With the current economic environment, it has become even more apparent that companies need to understand how risks impact their whole organization. Enterprise Risk Management (ERM) utilizes current risk management tools and processes while identifying areas of opportunity based on the company’s strengths and strategic objectives. By implementing ERM, management can better allocate capital, manage growth, support strategic objectives, and improve earnings and cash flow. Much of ERM is misunderstood, but by answering a few critical questions all organizations should consider, the importance of an effective ERM process becomes evident.
With all of the real and perceived risks in the world today how does a company focus effectively on its future?
When companies review their performance each year, they look at their budgets, goals, strategies and objectives. Management’s reflections on past successes and failures are built into the forecast for the coming year and beyond. Renewed opportunities begin to surface, but lingering challenges of the current economic environment may limit the responses companies want to make. ERM is a process to help companies that are moving forward in an uncertain world better understand and manage risks. Effective ERM programs focus on a company’s past successes and capitalize on its strengths to accelerate a successful future.
How can your company put Enterprise Risk Management into practice?
To begin the ERM process, the first step is to adequately assess your current risk management practices. Eide Bailly utilizes the Corporate Risk Universe (see illustration below) to help clients begin to understand their current risks from a holistic perspective. What are the internal and external risks that your company faces on a daily basis? How do you currently react to those risks? Internal risks can typically be compartmentalized into four categories: financial, operations, governance and strategic. Risk management has historically focused on the financial, operations and governance areas of risks. These risks were easy to identify and did not take much time to respond to and develop effective controls around. Insurance, alternative risk finance (i.e., hedging, captives), stop gaps and avoidance are common tools and techniques used to transfer and mitigate the identified risks. Strategic risks such as mergers, acquisitions and strategic planning are rarely openly communicated within an organization.
Why did these risk management techniques not adequately prepare companies for the current economic situation?
Many companies did not realize the importance of internal strategic risk. Governance, financial and operational risks, and their respective controls, are primarily seen as the responsibility of certain specific areas in most companies. Internal silos can be built around the processes and controls, and company managers are accustomed to mitigating controls in their individual areas, but do not always have effective information regarding the overall organizational risks. Due to business sensitivity, executive management often has to withhold detailed information regarding the company’s strategies and objectives; however, this can also prevent the executive team from receiving important information prior to making decisions.
Managers often have more detailed information regarding the company and its key relationships with customers, suppliers and business partners than the executives. With ERM, identification of the strategic risks is addressed and will decrease the impact of internal silos, opening a new dialogue with employees. Awareness of the company’s strategies and objectives will allow employees to initiate discussions when they become aware of risks that could potentially impact the company’s overall goals and strategies. This relay of information is even more critical when looking at external risks.
How do you effectively manage external risks?
External risks can typically be separated into three categories: regulatory, market, and hazards and 3rd party actions. Companies rarely have control over external risks, but its reaction to external risks may propel a company forward or cause them to stumble. Within the ERM process, a company will solidify their controls around the four internal risk compartments and increase effective communication throughout the company. Employees begin to have a better understanding of the overall risk appetite and tolerance of the organization, which increases their awareness to the external risks that could adversely impact the company.
Executive management starts to become aware of emerging external risks sooner than their competitors; because new communication channels have been opened and cross functional data has become available. Companies with effective ERM programs become more resilient to emerging risks and are able to seize opportunities when other companies are struggling to understand what is happening. ERM cannot control external risks, but it does provide companies with the tools to control their risk response and focus on the company’s strengths for the future.
During times of economic instability, companies spend a lot of energy trying to understand the impact to their organization. ERM opens the communication throughout the company regarding strategy and risk management. With an awareness of the company’s risk appetite and tolerance, managers can better assist executives in understanding emerging threats and potential opportunities that come with economic change. ERM focuses current risk management tools and processes, and identifies areas of opportunity linked to the company’s strengths and strategic objectives, even in a struggling economy.
If you would like to review how ERM could benefit your company, contact us today.
