Enterprise risk management – refers to the new strategic process of structured identification and evaluation of all the risks and opportunities of the enterprise, determination of appropriate ways of managing and controlling such risks, and monitoring of this risk management process.
History of risk management
The origin of risk management as a role with a company is attributed to Fayol who is regarded as a father of management. In his 1916 article he proposed 6 functions of management which included a security function. The security function was associated with protection of people and property. The current risk management function is much more comprehensive but Fayol’s security function was a first glimpse of the current ERM function. The importance of a proper risk management function was acknowledged in 1960s in USA and thereafter spread around the world.
The term “risk management” was formally used only from the 1950s. Initially, the risk management function was closely associated with insurance. This slowed down the development of the function. The first book on risk management was entitled “Risk management in the business enterprise” was written by Robert I Mehr.
ERM and culture
Enterprise risk management incorporates risk awareness into the culture of the organization. The risk culture of the organization significantly contributes to the success of the ERM. Employees need to see risk as an integral variable which needs to be managed, controlled and monitored. Each employee needs to understand their role in the risk management of the enterprise. Leadership support of the importance of risk management significantly contributes to adequate risk management culture.
ERM uses advances in technology for management of risk.
Enterprise-wide in the enterprise-wide risk management refers to the elimination of barriers between functions, departments and other groupings within the organization.
Risk management infrastructure & Risk management capabilities – To ensure effective enterprise risk management processes, organizations need to establish an adequate set of risk management capabilities. Risk management capabilities refer to the abilities of an organization that allow it to undertake effective risk management processes. It includes abilities which allow for identification, measurement, management and monitoring of risks.
An appropriate set of risk management capabilities allows the organization to have a clear understanding of how their risk management decisions affect the bottom line and long term wealth maximization of the shareholders, which is the ultimate objective of the enterprise.
If an evaluation established that additional risk management capabilities are required, it is important to undertake cost-benefit analyses to ensure that the cost of additional risk management capabilities will be more than offset by the benefits that it will bring.
Certain risk capabilities which are adequate in one company to manage specific risk may be inadequate for another company which attempts to manage the same risk. Each organization must select risk management capabilities suitable to its particular individual needs, based on the particular risk exposure.
Risk management process monitoring and adjustment
The existing business environment is very turbulent. Risk exposures and factors affecting risks may alter all the time. Therefore, ongoing risk monitoring and adjustment of risk management strategies become an increasingly important step in the enterprise risk management process.
An organization needs to gain a good understanding of the risk management process. The main goal of the risk management monitoring process is to assess how effective the process is.
Why risk monitoring is important?
The main goal of risk management monitoring is to determine effectiveness of the enterprise’s risk management process. If the risk management process is not adequately monitored, shortcomings of the process may negatively affect achievement of the strategic objectives of the enterprise.
Ongoing monitoring of the performance of the risk management process and risk management environment leads to continuous improvement of the entire enterprise risk management process.
To monitor risk management performance, risk management performance standards should be established against which performance can be measured. Such standards may include areas such as time tables within which certain goals should be achieved, budgets and specific areas of enterprise’s performance which is vital for organizational success. After performance standards are established, they must be monitored on an ongoing basis.