Enterprise risk management and other risk management approaches
Traditional risk management approaches are focused on protecting the tangible assets reported on a company’s balance sheet and the related contractual rights and obligations.
The emphasis of ERM, however, is on enhancing business strategy. The scope and application of ERM is much broader than protecting physical and financial assets. With an ERM approach, the scope of management of risks is enterprisewide and its application is targeted to enhancing as well as protecting the unique combination of tangible and intangible assets comprising the organization’s business model.
This point of view is consistent with COSO’s assertion that ERM is applied both across the enterprise and in strategy-setting.
With market capitalizations often significantly exceeding historical balance sheet values, the application of risk management to intangible assets is critically important.
Just as potential future events can affect the value of tangible physical and financial assets, so, too, can they affect the value of key intangible assets, e.g., customer assets, employee/supplier assets and organizational assets such as the entity’s distinctive brands, differentiating strategies, innovative processes and proprietary systems.
This is the essence of what ERM contributes to the organization the elevation of risk management to a strategic level by broadening its application to ALL sources of value, not just physical and financial ones.
The five broad categories of assets representing sources of value, and examples within each category, are illustrated below:
Employee supplier Assets:
These five asset categories include sources of value underlying an organization’s business strategy. By placing the emphasis on strategy-setting, ERM transitions risk management from a discipline of avoiding and hedging bets to a differentiating skill for enhancing and protecting enterprise value as management seeks to make the best bets in the pursuit of new opportunities for growth and returns.
ERM invigorates opportunity seeking behavior by helping managers become confident in their understanding of the risks and in the capabilities at hand within the organization to manage those risks.
The risk assessment process can lead to more comprehensive risk responses when management identifies potential future events that could affect each category of assets critical to the execution of the enterprise’s business model. The list below illustrates categories of potential future events that might be considered during a risk assessment:
• Unauthorized use
• Inefficient use
• Catastrophic loss
• Unacceptable costs
• Pervasive quality failures
• Significant loss of key customer or channels
• Inefficient channels
• Loss of market of market opportunities
• Ineffective alliances
• Poor economic performance
• Lack of economic sources debt or equity capital
• Unacceptable losses
• Unexpected losses
• Insufficient liquidity
• Inefficient use
Employee supplier Assets:
• Talent shortages
• Work stoppages
• Loss of morale
• Poor supplier performance
• Excessive costs and lead times
• Poor quality
• Ineffective partnerships
An enterprise’s sources of value, whether tangible or intangible, are inherent in its business model. They are affected by sources of uncertainty which must be understood and managed as an organization works to achieve its performance objectives.
They may be external or internal. For example, environment risks are uncertainties arising in the external environment affecting the viability of the enterprise’s business model.
Process risks are uncertainties affecting the execution of the business model, and therefore often ariseinternally within the organization’s business processes. Because inadequate knowledge and information breeds more uncertainty, information for decision-making risks are uncertainties affecting the relevance and reliability of information supporting management’s decisions to protect and enhance enterprise value.
These three broad categories provide the basis for understanding the sources of uncertainty in any business.:
- Information for decision-making
These risk categories include many subcategories of potential future events which could become the focal point for assessing risk and formulating appropriate risk responses.
In summary, uncertainty about the future creates risk and ERM broadens the focus of risk management to all significant sources of enterprise value.
By understanding the key external and internal variables contributing to uncertainty in a business and monitoring trends in those variables over time, management can more effectively run the business and realize the potential of the enterprise’s business model.
An underlying principle in strategy-setting further illustrates this context: The greater the dispersion of possible future events or outcomes, the higher the organization’s level of exposure to uncertain returns. An organization’s sensitivity to risk is a function of:
1. The significance of its exposures to change and future events. 2. The likelihood of those changes and future events occurring 3. Its ability to manage the business implications should any combination of those possible future changes and events occur.
The organization’s ERM infrastructure facilitates the advancement of risk management capabilities to provide better knowledge and information about the enterprise’s key variables (or risks) and its capabilities around managing the effects of changes in those variables (or risks).
Enterprise risk management approach has a difference with traditional risk management approaches.