The underlying premise of enterprise risk management is that every entity exists to provide value to its stakeholders. All entities face uncertainty, and the challenge is to determine how much uncertainty to accept as it strives to grow stakeholder value. Uncertainty presents both a risk and an opportunity with the potential to enhance or erode value. Enterprise risk management enables Management to deal effectively with uncertainty and associated risk and opportunity, thus enhancing the capacity to build value. Initiatives to build value with integrity should be aligned with an entity’s strategic high level goals and ethics, ensure the effective and efficient use of operational resources, provide for reliable reporting, and assure compliance with applicable laws, regulations and governance requirements.
Enterprise risk management is defined as a:
“process effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across an enterprise, designed to identify potential events that may affect the entity, and manage risk within its risk appetite, to provide reasonable assurance regarding the achievement of the entity’s objectives”.
This definition reflects certain fundamental concepts that enterprise risk:
- is an on-going process applied across an entity
- provides the opportunity to align the management of corporate strategic objectives and risk to deliver value with integrity
- provides an entity level view of risk
- is effected by people at every level of the organisation
- is designed to identify failure points that affect the entity.
Shareholder value may be maximised when management sets strategy to strike an optimal balance between growth, financial goals and related risks, and efficiently and effectively deploys resources to achieve the entity’s objectives. The objectives of Enterprise Risk Management include the:
- alignment of risk appetite and strategy
- ability to enhance key decisions made to respond to threats and risks
- reduction of operational surprises
- compliance with key regulatory & legal requirements enterprise-wide.
The primary drivers of operational risk are People, Relationships, Technology, Processing, Physical, and other External risks. Entities that implement a coordinated enterprise-wide program of operational risk optimisation, and that link risk, control and performance measurement metrics, will be better equipped to avoid pitfalls and surprises on the way towards creating value with integrity.
2 comments
28 November, 2006 at 16:31
ferozeali
what’s the vital difference between enterprise risk management and risk management process
28 November, 2006 at 17:16
ozrisk
ferozeali,
ERM is a risk management process that is broad enough in scope to cover most, if not all of the risks faced by a business. It may be made up of many risk management processes.
For example, the credit risk management process will normally be seperate from the operational risk management process, but both will be part of an ERM framework.