on 1st October, 2018).

Alternatively, read more key highlights from the IERP® Global Conference here.

    Name (required)

    Email Address (required, business email address only)

    Mobile Number (required)

    Company (required)

    Designation (required)

    Preferred Contact Method: (required)

    CallEmail

    What is the biggest challenge in your job/industry

    Which modules are you interested in? (required)

    Managing ESGMechanics of ESGEnterprise Risk Management

    Message

      Name (required)

      Email Address (required, business email address only)

      Mobile Number (required)

      Company (required)

      Designation (required)

      Preferred Contact Method: (required)

      CallEmail

      What is the biggest challenge in your job/industry

      Message

        Name (required)

        Email Address (required, business email address only)

        Mobile Number (required)

        Company (required)

        Designation (required)

        Preferred Contact Method: (required)

        CallEmail

        What is the biggest challenge in your job/industry

        Which modules are you interested in? (required)

        Evaluating Risk and Internal ControlCorporate GovernanceEstablishing a Cybersecurity FrameworkEnterprise Risk Management

        Message

          Name (required)

          Email Address (required, business email address only)

          Mobile Number (required)

          Company (required)

          Designation (required)

          Preferred Contact Method: (required)

          CallEmail

          What is the biggest challenge in your job/industry

          Message

            Name (required)

            Email Address (required, business email address only)

            Mobile Number (required)

            Company (required)

            Designation (required)

            Preferred Contact Method: (required)

            CallEmail

            What is the biggest challenge in your job/industry

            Which modules are you interested in? (required)

            Digital Risk Management and DisruptionMechanics of CyberSecurityEnterprise Risk Management

            Message

            User registration

            Reset Password