Enterprise Risk Management

Enterprise Risk Management (ERM) is increasingly important for organisations of all sizes. We live in an age of change, ambiguity and uncertainty which requires that more than ever, risks to the achievement of objectives must be forefront in the minds of everyone, from the boardroom to front line staff.

Recent events, including the banking royal commission in Australia have highlighted that risk is not always seen as a value driver and is not always embedded into decision making.

ERM enables an organisation to consider the potential impact of all types of risks in relation to strategy, processes, people, systems, activities, stakeholders, products and services.

Implementing a comprehensive approach to ERM will result in an organisation reducing the downside of risk and benefiting from the ‘upside of risk’.

Brisbane Enterprise Risk Management Montage

Why ERM is not properly understood

Enterprise Risk Management Blocks Image
ERM is, in our view, a misunderstood concept. There is a view in many circles that a single approach can be applied to risk management which is just not true.

ERM in reality encompasses many categories of risk, many of which have specific legal or regulatory requirements that must be applied.

A board for example, can misunderstand the risks associated with an investment opportunity which results in a financial loss of millions of dollars. Provided they acted in good faith and within the law, the worst that might happen is reputational damage and possibly losing their positions.

At the other end of the spectrum is a fatality in the workplace or significant damage to the environment. If the board cannot prove they have applied the specific requirements applicable to the management of safety and environmental risk, they could face court and a prison term.

While in certain circumstances it is a good strategy to accept risk as part of a risk and reward proposition, in other circumstances adopting that approach would draw serious attention from regulators.

Options also exist to adopt strategies to transfer risk from time to time, but at other times, no matter how much you would like to transfer risk, laws, regulations and contracts specifically prevent any risk transfer.

This is why we say that a proper understanding of ERM is required to ensure that not only do you manage and control risk within your organisations risk appetite and tolerances, but that you also meet your legal and regulatory obligations and have a defensible position in the event particular risk events occur.

Question Mark

What questions should be asked?

Accountable people in organisations including directors, executives, general managers and those in specific roles should be asking themselves:

  • Are we engaging in ERM or just risk management?
  • Are we applying the right approach to the right categories of risk?
  • What role is ethics playing in our risk management approach?
  • How embedded is risk in our organisational culture and decision making?
  • Am I confident that my organisation has met its obligations across all categories of risk?

What does ERM look like?

ERM in different organisations will look similar but different. Most of the categories of risk will apply in every organisation but to differing levels and extents. Our ERM overview is designed to set out the full elements of ERM.

Enterprise Risk Management Framework

ERM done well – driving value in every business

When setting out to improve risk management performance, the expected benefits of ERM should be established in advance.

The outputs from successful risk management include compliance, assurance and enhanced decision-making. These outputs will provide benefits by way of improvements in operational efficiency and effectiveness, change management, business resilience and the strategy of the organisation.

Only through assured risk management can organisations take advantage of the Risk / Reward proposition.

A properly implemented ‘Three lines of Defence’ approach is key to embedding risk management into the psyche of an organisation.

i3 Australia is continually looking to challenge conventional thinking about risk management.

Enterprise Risk Management Dial Machine

Risks can only be successfully dialled up to achieve higher returns if an organisation’s risk management is mature and embedded at every level of the business.

Next steps…

Contact us to discuss how ERM properly implemented in your organisation can be a key driver of performance and help support innovation, growth and sustainability.

Get in touch