Kick-starting enterprise risk management

Many companies recognize the need to establish an integrated program that will make it easier for them to identify risks and anticipate important barriers to reaching goals. They are less sure, however, of how to develop such a program.

Here are some top issues to keep in mind.

Establish a conceptual framework
The best starting point for a comprehensive risk management program involves developing a conceptual framework that will identify the full range of risks. If a company has a burning need in a specific area — such as HR — it must address it immediately.

But before devoting too many resources — people, capital or technology — to any particular area, the company should develop an overview that highlights the most serious risks and allocates resources accordingly. This process, which requires a team effort, will have a side benefit of rallying the work force around a common goal.

Speak the same risk language
It’s important to facilitate communication across functions, divisions and business units, as well as vertically among management levels. When communication is ineffective and roles are unclear, risk management falls through the cracks and people may duplicate efforts. A common language is also important for communicating consistently to both internal and external audiences.

Adopt a process view
It’s important to avoid thinking in narrow, departmental or functional silos. Take Customer Relationship Management as an example. Employees involved in back-office functions like production or billing may not see how their work touches the customer and may eschew monitoring.

In other departments, there may be overzealous monitoring with excessive customer surveying. It’s important to appoint an overall process owner to accept responsibility for managing risks of a given process and to create a balanced monitoring effort.

Establish a framework tailored for your organization
Effective risk management requires establishing objectives and identifying significant exposures. Companies can then prioritize and measure potential impacts on the organization. While frameworks exist, it’s best to create a customized road map that will guide you to address the business risks facing your organization.

Balance control with empowerment
Regardless of the framework developed, managers and employees must believe they can contribute to managing risk rather than merely feeling inhibited by additional rules and structures.

Move to enterprise risk management (ERM)
ERM is a key strategy for improving the quality and relevance of information reaching executive decision-makers, thereby leading to improved corporate governance and company performance.

In addition, a more integrated approach to risk management allows companies to anticipate hazards earlier and more completely than their competitors, deploy resources to address the most critical risks and manage those risks at a lower cost than competitors, and open up new sources of revenue by taking on risks that intimidate competitors.

It’s likely that most businesses will strive for ERM. The Treadway Commission’s Committee of Sponsoring Organizations (COSO), which includes the American Institute of Certified Public Accountants, the American Accounting Association, Financial Executives International, Institute of Internal Auditors Inc. and the Institute of Management Accountants, will make that move easier when the scheduled December 2003 study and ERM framework are released.

Rick Julien ( [email protected]) an executive with consultants Crowe Chizek and Company LLC. Reach him at (630) 586-5280.