Effective Enterprise Risk Management ≠ Bureaucracy
How to implement a simple, effective ERM process.March 3, 2011
by Bonnie Hancock
Now that we have completed a U.S. Securities and Exchange Commission (SEC) filing season with the new proxy rules requiring disclosure of the board's role in the organization's risk management process, many management teams are facing increasing demands from board members for more robust reporting and discussion of the risks the organization faces and the steps management is taking to respond to those risks. Even in organizations not subject to SEC reporting requirements, board members are showing an increased interest in risk-related issues. While some are wondering whether cumbersome, non-value-adding new processes will need to be adopted in order to satisfy demands from board members and other stakeholders, many companies have found that they can put in place effective processes for managing risks on an enterprise-wide basis that will improve strategic decision-making and support the achievement of organizational objectives. In order for enterprise risk management (ERM) to be seen as value-adding however, the board and senior executives of an organization must set the appropriate tone for an open dialogue about the risks an organization faces, its appetite for those risks and its plans for managing them.
Having an effective ERM process does not mean you must produce myriad checklists, models and dashboards. This misperception that ERM is a very complex process that involves a tremendous amount of resources and can be a potential source of bureaucracy has been an impediment to ERM implementation in many organizations. In fact, an over-reliance on models and quantitative risk measures and reports has been cited as a contributing factor to the failure of risk management processes in some organization. And when the credit rating agency, Standard & Poor's (S&P) began assessing ERM practices within the companies it rates, its initial focus was on the rated company's risk management culture and strategic risk management, good places for an organization to begin implementation of an ERM process. As ERM assessments have become a part of the credit rating process, S&P has explicitly recognized that ERM will not look the same at all organizations and has been open-minded about the form of the risk-management structure.
ERM should be implemented in the way that works best for your organization to provide the information needed for management and the board to make better, more risk-informed, strategic decisions. Proponents of ERM stress that the goal of effective ERM is not to lower risk. Rather, ERM is designed to manage risks more effectively on an enterprise-wide, holistic basis so that stakeholder value is preserved and grows over time. In other words, ERM allows management and the board to appropriately weigh risks against potential rewards.
Implementing Effective ERM Processes
Many organizations are starting to consider implementing ERM or are in the beginning stages of implantation of an ERM process. The following are some keys to implementing an effective ERM process based upon "lessons learned" at organizations that have successfully implemented ERM:
Increasingly organizations are realizing that their current processes are inadequate to manage the complexities of the global business environment. Managing risks informally or on an ad hoc basis may no longer be acceptable given the increased expectations for effective risk management processes being placed on senior managers and their boards. Adoption of ERM can address emerging expectations for improved risk management in a way that can also add value by improving risk awareness within the organization and focusing attention on the risk/reward relationship. Effective ERM implementation can start very simply, with a candid conversation about the risks the organization faces in pursuit of value.
Rate this article 5 (excellent) to 1 (poor). Send your responses here.
Bonnie Hancock is the executive director of the Enterprise Risk Management (ERM) Initiative and is also a lecturer in accounting at NC State's College of Management. She has served as president of Exploris and at Progress Energy, as well as being a president of Progress Fuels (a Progress Energy subsidiary with over $1 billion in assets), senior vice president of finance and information technology, vice president of strategy and vice president of accounting and controller. Hancock brings unique insights on boards and executive management as well as practical perspectives on managing risk across increasingly complex global enterprises. Her teaching focuses on financial management and business valuation.