The requirement for appropriate enterprise risk management (ERM) techniques continues to grow.
The recently passed Dodd-Frank law calls for a Risk Committee to be established by all public, nonbank financial companies, as well as larger public bank holding companies. Supervised by the Board of Governors of the Federal Reserve, the Risk Committee will be held responsible for enterprisewide risk management oversight and practices. Additionally, ERM is a central focus for many organizations outside of the financial sector looking to mitigate risks in today’s volatile economic climate.
“All organizations face uncertainty; the challenge for management is to determine how much uncertainty to accept,” says James P. Martin, CMA, CIA, CFE, managing director of Cendrowski Corporate Advisors LLC. “Uncertainty brings both risk and opportunity, with the potential to enhance or erode value. A robust ERM process helps the organization ready itself to make the most of the opportunity while appropriately managing the downside of relevant risky events.”
Smart Business spoke with Martin about how companies can establish effective ERM processes and the benefits of such processes to organizations.
How can an effective ERM process benefit an organization?
In short, effective ERM processes help the organization respond to the constantly changing business environment. More specifically, ERM helps organizations quickly perceive changes in their environments, analyze these changes, develop a plan for response and execute this plan. Through identification and planning, organizations will improve their resilience to changes in their environment by viewing the realization of risky events as opportunities for shareholder value creation rather than degradation: If an organization is able to successfully mitigate risky events and capitalize on opportunities presented by change, it will tend to be more successful than those organizations that are not prepared.
On what areas of risk should organizations focus?
Risk is really a continuum across the business environment, but for simplicity, there are generally four main areas that must be considered: strategic, operational, process and compliance risks. The latter element is a key thrust of the recently passed Dodd-Frank law.
In brief, strategic risks describe those associated with the organization’s plan to create shareholder value, including its chosen risk/reward appetite. Operational risks are those that relate to the design of processes intended to carry out the organization’s strategy; process risks are presented by the day-to-day operations of the organization; and lastly, compliance risks describe risks associated with an organization’s failure to comply with federal, state, and local laws and regulations.