Risk Assessments | Traditional vs. Enterprise Risk Management
Accounting standards, reporting requirements, and regulations require board of directors’ oversight and senior executive management of risk. Effective risk oversight, management, and risk assessments are especially challenging due to the rapid changes in the global business environment and the volume and complexity of risks, such as technology changes, innovation and disruptions; brand and reputation value; consumer privacy protection; integrity of supply chains; mergers and acquisitions, changes to business lines, and the extended enterprise risk associated with third parties (i.e. vendors, contractors, business associates, distributors, and suppliers).
Why Companies Need to Move from Traditional Risk Management to Enterprise Risk Management
Traditional Risk Management
Companies need to determine whether the risk management approach they use is capable of effectively assessing and managing the risks that could impact their business objectives and overall strategic success. Traditionally, organizations managed risks by charging functional or business unit leaders to manage risks within their business unit, such as tasking the Chief Financial Officer (CFO) with managing risks related to the organization’s financial actions. This compartmentalized approach, which is risk-specific and siloed, focuses on tactical business risks rather than considering strategic sources of risks. This approach may fail to uncover risks that “fall between the siloes”; risks which may impact several business functions simultaneously but in different ways; and, by focusing on risks related to internal operations within the organization, fail to consider external events that might create risks or threats to the business.
Enterprise Risk Management
As risks are interconnected and don’t occur in isolation; addressing them in the traditional manner is no longer a viable option. Enterprise Risk Management (ERM) provides a framework for managing risks which constantly change. The goal of ERM is to create a top-down, enterprise view of the most significant risks to the entity’s business and the achievement of its most important objectives. ERM enables management to continuously identify events or circumstances relevant to the organization’s objectives (risks and opportunities), assess the likelihood of the risk occurring and magnitude of impact, determine a response strategy, and monitor the risk management process. Executive management is collectively responsible for designing and implementing an ERM process and monitoring the ERM process to ensure risks are identified as they emerge and are effectively managed. The board of director’s are responsible for reviewing and approving management’s ERM process and overseeing the ERM process to ensure management’s risk-taking actions are aligned with the stakeholders’ risk appetite.
Does your Company Need Risk Assessments?
Readi Consulting can answer your questions regarding risk management and work with your company’s management team to transition from the traditional risk management approach to ERM. Contact us for a free consultation.