The underlying premise of enterprise risk management is that every entity exists to provide value to its stakeholders. All entities face uncertainty, and the challenge is to determine how much uncertainty to accept as it strives to grow stakeholder value. Uncertainty presents both a risk and an opportunity with the potential to enhance or erode value. Enterprise risk management enables Management to deal effectively with uncertainty and associated risk and opportunity, thus enhancing the capacity to build value. Initiatives to build value with integrity should be aligned with an entity’s strategic high level goals and ethics, ensure the effective and efficient use of operational resources, provide for reliable reporting, and assure compliance with applicable laws, regulations and governance requirements.
Enterprise risk management is defined as a:
“process effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across an enterprise, designed to identify potential events that may affect the entity, and manage risk within its risk appetite, to provide reasonable assurance regarding the achievement of the entity’s objectives”.
This definition reflects certain fundamental concepts that enterprise risk:
- is an on-going process applied across an entity
- provides the opportunity to align the management of corporate strategic objectives and risk to deliver value with integrity
- provides an entity level view of risk
- is effected by people at every level of the organisation
- is designed to identify failure points that affect the entity.
Shareholder value may be maximised when management sets strategy to strike an optimal balance between growth, financial goals and related risks, and efficiently and effectively deploys resources to achieve the entity’s objectives. The objectives of Enterprise Risk Management include the:
- alignment of risk appetite and strategy
- ability to enhance key decisions made to respond to threats and risks
- reduction of operational surprises
- compliance with key regulatory & legal requirements enterprise-wide.
The primary drivers of operational risk are People, Relationships, Technology, Processing, Physical, and other External risks. Entities that implement a coordinated enterprise-wide program of operational risk optimisation, and that link risk, control and performance measurement metrics, will be better equipped to avoid pitfalls and surprises on the way towards creating value with integrity.