Why Does My Company Need Enterprise Risk Management?How to Invest in Your Company’s Bottom Line
Following the great global financial crisis, some companies have been turning to enterprise risk management (ERM) to gain stronger capital positions and increase profits.
But unlike these companies, you may be one that still does not see the need for ERM. You might be thinking that as part of running a business, your company inherently manages risks on a day-to-day basis—your company may already manage internal risks through your executive team and external risks through property, liability or malpractice insurance. Your current approach looks at risks individually.
Rather than viewing risks individually by category, ERM takes a top-to-bottom approach and views them holistically. This view helps your management or board of directors manage and mitigate all risks that could affect the long-term success of your enterprise.
Looking at Traditional Risk Management
Traditionally, the executive team manages and monitors potential risks within their department to keep the company as a whole afloat. The chief technology officer might be responsible for managing risks related to the company’s information technology (IT), the chief marketing officer might be responsible for managing risks related to the company’s sales and customer satisfaction, etc.
This traditional approach is called silo or stove-pipe risk management. It remains outdated, contains limitations and creates holes that might cause your company’s ship to sink toward decreased efficiencies and profits.
One limitation might be risks that fall between the siloes or pipes, remain unnoticed and eventually trigger a disastrous risk situation. For example, your retail company may be purchasing real estate in urban areas where you thought your core customers lived, but due to a demographic shift, your tried-and-true customers have been moving the suburbs.
This is just one example of a risk-management limitation caused by the traditional model. Your company might be flooded with others, and it might be time to adjust your sails toward ERM.
Moving Toward Enterprise Risk Management
ERM entered the business world a short 10 years ago. During the last decade, a number of businesses have realized the shortcomings of silo or stove-pipe risk management. Like discussed, it creates gaps that cause risk events or catastrophes that sometimes can’t be remedied.
Unlike traditional risk management, ERM takes a top-down approach and looks at all risks—positive and negative—that can or will affect the company’s bottom line. But ERM isn’t a one-and-done task. It is not like insurance where you sign on the dotted line and you’re covered for certain events—it requires help and consistent updates from the leadership team.
Who knows a company best than the executive team and the board of directors? In order for the top-down approach to be effective, leadership must get involved to assess and present all the company’s potential risks.
After the leadership team establishes the company’s risks, top management creates and implements the ERM process, and the board of directors should oversee the process to ensure the company’s risk-taking actions best suit stakeholders’ interests.
Updating the Process
Establishing and finalizing the ERM process doesn’t end in the last meeting. The process should be a living and breathing document that is constantly evolving and updating. Risks do not remain the same year to year or even month to month.
Therefore, once your company implements an ERM process, you are on a constant journey to identify, assess and update risks related to your business’ core objectives and model to achieve greater success and profits.
Finding Expert Advice
Beginning, implementing and updating an ERM process is not a simple task—especially if you are starting from the ground up. Talking to or hiring a third-party consultant with years of experience and expertise could help guide you towards the path of an effective and thriving ERM process and ultimately increase your company’s bottom line.