Enterprise Risk Management (ERM), as a credible and  valued business activity, has gained currency in recent  years and is now widely accepted. Many businesses  however have difficulty identifying, assessing and  documenting the extensive range of risks that they  face. Management struggle to implement a framework  to identify the risks that they must assess in the day-to day operation of their businesses and also maintain  focus on strategic business risks. In addition, the  development of new business strategies and successful  execution of these often fail due to an inability to fully  understand the risks involved. 

The key to successfully implementation of an ERM  program across an organisation is getting the balance  right between ‘micro’ operational risks – many of  which are still important – and key strategic business  risks. A bottom-up analysis of risks by line  management and risk managers will often only focus  on operational risks. These risks – whilst important to  identify, mitigate and manage – do not always give rise  to significant financial loss or business impairment.  The risks which do, however, are often left to be  managed at board or executive level for larger  organisations or with the business owner in private  enterprises. 

Success in effectively identifying and managing  business risks usually requires organisations to  progressively implement the following: 

Notwithoutrisk uses its own unique, innovative framework - 52 Risks® - to assist organizations identify,assess and manage their business risks. 52 Risks®comprises 17 Strategic Risks, 16 Financial Risks and 19Operational risks (refer Table 1. below). All potential business risks will map to one of these risk categories.

It provides a high-level, end-to-end framework that enables organizations to understand and determine their risk profile. In addition, organizations can, on an ongoing basis, measure and manage changes in its risk profile. The risks can be internal or external, short,medium or long term.

52 Risks® is a methodology that can assist all organisations – no matter how large or small - to compile the definitive list of strategic, financial and operational risks that can impact them.

The framework enables both a top-down and bottom-up analysis of key strategic, financial and operational risks. By systematically working through each risk category, a core list of key business risks can be identified for further investigation. Very low risk categories can be discarded early in the top down approach, leaving a relevant list of risk categories to be explored and assessed further.

Information on existing, known risks from management reports, financial reports, audit reports and any previous risk assessments undertaken can identify key business risks and build a risk profile of theorganisation. This bottom up analysis can leverage off the understanding within the organization about key business risks

Notwithoutrisk Consulting can assist boards and executives with the following:

• Establishment of an ERM framework and governance;
• Preparation of a Risk Management Strategy document;
• An initial assessment of key business risks using the 52 Risks® framework;
• Facilitate workshops on specific categories of strategic, financial or operational risks;
• Development of risk registers; and
• Development of risk management reporting.