Enterprise Risk Management (ERM) is increasingly important for organisations of all sizes. We live in an age of change, ambiguity and uncertainty which requires that more than ever, risks to the achievement of objectives must be forefront in the minds of everyone, from the boardroom to frontline staff.
Implementing a comprehensive approach to ERM will result in an organisation reducing the downside of risk and benefiting from the ‘upside of risk’.
Why ERM is not properly understood
A board for example, can misunderstand the risks associated with an investment opportunity which results in a financial loss of millions of dollars. Provided they acted in good faith and within the law, the worst that might happen is reputational damage and possibly losing their positions.
At the other end of the spectrum is a fatality in the workplace or significant damage to the environment. If the board cannot prove they have applied the specific requirements applicable to the management of safety and environmental risk, they could face court and a prison term.
While in certain circumstances it is a good strategy to accept risk as part of a risk and reward proposition, in other circumstances adopting that approach would draw serious attention from regulators.
Options also exist to adopt strategies to transfer risk from time to time, but at other times, no matter how much you would like to transfer risk, laws, regulations and contracts specifically prevent any risk transfer.
This is why we say that a proper understanding of ERM is required to ensure that not only do you manage and control risk within your organisations risk appetite and tolerances, but that you also meet your legal and regulatory obligations and have a defensible position in the event particular risk events occur.
What questions should be asked?
Accountable people in organisations including directors, executives, general managers and those in specific roles should be asking themselves:
- Are we engaging in ERM or just risk management?
- Are we applying the right approach to the right categories of risk?
- What role is ethics playing in our risk management approach?
- How embedded is risk in our organisational culture and decision making?
- Am I confident that my organisation has met its obligations across all categories of risk?
What does ERM look like?
ERM in different organisations will look similar but different. Most of the categories of risk will apply in every organisation but to differing levels and extents. Our ERM overview is designed to set out the full elements of ERM.
ERM done well – driving value in every business
Only through assured risk management can organisations take advantage of the Risk / Reward proposition.
A properly implemented ‘Three lines of Defence’ approach is key to embedding risk management into the psyche of an organisation.
i3 Australia is continually looking to challenge conventional thinking about risk management.
Risks can only be successfully dialled up to achieve higher returns if an organisation’s risk management is mature and embedded at every level of the business.
Next steps…
Contact us to discuss how ERM properly implemented in your organisation can be a key driver of performance and help support innovation, growth and sustainability.