Enterprise risk management is a comprehensive, integrated strategy taken by businesses that involve organizing, controlling, planning and leading activities of a business so as to prepare for hazards, dangers and disasters that may interrupt the smooth flow of operations and objectives in organization. The enterprise risk management gives businesses a global perspective on how to deal with risks. The process of risk analysis involves identification of all potential risks an organization may face, prioritizing them depending on their level of severity and implementing the best cause of action to take for each risk category. This process is referred to as risk management plan and many diversified companies recruit a risk manager to manage that task. The first chief risk officer was James Lam also referred as “the father” of risk management. He was tasked the role of risk management in the year 1993 while working at General Electronics. James Lam introduced the seven elements in enterprise risk management namely; company management, task of risk management, setting of risk and management portfolio limits, strategies of risk transfer, risk analytical, operational and market risks. An organization can manage its potential risks by use ways such as avoidance, retention, prevention, transferring the risk to a third party and exploiting the risk if it brings positive impacts to the organization. Enterprise risk management has various concepts of risk management and frameworks. As a result of this, enterprise risk management practices can be applied to any organization irrespective of industry sector, size of the organization and geographical location (Olson & Wu, 2015).
The difference between traditional and enterprise risk management practices
One of the main differences between traditional and enterprise risk management practices is that one uses decentralized approach towards risk management while the other uses decentralized approach. The traditional risk management uses decentralized approaches which lack coordination between departments and as a result, inefficiencies are created. The enterprise risk management on the other hand uses a centralized approach of risk management which brings all aspects of concern in organizational risk management to one point. This increases coordination and reduces inefficiencies (Hoyt & Liebenberg, 2011).
The second difference between traditional and enterprise risk management occurs in their scope. The traditional risk management practices are only tailored to threats and losses. Organizations that use the traditional risk management practices do not see risks as other opportunities to generate more earnings. Consequently, these managers only stick to their authorized scope and try as much possible to avoid any winning opportunity that comes with a threat in their decision making. On a different opinion, the enterprise risk management practices optimize the correlation between profitability and risk and facilitates strategic plan. The company’s global vision, terminologies, tools and instruments of management are used in enterprise risk management to enhance the organizational process of risk management on cells, systems and human (Hoyt & Liebenberg, 2011).
The third difference is that the traditional risk management practices are only applicable in transferable risks such as accidental risks and financial risks, while the enterprise risk management practices are applicable to transferable risks plus operational and strategic risks. Fourth, While traditional risk management requires an organization to have a financial manager who has accounting skills, the enterprise risk management practices requires one who is innovative and with skills in marketing and strategic planning. Lastly, traditional risk management practices concentrate its focus on pure risks which can be separately analyzed and visualized while the enterprise risk management practices look at all types of risks an organization is faced with including the speculative risks (Hoyt & Liebenberg, 2011).
Why risk management approach is more effective in today’s organizations
The risk management approach is more effective in today’s organizations because of the various reasons. First, the support and commitment from organizations top management as made risk management approach effective. For any risk management program to succeed, it must receive a great support from the top management. Because the top management has the biggest influence in an organization and decisions and emphasis they make concerning the risk program filters down the organization, they are the best persons a risk manager should engage with. Today, many risk management plans and strategies for many organizations are fully supported by the executive stuff making them more effective.
The second reason why risk management approach has been effective is because of good risk communication channels. A good risk communication as increased the effectiveness of risk management in today’s organizations. Through a good risk communication, all the organization’s stakeholders are able to; know the probability of a certain risk occurring, deal with uncertainties and fear brought up by some hazards, create an avenue for questioning and addressing uncertainty issues (Chitakornkijsil, 2010).
The third reason for an effective risk management approach is a strong risk culture Organizations have realized the importance of having a strong risk culture in the organization and are continuously doing review on their culture, processes and people. Risk culture consists of knowledge, believes, attitudes, values and understanding on how risk is shared in an organization. Organizations today have a repeatable and consistent approach that makes it easy for employees to understand risk implications and brings comfort to the executives on decision made regarding risk management. Organizations are also recruiting candidates who have a knowledge of the boundaries with which the organization can operate, what the organization stands for and the kind of risk that they can take to help the organization achieve its long-term strategic goals (Chitakornkijsil, 2010).
The last reason why risk management approach is effective is because of a good organizational structure. Earlier, organizations had no separate and distinctive department for dealing specifically on risk issues. The reason why risk management is effective today is because organizations have set fully functional risk management departments with full time risk management staff. Those small organizations’ facing financial constrains volunteer one or several persons to become knowledgeable on risk management basics and take control of all risk issues regarding the organization (Olson & Wu, 2015).
Key drivers of value for enterprise risk management
The key drivers of value for enterprise risk management are credit rating agencies’ requirements, legal and regulatory compliance requirements, and non-mandatory reports and reduced earnings volatility. Credit rating agencies have been the key drivers in encouraging organizations to develop and incorporate enterprise risk management frameworks in their daily operations. Furthermore, these credit rating agencies require risk managers to make an in-depth analysis and make comments which are incisive on the different risk dimensions that determine the organization’s overall creditworthiness (Chitakornkijsil, 2010).
When an organization makes a defective transaction, takes inappropriate measures in asset protection, or don’t comply with the changes in law ends up in a legal risk. Enterprise risk management should conduct practices that comply with the laws of the land to increase the competitive advantage of the organization. Though some reports on risk management are non-mandatory to compliance, they help enterprise risk managements by providing them with frameworks against which internal control systems and risk management can be examined and improved. Furthermore, the reports help in minimizing corporate scandals by giving guidance on important practices in internal control and risk management (Chitakornkijsil, 2010).
An effective enterprise risk management goes hand in hand with a reduction in earnings volatility. Organizations with reduced earnings volatility are able to monitor and make good predictions for their earning in future and are in the best place to make informed decisions. This gives the enterprise risk management of an organization an able time to focus on other risks that may cause devastating effects to the organization in the future (Olson & Wu, 2015).
Chitakornkijsil, P. (2010). Enterprise risk management. International Journal of organizational Innovation (Online), 3(2), 309.
Hoyt, R. E, & Liebenberg, A. P. (2011). The value of enterprise risk management. Journal of risk and insurance, 78 (4), 795-822.
Olson, D. L, & Wu, D. D. (2015). Enterprise risk management (Vol. 3). World Scientific Publishing Co Inc.