Enterprise risk management (ERM) is critical for the successful execution of the organization’s strategy. Failure to identify, assess, manage and monitor key risks can have devastating effects on the long-term performance of the business.
In order to successfully identify, assess, manage and monitor key risks managers need to establish and implement a compelling enterprise risk management structure within their organizations. When establishing ERM the question normally asked is, “Who owns the risk management process and who is responsible for what?”
In some companies the CFO is responsible for all the risk management processes. In others the Chief Risk Officer (CRO) or the Head of ERM is the chief architect. Does this mean that the other personnel play no role in managing enterprise risks? Not at all.
When establishing an ERM framework and culture it is critical to understand that neither the CRO, CFO nor the Head of Risk Management is solely responsible for the ownership of all the risks facing the organization. These personnel are responsible for properly reporting significant risk events and potential opportunities to the other senior management and the board members.
You could also say that they own the organization’s risk management functionality itself. That is they are responsible for setting up the infrastructure for gathering risk information, setting risk responses, determining probability of occurrence and impact, discovering the root causes of risk, and the timely reporting of same. Risk ownership is every employee’s responsibility. In other words, all the organizational risks that confront the organization everyday are owned by everybody in the organization in the respective levels at which they operate.
Take for example the sales employees or any other front-line employees. Their actions can either build or destroy the image of the bank through the relationships they form and constantly enhance with the customer base or by the ones they ruin. They also set the tone whether the customer is going to be interested in buying other services or products of the organization that are being offered. Thus these employees own their own set of risks and certain risks of the organization as well.
To be successful at implementing ERM, the process must involve virtually every key person in the organization. The reason being that they possess greater influence over buy-in. If these people fail to embrace ERM, then ERM will never become an important part of the business on a day-to-day basis.
To ensure that everyone within the organization make enterprise risk management an important aspect of their jobs it must always be approached as an environment that is owned by everybody for their own mutual benefit.
The benefits of implementing ERM must outweigh the costs. In other words, the process must earn a return on investment that is deemed acceptable by the organization. If the benefits outweigh the costs the possibility of every key member of the organization embracing ERM and not just tolerating it as another one of those corporate fads is high.
Everyone in the organization should want to actively participate in ERM. If ERM becomes a DNA of the enterprise, then it has a chance of attaining a high degree of success.
I welcome your thoughts, comments and feedback.