ENTERPRISE RISK MANAGEMENT/ENTERPRISE-WIDE RISK

MANAGEMENT/FIRM-WIDE RISK MANAGEMENT

John Hawkins (2001:6) defines it as: The management of all risks facing an
enterprise on a comprehensive & holistic basis, taking into account their
interrelationships & resources available for their management. Hawkins (2001)
emphasises that enterprise risk management is regarded as an approach to or
philosophy of risk management rather than a particular technique or series of
techniques.

Venkat ( 2001 : 587 ) defines firm-wide risk management as : An amalgam of

strategy , process , infrastructure & environmental which help companies to make
intelligent risk taking decisions prior to committing limited resources & then helps to
monitor the outcomes of these decisions .

Barton et al (2005) put forward the following definition of ERM:

A new perspective on risk management referred to interchanged as integrated,

strategic, business, or enterprise-wide risk management. The term risk includes any
event or action that will adversely affect an enterprise’s ability to achieve its business
objectives & execute its strategies successfully. The scope of risk covers all risks,
internal & external, that may prevent an enterprise from achieving its objectives.
Barton et al (2000) also emphasise that the goal of an enterprise-wide risk
management initiative is to create, protect & enhance shareholder value by
managing the uncertainties that could either negatively or positively influence the
achievement of the objectives of the enterprise.

Deloach (2000) sees enterprise-wide risk management as

A structured & disciplined approach: it aligns strategy, processes, people, technology

& knowledge with the purpose of evaluating & managing the uncertainties the
enterprise faces as it creates value.

Deloach (2000) points out that in an ERM approach

-a common language is implemented that facilitates internal & external

communications
-a consistent reporting framework for aggregating risk measures & information is
provided

-increased management confidence through a systematic approach that identifies all

the enterprise’s risks is fostered

-resource allocation through rigorous prioritisation of risks is supported

-transfer costs due to offsetting or pooling risks are reduced

-a disciplined, structured process for making vital decisions is created

ERM is thus a new strategic process that identifies & addresses the full range of
business opportunities & risks. It is also a value-generating business risk
management process that provides the discipline & tools for mastering risk as the
enterprise creates value. This approach represents a paradigm shift in the way
enterprises manage the uncertainties that stand in the way of achieving their
strategic, operational & financial objectives. This approach integrates & coordinates
the management of risks throughout the enterprise & creates a culture of risk
awareness. ERM helps CEOs to meet the challenges they face by improving the
linkage between risk & opportunity & positioning business risk management as a
source of competitive advantage. ERM features shared enterprise goals & broad
coordination but also accommodates individual actions within well-defined
boundaries. It facilitates the management of risk in a world of uncertainty & fosters
continual feedback & re-evaluation by capitalising on the enormous advances in
technology & knowledge-sharing.

THE CURRENT STATE OF ERM

Research on the current status of ERM has identified the following trends &
emerging practices:

-Enterprises consider the desire for a unifying risk management framework &
corporate governance regimes to be key drivers of ERM.

-Earnings growth & revenue growth are considered to be top business issues today
with earnings consistency expected to grow in significance over the next few years.

-ERM is seen as a tool to help manage the most important business issues of
enterprises of enterprises.
-Although ERM is in its early stages of application, few respondents to the survey
indicated that they are ignoring it.

-ERM tended to be applied by larger, publicly held, multinational enterprises.

-ERM initiatives & activities are led by senior executives & internal audits play a
substantial role in the implementation of ERM.

-Organisational barriers need to be overcome to effectively implement ERM.

-Comprehensive risk assessment exists in few enterprises.

-ERM may initially be more of a management information tool than a driver for
enterprise performance.

-Enterprises in the process of adapting ERM are more likely to use a variety of tools

BARRIERS TO SUCCESSFUL IMPLEMENTATION OF ERM

-certain organisational barriers have been identified that hamper the successful
implementation of ERM. These include the following:

(a) Organisational culture

-A weak risk culture is one in which employees have little sense of the importance of
risk management & their role in it. Such a culture will compromise efforts to manage
risk, which might have disastrous consequences. A culture in which risk is seen as a
central part of everyday operations, allows for truly effective risk management.

(b) Benefits of the approach unclear to management

-Many managers, however do not fully grasp the implications of ERM, arguing that
there is large gap between theory & application of ERM, that the value attached to
ERM is difficult to measure & that they do not have sufficient hard data to support
any form of credible enterprise-wide risk assessment.

(c) Lack of formalised processes, language & definitions

-Risk communication is often hampered by definitions of risk that are too broad,
poorly understood or open to interpretation. In order to effectively implement ERM it
is essential for risk management decision making to be incorporated into strategic &
operational decision making throughout the enterprise.
BARRIERS TO SUCCESSFUL IMPLEMENTATION OF ERM

The following organisational barriers can hamper the successful implementation of

ERM:

Organisational culture

-Risk culture is critical to the success of the enterprise & will determine how
successful its ERM will be. A weak risk culture is one in which employees have little
sense of the importance of risk management & their role in it.Such a culture will
compromise efforts to manage risk, which might have disastrous consequences. A
culture in which risk is seen as a central part of everyday operations, allows for truly
effective risk management.

Benefits of the approach unclear to management

-Many managers, however, do not fully grasp the implications of ERM, arguing that
there is a large gap between theory & application of ERM that the value attached to
ERM is difficult to measure & that they do not have sufficient hard data to support
any form of credible enterprise-wide risk assessment.

Lack of formalised processes, language & definitions

-Risk communication is often hampered by definitions of risk that are too broad,
poorly understood or open to interpretation. Risk management decision making to be
incorporated into strategic & operational decision making throughout the enterprise.

Organisational turf-The adversarial nature of the relationship between line business

managers & staff risk managers further hampers the effective implementation of
ERM.

Improper yardsticks

-Performance goals may be established in terms of financial measures such as

sales, revenue, profitability or non-financial measures such as quality & customer
satisfaction. In order to gain a proper risk/return perspective, risk measures should
be incorporated into the processes that generate management reports & measure
performance.
KEY SUCCESS FACTORS IN IMPLEMENTING ERM

Strong & visible support from senior management

-Adopting ERM entails a major cultural change for an enterprise.CEOs & boards of
directors can create momentum for change by demonstrating a serious leadership
commitment to ERM.

A capable & dedicated group of cross-functional staff who can drive the
implementation of ERM & continue to push it in its operation phase

A close linkage of ERM to the key strategic & financial objectives of the enterprise &
the business planning process

-should implement a risk management model that links risk-taking activities to capital
consumption & performance evaluation at the business unit level & enterprise-wide
level.

Introducing ERM as an enhancement of already entrenched & well-accepted

processes in the enterprise, rather than a new, stand-alone process.

- it is easier to sell it as a normal management tool & integrate it into other

management procedures/tools.

Proceeding incrementally & leveraging early wins

-Most enterprises tend to proceed incrementally in implementing ERM.Are the

benefits of ERM pilot studies communicated to all the enterprise’s stakeholders?

Learning from experience

-Are reporting processes in place to capitalise on information from inside & outside
the enterprise? It is important for enterprises to develop organisational processes
that allow them to learn from their own as well as from the mistakes or best practices
of others.

BENEFITS OF ERM

Increased organisational effectiveness

-by appointing a chief risk officer who will provide the top-down coordination
necessary to make these various functions work efficiently.
Better risk reporting

-ERM provides a risk-reporting framework that focuses on the generation of risk

management information that provides an enterprise-wide perspective on aggregate
losses, policy exception, risk incidents, key exposures & early warning indicators.

Improved business performance

-ERM enables enterprises to adopt a portfolio view of all risks, manage the
interdependencies between risk, capital & profitably & rationalise the risk transfer
strategies of the enterprise. These efforts support key management decisions such
as capital allocation, product development & pricing, & mergers & acquisitions,
which, in turn, lead to lower earnings volatility, increased earnings, reduced losses &
enhancement of shareholder value.ERM is integral to the achievement of the value-
creating objectives of the enterprise & the successful execution of its strategies.

A PROPOSED FRAMEWORK FOR IMPLEMENTING ERM

-ERM implementation efforts differ from one enterprise to the next.

-was proposed by a consulting firm, Arthur Andersen

-Business risk management process

BRMP

Establish business risk management process

-Setting clear goals & objectives

-Establishing a common language for all business risks

-Setting up a structure to oversee responsibility for business risk management

throughout the enterprise.

-Risk management policies

Assess business risks

-Identifying & communicating the top risks currently faced by the enterprise

-Identifying the risks attached to intangible assets crucial to value creation

-determining the root causes of the identified risk

-setting time horizons for the development of risk maps

-conducting stress tests, simulations & scenario planning for critical risks

Formulate risk management strategies

-Risk management strategies may comprise avoiding, reducing, transferring,

retaining & exploiting risk. The strategy to be followed will be dictated by the type of
risk, its significance & likelihood & the capabilities & risk appetite of the enterprise.

Strategies should be aligned with the goals & objectives of the enterprise. They
should provide practical, executable solutions that will enable the enterprise to take
appropriate risks.

Design & implement risk management capabilities

-By establishing a proper risk management infrastructure. This entails the integration
of processes, people, management reports, methodogies & systems & data, with the
purpose of delivering the desired outcomes. Risk management should be an integral
part of everyone’s job & online resources should be upgraded continuously to
provide guidance on risk management.

Monitor performance

-This entails comparing actual to expected outcomes, performance to performance

benchmarking & considering feedback from the market. It is important to establish
the reasons for failures, successes & near misses & relate these to specific
capabilities.

Continuously improve risk management capabilities

-An enterprise should endeavour to instil a culture that challenges the status quo.

Provide information for decision making

-Relevant & reliable information is essential for the efficient management of risk. It is
vital to establish a common set of processes that will lay the foundation for defining ,
organising & reporting information that is relevant across business units & the
enterprise as an entity.