Improving the Enterprise Wide Management of Business Risks
November 13, 2020
Enterprise Risk Management of Business Risks
Enterprise Risk Management (ERM), as a credible and valued business activity, has gained currency in recent years and is now widely accepted. Many businesses however have difficulty identifying, assessing and documenting the extensive range of risks that they face. Management struggle to implement a framework to identify the risks that they must assess in the day-to day operation of their businesses and also maintain focus on strategic business risks. In addition, the development of new business strategies and successful execution of these often fail due to an inability to fully understand the risks involved.
The key to successfully implementation of an ERM program across an organisation is getting the balance right between ‘micro’ operational risks – many of which are still important – and key strategic business risks. A bottom-up analysis of risks by line management and risk managers will often only focus on operational risks. These risks – whilst important to identify, mitigate and manage – do not always give rise to significant financial loss or business impairment. The risks which do, however, are often left to be managed at board or executive level for larger organisations or with the business owner in private enterprises.
Strategic Risk Management Toolkit
Success in effectively identifying and managing business risks usually requires organisations to progressively implement the following:
- Establishment of a Risk Management Strategy.This document will encompass the organisation’srisk appetite, risk management processes, rolesand responsibilities for the management ofbusiness risks;
- Establishment of an organisational rhythm for theidentification, assessment and management ofbusiness risks. This should include half yearly orannual risk management workshops with boardsand executives. For organisations implementingERM for the first time there will be an initial seriesof workshops to identify key business risks;
- Incorporating risk management assessments intostrategic planning, business planning andinvestment approval processes;
- Developing and implementing comprehensive, yetfor ‘fit for purpose’, risk management reporting.
The 52 Risks® Framework
Notwithoutrisk uses its own unique, innovative framework - 52 Risks® - to assist organizations identify,assess and manage their business risks. 52 Risks®comprises 17 Strategic Risks, 16 Financial Risks and 19Operational risks (refer Table 1. below). All potential business risks will map to one of these risk categories.
It provides a high-level, end-to-end framework that enables organizations to understand and determine their risk profile. In addition, organizations can, on an ongoing basis, measure and manage changes in its risk profile. The risks can be internal or external, short,medium or long term.
52 Risks® is a methodology that can assist all organisations – no matter how large or small - to compile the definitive list of strategic, financial and operational risks that can impact them.
The framework enables both a top-down and bottom-up analysis of key strategic, financial and operational risks. By systematically working through each risk category, a core list of key business risks can be identified for further investigation. Very low risk categories can be discarded early in the top down approach, leaving a relevant list of risk categories to be explored and assessed further.
Information on existing, known risks from management reports, financial reports, audit reports and any previous risk assessments undertaken can identify key business risks and build a risk profile of theorganisation. This bottom up analysis can leverage off the understanding within the organization about key business risks
Notwithoutrisk Consulting Risk Advisory Services
Notwithoutrisk Consulting can assist boards and executives with the following:
- Establishment of an ERM framework and governance;
- Preparation of a Risk Management Strategy document;
- An initial assessment of key business risks using the 52 Risks® framework;
- Facilitate workshops on specific categories of strategic, financial or operational risks;
- Development of risk registers; and
- Development of risk management reporting.
About the Author
Notwithoutrisk Consulting, founded by former Chief Risk Officer, Peter Deans, is an Australian based firm. It offers a range of strategy, business and risk advisory services to banks & financial institutions, corporate and government clients.
Contact Details
Notwithoutrisk Consulting, founded by former Chief Risk Officer, Peter Deans, is an Australian based firm. It offers a range of strategy, business and risk advisory services to banks & financial institutions, corporate and government clients.
Contact Details
Peter Deans, Director