Enterprise Risk Management (ERM) is now a top priority for directors and executive management. Changes in corporate governance, increased political risk, rise in corporate scandals, rapid changes in information technologies, increased globalization, increased complexity of business transactions, increased competition, increased natural disasters and the recent fallout from the global financial crisis have all heightened the need for strategic enterprise risk management.
In this uncertain, volatile and intense competitive environment where the volume and complexities of risks affecting the organization are rapidly increasing, survival hinges on the integration between overall corporate strategy and risk management. Ignoring risks associated with strategies or ineffectively managing them is a sure recipe for disaster.
One might be asking – Why integrate risk into strategic planning and embrace ERM? Because of ERM’s top-down and holistic approach to effective risk management for the entire enterprise, the organization will be able to identify and evaluate how a broad range of possible events and scenarios will impact its strategy execution, including the ultimate impact on the valuation of the business.
By integrating enterprise risk management in strategy development and strategy execution capabilities, the organization will be best positioned to create and enhance sustainable value. Although research has shown the benefits of such integration, why has there been a slow take-off in the risk-strategy integration processes of numerous organizations?
- Failure by senior management in the overall risk-oversight process.
- Boards of directors being unaware of enterprise risks because of lack of knowledge, and sometimes, due to ignorance.
- Over-reliance by senior management on complex quantitative risk models that ignore sound human element of qualitative judgement.
Although it is evident that no one person can predict the future with accuracy, management and their boards must at least consider and be proactive of responses to events, whatever the cause, that might have a devastating impact on strategy execution and the overall performance of the organization. Instead of viewing ERM as a compliance activity, management ought to view ERM as a strategic focus, consistent with the view that an enterprise-wide approach to risk management is value-enhancing. This means management:
- Strengthening the overall oversight of the enterprise’s risk management processes.
- Reassessing the weaknesses in existing risk management processes.
- Enhancing the accuracy of risk management analysis to the company’s strategic setting activities.
- Adding formal risk discussions to their agendas on a regular basis.
To maximize value when setting strategic objectives, it is imperative that management find an ideal balance between performance goals and targets and related risks. This means evaluating the difference strategic alternatives designed to reach performance goals as well as interconnected risks across each alternative to establish whether the potential returns are proportionate with the associated risks that each alternative presents. This evaluation should also involve weighing enterprise risks to ensure they are within the stakeholders’ appetite for risk.
Considering risk during the strategy planning and strategy execution process is important because it creates ability for the organization to seize risk opportunities with the potential to increase returns for the business or identify areas where it is too risk averse. If risks are ignored in strategy, risk opportunities may be overlooked.
It is therefore important that the board and executive management clearly understand the various value drivers of the organization and the different risks surrounding these drivers. Knowing this information helps devise and implement strategies that are capable of moving the organization forward.