Why I first got excited about ERM.

OVERVIEW OF ENTERPRISE RISK MANAGEMENT

Enterprise risk management is a great, great process. I could not say more about it.

Mario Pilozzi, Wal-Mart Canada Chief Operating Officer.

Enterprise risk management is an iterative and disciplined process that can take many forms but often follows the flow identified in Figure 2. The key steps in the process include setting objectives, identifying risks, assessing risks, acting upon these assessments, and monitoring.  An unfeigned approach to managing risk first requires the identification of the objectives. The objectives can be the company’s strategic objectives if enterprise risk management is being applied to the company as a whole. Alternatively, the objectives can be a department’s objectives or a new project’s objectives (where enterprise risk management is being applied to either of these individually). For example, FirstEnergy Corporation used enterprise risk management to identify and manage risks around a new e-business initiative, as well as to identify and manage risks of the entire organization.

Management that approaches each day or project not knowing what objectives they are trying to achieve can usually only offer a shallow repartee when asked by board members, “How is the company performing?” or “Are we meeting our goals?” One of the early lessons companies glean from enterprise risk management is that many layers of the company (including senior management, operating managers and regular employees) do not know or understand the objectives of the organization and how the objectives relate to their daily job and tasks. Enterprise risk management forces companies to identify and focus on the organization’s objectives. Risks are defined broadly to include any event or action that will prevent the organization from achieving its objectives. Enterprise risk management reinforces priorities to everyone involved, and ultimately to the risks surrounding those priorities. Knowing the priorities and the risks is essential to creating value for the stakeholders and to managing the company successfully.

From our first book on ERM (Making Enterprise Wide Risk Management Pay Off).