Governance Best Practices

Enterprise Risk Management (ERM) and the Board: What You Need to Know

Has your board adopted Enterprise Risk Management (ERM) strategy? If not, then your organization is likely to be at risk.

The idea behind ERM is simple: rather than focusing on specific risks, such as worker or product safety, ERM adds a strategic layer that explores and anticipates risks.

Risk management for the whole enterprise

Within ERM’s broad scope we can identify three important strands: it must deal with operational risk, financial risk and strategic risk.

  • Operational risks are hazards that, as the Basel II Accords describes them, result from “inadequate or failed internal processes, people and systems from external events”. As such, they are ‘pure risks’ and can not be planned for, although they can be anticipated within a risk assessment framework.
  • Financial risks are emerging from market Impacts on assets, including risks to credit, price and liquidity. As such, they’re ‘speculative risks’ that can be projected and planned for.
  • Strategic risks are somewhat different; while operational and finance risk management focus on doing things right , strategic risk management Focuses on doing the right things . That is, doing the things that will preserve the business, seeking as predictive market trends and understanding emerging risks.

ERM and strategic risk

Most organizations are already managing operational and financial risks. But not every organization is managing strategic risks, which can have disastrous consequences. There are many examples of strategic risk failure, but two recent examples stand out:

  • Digital music (and cameras): It’s now a commonplace that the major record labels dismissed digital music (downloads and streaming) as a risk to their business model. As the rise and ubiquity of services like Spotify and Tidal attest, this was a clear risk management failure . Similarly, Kodak’s fate is well-known, a result of failing to address its dwindling sales in the face of digital photography (a technology it invented).
  • Smartphones: The technologies to assemble a smartphone had been in existence for some time before Apple brought them together and launched the iPhone. Then-dominant mobile phone makers, like Nokia , Ericsson and Motorola, did not foresee the risk, did not respond almost enough, and have disappeared from the market.

An effective ERM strategy requires all three risk categories to be considered. Critically, domain experts should remain at the helm of risk management in their silos, but there must be a layer of strategic oversight to ensure their individual views.

That’s where the board comes in.

A board’s responsibility

Crucially, the board must take the lead in setting the ERM agenda. This is because the board is responsible for making strategic risk decisions.

By calling on the expertise of domain-specific experts (like the CIO, CFO or COO), as well as those with broader perspectives and risk expertise (like the CEO or CRO), the board can see the bigger picture and make strategic, enterprise -wide decisions

Similarly, the board is looking at a risk-aiding culture within the enterprise, in which all employees are risk-aware and there are open channels for communicating risk information, from incident reporting to raising awareness of potential new risks.

More than just risk management

Risk and opportunity go hand in hand. Boards that adopt ERM wants to gain a strategic view of their business and its risks. What are they going to do? What are they going to do?

Having the right tools and information is critical. It’s vital that the company uses a single, unified platform to identify, monitor and manage risks. It will provide an invaluable resource when considering the broader, enterprise-wide risk posture.

Diligent’s software can assist with business and risk planning , with tools to help identify and manage all types of business risk. By marrying these proven tools with enterprise-grade security, you can be assured that your planning will be as thorough, accurate and private as possible.

Board Portal Buyer’s Guide

With the right Board Portal software, a board can improve corporate governance and efficiency while collaborating in a secure environment. With lots of board portal vendors to choose from, the whitepaper contains the most important questions to ask during your search, divided into five essential categories.

Featured Blog