Enterprise Risk Management is a concept that involves a broadening of risk management responsibilities, the instilling of a risk management culture within the firm, and the idea of bringing to risk management the responsibility for some business risk in addition to pure risk.
Broadening of Responsibilities: all employees at every level are responsible for managing the risk they encounter every day; risk is no longer the domain of a single department. Employees on the line are the ones who spot the risk real time. We can’t wait for a committee to review the operations and pass down pronouncements. Action is often needed immediately, and all workers need to know when they see hazards, they need to take action.
Instilling a risk culture: companies embracing the ERM concept realize that with responsibility must be both control and permission. Employees are instructed that safety and loss control goals come from the very top of the company and that they will be praised rather than punished for bringing risk issues to the forefront (and possibly even slowing down production). The risk management culture permeates the core of the company in an ERM environment. All employees know management at the very top cares about safety; they in turn will care also.
Adding business risk: the ERM framework involves looking at “business risk” and seeing how it might interact with “pure risk” in order to create a more complete and all-encompassing management process. Pure risk (risk of damage to property, loss of data, or a D&O claim) has been the domain of the Risk Manager (reporting to the CFO); Business risk, on the other hand has been the domain of the business managers in sales, operations, financial and treasury, and consulting areas of companies. ERM argues for a merger of risk types and a more holistic view of risk management.
LicataRisk will work with clients on ERM programs, helping them achieve this integration process. This can be formal, in the manner of a report, manual, education and reporting to the board. This is for the largest companies. Smaller companies may want and need execution more than formality. In this kind of engagement, the principles remain the same, but the effort is concentrated in “getting it done.”
We can help you decide what you need and how to achieve it.