Enterprise Risk Management

Abstract

Modern businesses face a diverse set of risks and potential dangers. In the past, companies traditionally handled their risk exposures via each division managing its own business.Indeed, many large firms dealt with growth by assigning more and more responsibility to heads of individual business units, with the CEO and other top managers uninvolved in those daily operations. However, as companies grow and take on multiple divisions or business segments, this approach can lead to inefficiency and amplification or misrecognition of risk. In this case, each division of a firm becomes its own "silo." They are unable to see the risk exposures of other divisions, how their risk exposures interact with other units, and how different exposures across units interact as a whole. So, while a division manager may recognize potential risk, they may not realize (nor even be able to realize) the significance of that risk to other aspects of the business. ¨

Definition

Enterprise risk management (ERM) is a methodology that looks at risk management strategically from the perspective of the entire firm or organization. It is a top-down strategy that aims to identify, assess, and prepare for potential losses, dangers, hazards, and other potentials for harm that may interfere with an organization's operations and objectives and/or lead to losses. ERM takes a holistic approach and calls for management-level decision-making that may not necessarily make sense for an individual business unit or segment. It not only calls for corporations to identify all the risks they face and to decide which risks to manage actively (as other forms of risk management may), but it allows top managers to make executive decisions regarding risk management that may or may not be in the particular interest of a certain segment—but which optimizes for the firm as a whole. This is because risks can be siloed in individual business units that do not or cannot see the bigger risk picture. It also often involves making the risk plan of action available to all stakeholders as part of an annual report. Industries as varied as aviation, construction, public health, international development, energy, finance, and insurance all have shifted to utilize ERM . Two primary forces – global orientation and business complexity – provoked ERM into existence. In response, five aspects of risk have been increasingly addressed: strategy, accountability, identification, ranking, and mitigation. From the outset, ERM was intended and anticipated to rise in significance beyond the CFO to the top executive – and on into the boardroom – where it would join the highest strategic concerns. A new executive – Chief Risk Officer – was even christened to carry the ERM torch. ^[1]