Enterprise risk management for visionary organisations
Enterprise risk management is defined as a rigorous approach to addressing risks from all sources that threaten an organisation's strategic objectives or represent opportunities for competitive advantage. While ERM clearly states that it also represents opportunities, the way organisations currently practice ERM does not reflect this ideology. The result is that top management view risk management as a cost intensive exercise which does not yield increased revenues or profits over the long term. 1. The reason why Wal-Mart was able to bring 70 percent of its stores in the Katrina-affected areas of the United States back into operation within 48 hours of the disaster was not a result of prescience in anticipating a Category 5 hurricane, but because supply chain resilience is built into its business model. This resilience is a result of a diligent enterprise risk management project which looked at opportunities that would be lost in case of a natural disaster. 2. Another example is of a distributor of Mother Care products that did not shut stores in Lebanon during the Israel-Hezbollah war in 2006. This distributor diligently analysed the risk-return of the stores not being shut. When the war ended, sales boomed and the brand image of this distributor sky rocketed. The key therefore is to look at ERM as a strategic tool which will add value to both the top and bottom line and link the implementation with measurable KPIs to substantiate this. This article attempts to look at how organisations can change their perspective of enterprise risk management to better achieve their strategic objectives. The main points are presented as a series of hypotheses. These have not been formally tested but provide a good starting point for further discussions and research on the subject: • Hypothesis one: Too much attention is given to short term profits rather than long term growth. While most shareholders are not overtly worried about the quarterly profit/loss picture, many organizations, including the media, need to be blamed for over emphasis of this metric. The resultant short termism impacts enterprise risk management activities detrimentally, with organisations looking at ERM to assist with short term operational and tactical quick wins. In the meantime systemic risks inherent in the organisation can remain unnoticed; these organisational parasites slowly grow to affect the organisation in the long-term, eventually leading to irreparable damage. Going forward we would recommend a new way of working for the CEO of organisations. The CEO and the board need to jointly address all strategic risks while the responsibility for operational, credit and market risks should lie with the COO, CFO and the various business heads. • Hypothesis three: Many organisations unfortunately look at getting an ISO certification as a marketing tool and not as a platform for continuous improvement. Similarly, many risk management functions are looking at enterprise risk management from a myopic viewpoint of meeting regulatory objectives. The process is conducted in silos, leaving only a paper document in the end that gathers dust. Such thought processes need to undergo a paradigm shift. • Hypothesis four: There have been various views suggesting that a risk assessment exercise within an organisation should be a top down approach. We beg to differ with this and propose that risk assessment should be conducted both top down as well as bottom up, once the process reaches a certain level of maturity. This will mean that all business processes get covered over a period of time and new risks are identified. This also leads to a culture of risk management incorporated into job functions so that there are clear-cut responsibilities for risk-return decisions. Individual biases also gets covered in this process as one executive for example, might be more willing to take risks than another, or may have a different view of a project’s level of risk. Such an approach would result in an organisation taking a more consensual approach to its risk profile and appetite and would allow more likely identification of risk areas which breach the comfort zone. To achieve this joint bottom up/top down approach requires a wide-spread understanding of the importance of ERM and a shared risk culture . • Hypothesis five: While it is good to inculcate a risk-adjusted performance metric for middle and senior managers, overachievement beyond a certain threshold should also be penalised. For example, if the sales function overachieves beyond a significant percentage then it puts production and logistics under undue pressure and production management’s time gets involved in fire fighting issues. Further, the sales function might have under quoted to show a superior performance thereby putting other departments at grave risk. Individuals should be aware of their organisation’s risk limitations whilst taking decisions. Conclusion Authors entrepreneur.ranjit@gmail.com Reference
•Date: 16th May 2008• Region: World •Type: Article |
