Enterprise Risk Management (ERM) has proven to be an effective approach to manage risk. You’ll never be able to prevent every risk from becoming reality, but you can — and should — take steps to manage potential perils.
How It’s Different
Unlike traditional risk management techniques, which often are informal and “siloed” (meaning that each department focuses on minimizing its own risks), ERM is an integrated, company-wide process. ERM assumes that all risks are related — that, for example, lax controls in your accounting department may enable fraud and, in turn, raise your business’s overall expenses.
ERM isn’t about eliminating every risk. It helps you clarify your company’s appetite and capacity for specific risks so you can develop a cohesive philosophy and plan for how they should be handled. In other words, ERM enables you to find an acceptable level of risk that allows you to promote your company’s strategic objectives.
Making Your List
ERM implementation starts at the top of your organization. Owners and executives must understand the need for ERM so they can sell it to the rest of the team members.
Once you have buy-in, assemble a list with input from every division and department. Start with risks that endanger companies of all sizes and sectors, such as those involving finance, IT, regulatory compliance, and distribution. Then move on to company- or sector-specific risks.
Once your risk list is robust, rank items based on likelihood and impact. Then analyze worst-case scenarios for each one. If the list seems overwhelming, assign each risk to an “owner” who will be responsible for analyzing and monitoring it.
Ultimately, you must come up with ways to manage your biggest threats. Do this by building on current risk management practices, such as audits, insurance coverage and internal controls. You can gradually incorporate an enterprise-wide view of risk to make these activities into a true ERM process.
ERM software can help. If employees understand the software application and use it regularly, ERM will become part of their jobs. For you, frequent monitoring of important metrics is an integral part of keeping up with ERM. Many software packages come with “digital dashboards” that keep critical risk-related information instantly accessible on your computer’s desktop.
You don’t have to implement every component of an ERM program at once. An incremental approach that begins with relatively simple processes and builds the program over time is easy to adopt and can be very effective.
Ready to move forward? We can help. Give us a call at 816-743-7700.