Businesses often think of risk as something that they should be able to avoid, absorb or insure away. With the advent of Sarbanes-Oxley, Basel II, other regulatory requirements and the modern competitive marketplace, they can no longer afford to take that view. A proactive approach is now required to compete.
I'd like to shift a paradigm with this month's column. ERM has for some time meant enterprise risk management to most. I'd like to suggest that we refocus ERM to mean either excellent or effective risk management and avoid a term that for many has not brought real results. Yes, it is still enterprisewide in its application, but its real power is in its effective use.
To understand the power of effective risk management you must first understand the nature of risk. Risk can either work for you or against you. If handled properly, risk could actually be your ticket to high performance.
To handle risk well, it must be consistently understood. For clarity, a risk is uncertainty about a desired future event or outcome. The context of risk is essential to its effective management. Risk events are what provide that context for risk to be both understood and managed more specifically.
For example, a risk of not making your planned net income is not specific enough to be manageable without further context. One context for this risk might be an error in your forecast of the impact on sales of a key competitor.
A risk event can be broadly defined as anything that could affect the achievement of your objectives. In other words, risk events are those things that shape the distribution curve of your desired event or outcome. Thus, risk includes all the risk events that affect performance, including those things that could produce a positive impact or outcome.
Another way to look at this concept is to see risk as the life-blood of your company or organization--the essential element needed to sustain and grow your organization.
After all, there is absolute truth to the adage "no risk no reward." We see it today in investment risk when we realize the paltry returns available on Treasury bonds, ostensibly little to no interest. To eliminate risk would ultimately lead your organization to ruin. Therefore, we must learn to work with and exploit risk to the ultimate advantage of your organization's results. You do that through a balanced approach that requires that you clearly articulate and understand your appetite for risk and use risk tolerances to manage to that aggregate appetite. To do so requires that these concepts are well understood across your organization and that all who own the risk are accountable for their effective management.
Effective risk management becomes the essential process or discipline necessary to assure your life-blood is healthy and producing intended results. It should be the means by which you ensure that all relevant risks to performance outcomes are known, understood through measurement and reporting, mitigated to the extent necessary to produce intended results and monitored regularly for movement outside your set tolerances.
Through these tactics you are able to harness risk's full potential for your organization's advantage. It's no longer acceptable to rely on managing risk without regard for its effect on performance results.
CHRIS MANDEL is the president of Excellence in Risk Management, LLC, a long term risk management leader and former president of RIMS.
October 1, 2011
Copyright 2011© LRP Publications