Boards of directors and management are constantly looking for ways of optimising or mitigating risks. Enterprise Risk Management, ERM,supports these efforts as a matter of course, since the ultimate goal of the ERM process is to help manage risks and in so doing, enable the organisation to achieve its objectives. As ERM becomes increasingly relied upon and integrated into the decision-making process, board and management will find it easier to include the process of risk management in the development of corporate strategy. But this will happen only if and when the organisation realises the true value of ERM.
The risk professional’s role then is to demonstrate that ERM is capable of providing strategic value regardless of the level at which it is applied. But this is easier said than done because the integration of ERM with strategy is almost always limited. It is the role of risk professionals to heighten the profile of ERM; one way of doing this is to simultaneously start the conversation about risk at several levels. Businesses traditionally handle their risk exposures individually, i.e., each division identifies what constitutes a risk within its own context, and tries to apply mitigative measures accordingly. But this method of measuring and managing risk can cause siloes.
As companies grow and the business becomes more complex, more divisions, departments, whole business units and subsidiaries may become involved. What may be a risk to one, may affect all; what may be a minimal risk to one, may be amplified into something critical to another. If they do not get out of their siloes and share information, their risks may increase substantially – and if one unit goes down, others may follow. The process of risk management can identify individual risks to individual units, and demonstrate how these overlap and are interlinked. ERM is all-encompassing; it identifies organisation-wide risk as well as the opportunities which come with it.
Organisations often develop their strategic plans with mechanisms which are capable of refreshing or making refinements to the plans, so that adjustments or realignments can be made as the plans are applied. Strategic plans are developed because the organisation recognises that the business has to confront various risks from a variety of sources; all of which, if not properly mitigated, will pose grave threats to the value of the firm. Threats may arise from anywhere – through competition from other businesses, technological developments, employee unrest, market or environmental changes, even consumer trends that affect buying power and influence spending patterns.
Risk professionals must thus be able to identify where and how ERM can support strategy and performance. To do this they need to understand the business and the environment it operates in, as well as the industry and its particular issues. They also need to help the organisation view the management of risk at enterprise level as part of its value proposition. Risk is not just about identifying threats; it is about identifying opportunities as well. Strategic planning, coupled with ERM, is a proactive means of deriving a competitive advantage for the business. Because strategic planning is a response to the risks of the business, it is actually intertwined with ERM.
