Enterprise Risk Management (Preview)

Chapter 1 – Risk Management Awareness 15 does not ensure success. Organizations do not exist to protect their assets, prevent injuries, limit losses and avoid liabilities. They exist to achieve results, and risks related to strategies are the most challenging. According to research conducted by the global consulting firm CEB (now Gartner Inc.), strategic risks were the cause of significant declines in the market value of firms eighty-six percent of the time during the ten year period ending in 2014. By contrast, significant declines in market value were caused by operational risks in only nine percent of cases during the same period. The remaining five percent were caused by compliance risks and financial reporting issues. 10 The broadening of scope and changes of focus are some of the defining characteristics of contemporary risk management, better known as ERM. The broadening of scope to identify and manage risks that can have positive or negative effects, facilitates the integration of risk management with strategic planning, decision making and performance management. Organizations exploit risks to improve their performance and achieve results. They set directions on the levels of risk that are desirable or tolerable, and manage variations from established targets or thresholds. The changes of focus include the consideration of disruptive trends, in addition to other risks that have a history of occurrence and more predictable effects. For example, the sharing economy is a disruptive trend, with effects and consequences that are currently very difficult to predict. By comparison, economic cycles have a history of occurrence and they can be anticipated based on prior experience. Economic cycles are known to happen and their effects and consequences are much better understood. Figure 1.1 summarizes the main differences between conventional and contemporary risk management. ERM includes integration mechanisms that help organizations manage risks consistently across management functions and business units. It enables organizations to examine all of their risks systematically, and make informed decisions on risk management priorities. It also helps organizations analyze risks holistically, by considering the relationships and interdependencies of risk, and developing integrated solutions for optimal risk mana- gement. Moreover, ERM facilitates the aggregation and reporting of risk information on Figure 1.1 – Risk Management Differences Contemporary / Enterprise Risk Management Purpose: • Protect and create value Scope: • All risks that can affect performance • Risks across the entire organization Focus: • Opportunities and threats • Known risks and emerging risks Approach: • Integrated risk management • Comprehensive view of risks • Priorities determined organization-wide • Coordinated responses to risk • Consistent risk management practices Conventional / Traditional Risk Management Purpose: • Protect value Scope: • Risks resulting in losses or liabilities • Risks associated with specific functions Focus: • Threats (negative consequences) • Known risks (predictable consequences) Approach: • Siloed risk management • No aggregation of risk information • Priorities determined within functions • Stand-alone responses to risk • Inconsistent risk management practices