Enterprise Risk Management (Preview)

Chapter 1 – Risk Management Awareness 31 The surveys of the ERM Initiative and the IIA indicate that more than half of all organi- zations have implemented complete or partial ERM, or have formal risk management practices in place. Both surveys also confirm that the implementation rate is much higher for large organizations than it is for small organizations. Organizational Changes The implementation of ERM and the adoption of formal risk management practices have transformative effects on organizations. These effects are mostly noticeable in the areas of organizational culture, board risk oversight and management structures. Culture Shifts Shifts in culture or mindset are the most significant organizational changes caused by ERM, because they impact everything else, namely goals, strategies, objectives, policies, decisions, processes, activities, etc. Some of the most important effects of ERM on organi- zational culture result in: • a better understanding of the different aspects of risk • a focus on risks affecting organizational performance • a greater attention to disruptive trends and emerging risks • the acknowledgement that risks should be managed holistically • the recognition that everyone is responsible for managing risks ERM helps organizations achieve a better understanding of the different types of risks having to do with opportunities and threats, and identifying all sources of risks that are external or internal to the organization. It also provides multiple perspectives for analyzing risks, namely in relation to the strategic or operational nature of risks, and the effects that risks may have on growth, results, reputation and sustainability. ERM causes organi- zations to focus on risks relating to their goals and objectives, whether they are strategic such as entering new markets, operational such as improving productivity and reducing costs, or financial such as increasing earnings per share. ERM helps organizations adopt a forward looking view of risk, by differentiating between risks that are known to occur based on past experience, and emerging risks that result from disruptive trends or technologies. Because organizations develop an enterprise-wide view of risks with ERM, they can analyze the relationships and interdependencies of risks, and develop integrated solutions for managing risks holistically. In addition, ERM causes organizations to improve their structures for risk management. These structures clarify roles, responsibilities and accountabilities for managing risks. Board Risk Oversight Boards of directors (or their equivalent) need to exercise oversight on organizational risks and risk management practices. In order to exercise their oversight responsibilities, boards undergo transformations of their own. As a first step, they look at the qualifications of individual board members to determine if the board collectively has the right mix of