Successful companies position on ERM
We would expect that successful companies are applying many aspects of ERM infrastructure. It is indeed difficult to succeed without identifying, formally assessing, responding to, controlling and monitoring risk.
However, we suggest that few companies on the planet can say with certainty that their risk management practices need no further improvement. The message is not about what successful companies are currently doing, but about what companies should do to enhance or improve their risk management capabilities as the operating environment changes. The COSO framework provides criteria by which companies can evaluate their risk management practices.
Businesses including successful companies have always faced a variety of risks, but these are times when the pace of change and the resulting consequences to a business seem to be greater than ever. Some examples:
• Globalization has increased exposure to international events. Rarely do country borders insulate companies from such events. The price of energy is a case in point.
• The need for increased efficiency, innovation and differentiation, while always relevant, has escalated in importance as companies seek new ways to differentiate themselves.
• While competitor risk continues to be a priority, the cost of strategic error is rising in the global marketplace. Financial markets are more volatile than ever. Obsolete business models create a losing hand in the game. And, even if the business model is the right one to establish sustainable advantage, it is a winner only if the organization is able to execute it effectively.
• Understanding and responding to customer wants remains the key in this demanding era of increasingly focused niche markets. Failure to keep pace can result in rapid erosion of market share.
• Outsourcing has become so commonplace, questions arise about clarifying the retention and transfer of risk.
• Unfortunately, we now know the unthinkable can happen. The events of September 11, 2001 have changed how we think about business interruption risk.
• Due to the highly publicized public reporting fiascos and high demands on certifying officers, financial reporting is now a significant risk area as companies focus on the sustainability of their disclosure process and internal control structure.
• Today, these and other risks are driving a continually changing risk profile that not only has financial implications, but also strategic and operational impacts. As executives examine the risks their companies face today, they will see a different profile than what they saw even a few years ago. And, more importantly, they can expect to see even different risks just a few years from now. That is why an enterprise risk assessment process is so critical.
It all comes down to this: It isn’t the strongest or the smartest that will survive and prosper in the global economy it’s the organizations that can best adapt to change. As markets and customers change, business models change.
As the competitive landscape changes, business strategies change. Furthermore, unless the ERM implementation is tightly linked to the assessment and formulation of business strategy, it is not realizing its full potential. That is why even companies that have achieved excellence in risk management should periodically evaluate the effectiveness of their risk management capabilities.
Successful companies requires management to review internal audit role to ensure efficiency.