Enterprise Risk Management (Preview)

34 Part 1 – Concepts and Methods • Arguable motivations – Regulations can force organizations to adopt structures and perform activities in specific ways. However, when regulatory compliance is the main factor that motivates the implementation of ERM, limited value can be expected. • Administrative burden – In many organizations, ERM is perceived to add another layer to already complex management structures. When something is not very well understood but nonetheless deemed important, there is propensity for undue process and information overload. Trivial issues are confounded with risks, detailed and confusing reports are created, and the process becomes unmanageable. • Competing priorities – ERM is relatively difficult and time consuming to implement, and it requires ongoing involvement and refinement afterward. It is not a project that has a set timeframe. It is a management discipline that needs to be applied, maintained and improved on a continuing basis. It requires commitment and dedication. • Integration difficulties – It is much easier to create a detailed and stand-alone risk management process, than one that is clear, concise and well integrated. ERM needs to be integrated across business units, and with corporate functions such as strategic planning, decision making and performance management to be most effective. • Simplistic focus – ERM does not add much value if it is mainly focused on risks that are already well known and anticipated. There is a tendency for organizations to overly manage and control what they understand, and to overlook what is less clear or more complex. It is challenging for organizations to develop an ability to focus on objectives and not just issues, to consider risks as opportunities in addition to threats, and to identify and analyze the effects of emerging risks and disruptive trends. • Lack of expertise – Individuals with knowledge and skills in ERM are not widely available. In addition, their experience and abilities cannot easily be assessed by someone with limited knowledge of risk management, making it challenging for organizations to recruit and select the right individuals. The success of ERM is nonetheless contingent upon the quality of the individuals leading the effort. Fortunately, many organizations have proven that these challenges are surmountable by implementing ERM successfully and realizing many of its benefits. When considering the above challenges as a whole, it is clear that developing a solid understanding of ERM is the key to unlocking its potential. Knowledge builds confidence, and enables the design of solutions that are consistent with proven practices. These practices include maintaining a focus on goals, strategies and objectives, putting core organizational functions at the forefront, developing an approach that is practical and adapted to organizational needs, and designing effective mechanisms for risk management integration. BENEFITS OF ERM Asking about the benefits of ERM is similar to asking about the benefits of leading a healthy lifestyle. It may be more demanding at first to adopt some practices, but they eventually become second nature and the investment is well worth it. Based on research completed in 2015 by the insurance firm Aon and the Wharton School of the University of Pennsylvania, there is a direct correlation between advanced risk management practices and the superior stock market performance of publicly-traded companies. 48