Risk affects all forms of business and personal activity. While the definition of risk is the variation of actual outcomes around an expected average outcome, when practitioners use the term “risk management” they exclusively and artificially denote one of two interconnected paths. The first path deals with the pricing and selection of financial instruments, and the construction of financial hedges to manage a firm’s cash flows. The second path deals with mechanical systems, decision-making processes and insurance products to preserve the firm’s resources from accidental loss. Even though the shortcomings of this artificial separation of risk management are well acknowledged, risk management textbooks and professional designation societies continue to maintain this division; the abundant crop of textbooks that identify themselves using the title “Enterprise risk management… seeks to identify, assess, and control-sometimes through insurance, more often through other means-all of the risks faced by the business enterprise, especially those created by growth,”. The main focus of enterprise risk management is to establish a culture of risk management throughout a company to handle the risks associated with growth and a rapidly changing business environment. Enterprise risk management (ERM) is a systematic and disciplined set of policies, processes and practices used to identify, assess and prioritize the major risks associated with a company’s key business objectives; develop, implement and monitor risk mitigation strategies; and provide for independent and objective evaluations by management, board and external audiences of risk mitigation strategies. Corporate risk management is evolving to be viewed as the management of the operations and activities of a corporation, and its financing practices, to construct a portfolio of risks that yield a corresponding average payofi Decisions about seemingly disparate issues are seen as integrated by their net effect on the probable risk- return balance of the corporation.
In general enterprises are exposed to risk that can be categories into four.
- Hazard risks include risks from fire and other property damage, windstorm and other natural perils, theft and other crime, personal injury, business interruption, diseases and disability and liability claims.
- Financial risks include risks from price, liquidity, credit, inflation /purchasing power and hedging.
- Operational risks include risks from business operations empowerment, information technology and information/ business reporting
- Strategic risks include risks from reputational damage completion, customer wants, demographic and cultural social trends, technological innovation, capital availability, and regulatory and political trends.
“Risk Management and Insurance reinforce the view that insurance is a tool somehow separate from risk management. Insurance, however, is one of the available financial tools for hedging against the negative economic impact of events.
The evolving view of risk management often depends on one’s perspective. Many of the current corporate risk management positions evolved out of the insurance-buying function of corporate operations, while hedging and capital structure decisions are made in the finance department. This history both taints and defines the scope of risk management.
Corporate risk management is an integrated, forward looking and process-orientated approach to managing all key business risks and opportunities- not just financial ones- with the intent of maximizing value for the enterprise as a whole. Enterprise risk management is the latest name given to overall risk management approach to business risks. Precursors to this term include corporate risk management, business risk management and strategic risk management. Enterprise risk management can be defined as the process by which the organizations in industries assess, control, exploit, finance and monitor risks from all sources for the purpose of increasing the organizations short and long term value to its stake holders. Financial risks cover potential losses due to changes in financial markets, including interest rates, foreign exchange rates, commodity prices, liquidity risks and credit risk. Operational risks cover a wide variety of situations, including customer satisfaction product development, product failure, trademark protection, corporate leadership, information technology. And management fraud and information risk. Strategic risks include such factors as completion, customer preferences, technological innovation and regulatory or political impediments.
A common thread of enterprise risk management is that the overall risks of the organization are managed in aggregate, rather than independently. Risk is also viewed as a potential profit opportunity, rather than as something simply to be minimized or eliminated. The level of decision making under enterprise risk management is also shifted, from the insurance risk manager, who would generally seek to control risk, to the chief executive officer, or board of directors, who would be willing to embrace profitable risk opportunities.
Enterprise or corporate business risk is defined as threats to the organization’s capability to achieve its objectives and execute its business strategies successfully. The organization’s value creation objectives define the context for management’s determination of risk management goals and objectives which, in turn, drive and focus the process of managing business risk.
Through an integrated business risk management process, senior management determines how much risk they are willing to accept when balancing risks and rewards, and allocating resources. They communicate to operating managers, risk managers and process/activity owners the level of acceptable risk (which is often described as risk appetite, risk tolerance or risk threshold).
Enterprise business risk management is a continuous process of:
- Establishing risk management objectives, tolerances and limits for all of the enterprise’s significant risks
- Assessing risks within the context of established tolerances
- Developing cost-effective risk management strategies and processes consistent with the overall goals and objectives
- Implementing risk management processes
- Monitoring and reporting upon the performance of risk management processes
- Improving risk management processes continuously
- Ensuring adequate communication and information for decision making
Today’s business world is constantly changing – it’s unpredictable, volatile, and seems to become more complex every day. By its very nature, it is burdened with risk.
Risk assessment provides a mechanism for identifying which risks represent opportunities and which represent potential pitfalls. Done right, a risk assessment gives organizations a clear view of variables to which they may be exposed, whether internal or external, retrospective or forward-looking.
For risk assessments to yield meaningful results, certain key principles must be considered. A risk assessment should begin and end with specific business objectives that are anchored in key value drivers. These objectives provide the basis for measuring the impact and probability of risk ratings.
Organizations that vigorously interpret the results of their risk assessment process set a foundation for establishing an effective enterprise risk management (ERM) program and are better positioned to capitalize on opportunities as they arise.