governance risk compliance

Creating Profitable Advantages from Enterprise Risk Management

It can’t be simply a coincidence that only a few companies are managing their enterprise risk management well. To understand the level of risk to an enterprise, one can take it in the form of an iceberg that remains apparently visible for a considerable time before they actually hit a large ship (in this case the company). However, if it is ignored for too long, no one knows how strong its impact would be because the majority of risk is invisible to the eye and remains deep within the surface of water. Thus, it is very important to take immediate actions whenever there is any sign of enterprise risk.

Whereas the large ships have developed a series of formidable countermeasures to tackle the menace of icebergs, the modern, big companies are still to develop such foolproof measures against the enterprise risks. Though most of the large companies do have personnel constantly looking out for potential risks, the main problem lingers around somewhere else. Apparently, a typical organization is full of various levels of lookouts, but the problems is not that much in the detection of risk  as it is in deciphering the meaning and value of various potential risk situations.

There could be several different types of risks for an organization that may include but not limited to:

• Strategic risks
• Regulatory risks
• Safety risks
• Operational risks
• Insurance risks
• Auditing risks
• Capital risks

As each of these types requires different types of expertise, usually, they are managed under independent silos of enterprise risk management.

But the problem here is a lack of common framework in organizations that can interpret lookout information efficiently. Various risk managers of an organization are rarely required to communicate with each other around a common framework, while working in their respective silos. This situation further gets deteriorated by the absence of data list requires for assessing the extent of the risks. The data list may include some very common things, like:

What information is there to recognize a risk?

• What will be its impact, if it hits?
• Are their any actions through which it can be mitigated or at least avoided?
• What would be the cost of countermeasures?

It is observed that the separate risk silos collect their data separately in different formats of communication and then try to analyze them in separate meetings. This makes it very complicated for the business heads to compile all the data from different silos into one format that can be understood clearly. To add some more confusion to the situation that is already marred with several complications, sometimes same risks are reported by different silos in different formats.

So, the solutions to all these problems lie in the following measures:

Make all the experts of enterprise risk management communicate frequently with one another.

• All types of risks should be made to gather similar data for easier manipulation.
• All the collected data should be available in a single universal framework

A carefully conceived enterprise risk management is capable to create a single universal framework by using its tools of reporting and collaboration. However, it is very rare to see an organization opting away from the same old approach of working through the spreadsheets.