Enterprise Wide Risk Management also known as organizational wide risk management is a strategic process that assists firms and companies to identify, measure and control the overall business risks and seize opportunities that a business organization may come across in its trading activities in order to achieve its objectives. This is a value generating process that assists business organization to evaluate their risk control process while it continues to create value.
Enterprise wide risk management is a tool that guides business organizations design and implement an incorporated risk management process in the organization. It helps business organizations to take advantage of growth opportunities, avoidance and control of risks and the overall organization growth with utmost confidence. This process is moved towards solving the problem of risk across the business organization in a well structured and integrated manner.
This process involves every stakeholder in the business organization. This risk management process takes into consideration all areas of the business ranging from strategic planning to actual operations of the business. It considers a balanced wide risk consideration in all areas to obtain the highest achievable level of shareholders value and customer satisfaction possible. The adoption of organizational wide risk management approach necessitates that every employee in the organization understands and gives risk management the attention it deserves. It inflicts a sense of discipline, structure, process and a higher level of organization integration and this ensures that all risks are solved systematically and with continued risk review process.
Enterprise wide risk management provides a structured ways of managing risks by identifying certain events or circumstances which are in accordance with the organizations goals and objectives, assessing these risks and opportunities in terms of their likelihood of occurrence, and the extent of their impact. It also involves establishing of corrective response strategy and way of monitoring the progress. A business organization that has a capacity to identify and practically address the issue of risks and opportunities, has the ability to protect and create value for its shareholders, customers, workers, regulators and the society at large (Risk Management Committee May 2003 ).
Enterprise wide risk management as a risk based approach to running a business organization involves the incorporation of aspects such as strategic planning, internal control and operations management. The process involves the need for various business organizations’ stakeholders to understand all the risks facing large business organizations in their management. An organization with a well organized risk management process is always well rated by debt rating agencies and regulators as credit worthy.
Enterprise wide risk management is based on various framework which tries to explain important approaches for identifying, analyzing, responding and effective monitoring of risks and opportunities that may arise either in the internal and the external business environments exposed to any organization. The business organization adopting enterprise wide risk management strategy identifies a risk analyzes it and selects an appropriate risk response strategy for that specific risk.
The response strategy may include avoiding or departing of the activities causing the risk, developing ways to reduce the likelihood or lowering the impact related to the occurrence of the risk, insuring the risk with an insurance company such that in case of the occurrence of the risk, the insurance company compensates or sharing of the risk in order to lower its impact. The firm can also decide to take no action if the cost/benefit decision proves the benefits will be more than the cost of the risk. Risk monitoring is constantly done by the management as one of its internal control activities.
These activities include the review of analytical reports from experts, management committee meetings deliberations with relevant experts in an effort to clearly understand on the way the risk response strategy is working towards achievement of the organizations objectives.
It is evident today that enterprise wide risk management as an assurance tool is increasingly being mandated as either principle or requirement within the developed markets and economies. It’s very clear that business organizations are now acknowledging the use of enterprise wide risk management as an important management issue. This can be confirmed through the seriousness assigned to risk management policies in business organizations and the resources dedicated by organizations in their efforts to building an efficient wide risk management strategy.
Researches done recently in various firms have shown that the responsibility of risk management policies revolves around the top executive organs of any business organization; either with the chief risk officer or the chief financial officer are in charge of the enterprise wide risk management. This officer reports directly to the chief executive officer. The officers concerned with enterprise wide risk management are mandated to develop a risk profile for the organization that matches the firms’ risk desire. They are responsible for developing skills, improving them, and formulating means and processes for evaluating risks and considering various actions to contain these risks.
Business corporations are today very active in enhancing their enterprise wide risk management tools and capabilities that will assist them specifically check and manage enterprise wide risk. These tools are designed primarily to assist management identify and measure risks so as to make good decisions. Through the use of enterprise wide risk management strategies, business organizations are now able to assess, manage, fund and examine risks from all probable areas with an aim of increasing the firms short and long term returns to its stakeholders. Business organizations do consider risk types such as;
- Hazard risk which includes such risks as assets damage, natural disaster and liability torts
- Financial risks which include such risks as liquidity risks, price fluctuations, and currency risks
- Operational risks which include customers’ dissatisfaction, product failure, loss of company’s integrity and declining reputation
- Strategic risks which includes stiff competition, lack of enough capital and poor social trends.
Upon identification of these risks, the business organization has to formulate ways and means to manage these risks. The management process may involve processes such as;
- Establishing the context: This is where the organization first establishes the current operational conditions in which the business operates in regard to its internal, external and risk management context.
- Once the risk is identified, the organization needs to identify the material threats that can affect the business ability to achieve its objectives as well as taking into account areas where the firm can venture for competitive advantage.
- The organization should quantify the risk by adjusting it either by developing probability distributions outcomes for each risk.
- The risks should be integrated by aggregating all risk distributions that are connected with a collection of effects and assessing their impact on the organizations performance and achievements.
- Once the effects of the risk are assessed, the organization should determine the contribution of each risk to the total risk summary and accord each of them the appropriate priority.
- The organization should therefore come up with strategies aimed at controlling and exploiting the risks and,
- Constant monitoring and reviewing of the risks through continued measurements of the risks and the effectiveness of the risk management strategies.
Most business organizations are increasingly inculcating enterprise wide risk management strategies in their business corporate culture as a way of reducing and managing risks. Since enterprise wide risk management is the culture, process and tools that assists organizations in minimizing uncertainties and identifying strategic opportunities, the firms can incorporate these strategies in their operations by employing the Risk maturity Model (RMM) for Enterprise Risk Management. Business organizations can use various approaches in their efforts to incorporating enterprise risk management in their operations.
The organization should establish a high degree of managerial support for an enterprise based approach within its corporate culture. This entails regulatory compliance in all its functions, operational lines, roles and geographical operational boundaries, coordination of its audit, information technology, control and administration of risks. The organization can also integrate these risk management strategies as a process management in order to be able to identify, evaluate and analyze qualitative and quantitative methods of assessing risks and acquiring opportunities (Risk Management Committee May 2003.)
The organization can also use these strategies in enhancing its risk understanding capacity, risk tradeoffs in the organization and the extent of accountability within its management policy regarding perceived and the actual risk. It can also assist the management draw boundaries between acceptable risks and the extent of tolerance the management can accept regarding a particular risk (Enterprise Risk Management Committee May 2003).
In a bid for business organizations to uphold a high degree of discipline in efforts of assessing the root cause of a problem and its binding events with an aim to reducing uncertainty, gathering of information and assessment of the controls’ effectiveness, the business organization must adopt and exercise Enterprise Wide Risk management concepts. With these strategies, the risks from internal and external environments as well as from systems, processes and relationships are taken care of. The risk management policies also assist the organization in assessing the degree of quality and extent of coverage of risk evaluation activities in articulating risks and opportunities.
It involves the use of collective know-how from experts and other sources of information to expose the interrelationship of various departments within the organization. Most business organizations do employ these management policies and strategies to evaluate their degree of revelation to uncertainty and probable divergence from the expected objectives or plans. The adoption and use of the enterprise wide risk management policy helps the organization’s management to evaluate the extent of the business flexibility and sustainability. It shows the extent to which the risk management aspect is incorporated into business operational planning.
Enterprise wide risk management practices incorporate and address aspects of business culture in areas like distribution, supply sequence disturbances, frequent price changes, cash flow problems and business liquidity ratio preferences.
Each business organization has its unique ways of controlling risks. Some have various specialized units or functions that recognize and controls a particular kind of risk. These risk departments differ in their capabilities and the way they relate with other risk departments. Those business enterprises that employ the principles of Enterprise Wide Risk Management have the ability to coordinate and improve the capabilities of all the risk functions while still integrating the output into a combined picture of risks for the owners as well as improving the business ability to contain the risks to a manageable level effectively.
There are various functions in large business organization that can effectively participate in Enterprise Wide Risk Management programs. These functions include, the strategic planning function which deals with identification of risks from external business environment and competitive opportunities together with formulating ways to address them, the marketing function which deals with identification of the target customers and to ensure that products are tailored to meet the specification of the customers, the compliance and ethics function that deals with monitoring of compliance with the expected code of behaviors and conduct of employees as well as investigating fraud cases.
Accounting functions deals with identification of financial risk cases, insurance functions deals with issues relating to insurance coverage of the organization, Operational management function which deals with the day to day functioning of the organization and that any conflict is well resolved and customer service function which ascertain that customer complaints are well handled and amicably resolved among others.
Risk management process is increasingly being mandated as a requirement within developed market economies. This is because business organizations have realized that risk is an essential part of any business enterprise. They have also understood that if risk is well managed, it can resorts to organizations’ growth and identification of opportunities. Small and young business organizations may consider adoption and use of the Enterprise Wide Risk Management policies too expensive to afford.
This in practice should not be the case. The benefits are far too much than the cost. The cost/benefit ratio is too small. In these times of stiff business competition, business organizations must reconsider their operational practices to adopt those practices that minimize risks while maximizing profits to the shareholders, as well as being compliance with corporate social responsibilities (Risk Management Committee May 2003)
Enterprise Risk Management Committee (2003). Overview of Enterprise Risk Management. Casualty Actuarial Society. pp. p.8. Web.
Enterprise Risk Management Committee (2003). Overview of Enterprise Risk Management. Casualty Actuarial Society. pp. pp.11–13. Web.