Friday 10 April 2015
Enterprise risk management (ERM) is the process of planning, organizing, leading and controlling the activities of an organization in order to minimize the effects of uncertainty on that entity's capital and earnings.
ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress. By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall.
ERM involves management selecting a response strategy for specific risks that have been identified and analyzed, which may include:
- Avoidance: exiting the activities giving rise to risk
- Reduction: taking action to reduce the likelihood or impact related to the risk
- Alternative Actions: deciding and considering other feasible steps to minimize risks.
- Share or Insure: transferring or sharing a portion of the risk, (e.g., finance it)
- Accept: no action is taken, due to a cost/benefit decision
- Exploit: turn a risk into an opportunity to create value for the organization
In many organizations, monitoring risk is performed by management as part of its internal control activities, in order to understand how the risk response strategy is working and whether the objectives are being achieved. Other aspects of an integrated approach to ERM are increasingly being handled by other functions within the organization such as finance, strategic planning, and treasury.
ERM for non-financial institutions has progressed significantly over the past decade, to the point where it is now a firmly established business discipline with demonstrable value-creation results. ERM has evolved and improved as a result of better appreciation of standards and frameworks, integration with strategy, and an interdisciplinary approach to risk ownership.
One of the characteristics of the ERM evolution is improved understanding of those standards and frameworks that support comprehensive ERM implementations. In the early days of ERM implementations for non-financial institutions, some organizations mistakenly thought that performing a business risk assessment (BRA) and presenting a list of key risk areas to the Board qualified as ERM. Today the understanding is much deeper, and most firms now understand that the "heavy lifting" associated with an ERM implementation actually begins as soon as the BRA is done.
Another aspect of improvements in ERM is the increased integration with strategy. Organizations that have mature risk management systems in place understand that a rigorous process for measuring and analyzing risks and opportunities is well suited to either support the strategic planning process or even serve as the foundation for a new strategic planning effort within the organization. Weakness and threats are better quantified and understood through the use of ERM methodologies, while opportunities and strengths have more significance within the broader vision and mission of the organization. Moreover, an ERM-based approach to strategic planning helps identify risk that may arise from selection of strategy as well.
Finally, understanding of risk ownership has improved. Because ERM pushes the identification and analysis of risk outside of the traditional space of pure risk into the realm of speculative risk and opportunity, many business organizations are managing the ERM process through a committee-based approach or by selecting a program lead from outside their traditional risk management group- such as from finance, legal, accounting, internal audit or operations.
The benefits are tangible. In 2010, almost half of organizations that responded to a survey about ERM said that they were not implementing it because they did not see a clear connection between the ERM process and the value that it created. By 2014, that value question has become clearer and research is being focused on how much value is created. A research team from Miami University has now shown that organizations with mature ERM programs can demonstrate enhanced firm value that is 25% higher on average compared to those firms without mature ERM programs. In short, the "carrot" side of the argument to implement ERM has never been stronger.
Author: Joseph A. Milan, Ph.D. is a risk management professional with extensive experience in the design and implementation of sophisticated ERM and risk transfer programs. In his risk management consultancy, Joseph helps global ERM clients from multiple industry sectors with the design, implementation, and continuous improvement of their ERM programs. He previously served as Vice President and Chief Risk Officer of UDR, Inc. (NYSE: UDR), one of the largest multifamily real estate investment trusts in the United States, where he developed and implemented an ERM program which identified risks that threatened the long-term viability of the company, and then created sophisticated solutions that mitigated those risks and converted them into opportunities to increase enterprise value. Prior to UDR, Dr. Milan served as Vice President and Risk Manager of AIMCO (NYSE: AIV), another large multifamily real estate investment trust, and as Senior Vice President of AIMCO Assurance, a Bermudian domiciled captive insurance company. Dr. Milan has over 24 years' experience as a professional educator and trainer, and was a member of the Risk and Insurance Management Society (RIMS) ERM Committee from 2007 to 2010.
IASeminars now offers the following series of courses, which can help your organization to start an ERM program or else take your existing ERM program to the next level.
- Introduction to Enterprise Risk Management (ERM) (2 days)
- Implementation Techniques for Enterprise Risk Management (3 days)
- Enterprise Risk Management, Internal Audit and Compliance (2 days)
- Enterprise Risk Management and Strategic Planning (2 days)
These ERM courses are designed specifically to address the common obstacles to ERM implementations, as well as explaining the intricacies of risk assessment methodologies and successful approaches to risk treatment, governance, and the continuous improvement process. For more information, please .