Enterprise Risk Management (Preview)

Chapter 1 – Risk Management Awareness 5 Enterprise risk management (ERM) is a discipline that provides an effective, structured and integrated approach for managing risks strategically and on an organization-wide basis, including for the organization as a whole and within all of its management functions and business units. The term “enterprise” in ERM refers to every type of organization. It means that risk management is applied to whatever activities an organization is “enterprising” for achieving its mandate. ERM enables organizations to focus on their most significant risks, and set directions for how much risk should be taken or tolerated. With ERM, organizations develop a greater ability to manage risks effectively and improve performance. Risk management cannot be optimal without a certain amount of structure and formality. Otherwise, risk management tends to be inconsistent and fragmented. The amount of structure and formality needed is driven by organizational culture, size and complexity. ERM can be tailored to meet organizational needs for optimal results. The context of an organization drives the type of risks that need to be managed, and the risk management practices that should be implemented. For example, financial services organizations are mostly concerned with market, credit and liquidity risks. Manufacturers focus on risks relating to supply chains, commodity (raw material) prices, production and distribution. Power generating utilities have important considerations regarding environ- mental risks and the reliability of their networks. Government entities need to demonstrate effectiveness in the delivery of programs and services, and are under constant pressures to do more with less. Not-for-profit organizations raise funds, and try to allocate as much resources as possible to their front line operations. These organizations have very different types of risks, but they all need to manage risks. External Forces Creating Risks Many forces create uncertainties for organizations. These forces may be internal to the context of organizations, such as organizational culture, employee engagement and production systems. Other forces are external to organizations, such as economic conditions, consumer preferences and competition. Organizations have less control over external forces, because the uncertainties and effects that they create are more difficult to anticipate and manage. External forces are sometimes called disruptive trends when they are evolving and have broad implications that are difficult to predict. Organizations analyze the implications of external forces and determine how best to adapt to the opportunities and threats that they present. Examples of external forces are provided below, which illustrate their impact on organizations. Globalization Organizations operate in a global business environment, where customers can order products from virtually anywhere, often with just a few mouse clicks. Local competition is continuously challenged by new entrants and organizations must be vigilant to maintain their relevance and competitiveness. Some companies set objectives to grow and diversify, while others find it preferable to differentiate or reposition. These approaches involve strategic risks relating to expansion, acquisitions, divestitures or rebranding. Such changes affect products and services, marketing activities, human resources management and information systems. They also generate important financial and legal considerations. These types of transformations occur more often now than they ever have, mainly because of increasing globalization.