Why organisations need to integrate enterprise risk management into their strategic planning process?
FOLLOWING the 2008 global financial crisis, Enterprise Risk Management (ERM) emerged as a critical issue in the most varied sectors of industry organisations. Today, with the world crippled by the novel coronavirus (COVID-19), the practice is now considered as the must have tool for the enhancement of corporate governance that should strengthen sound decision-making processes.
Firstly, it may be important to draw a distinction between the traditional risk management and enterprise risk management. As obvious as it may appear, it is the word “Enterprise” that makes the difference. Traditional risk management is a bottom-up process that focuses primarily on losses, costs and the negative side of risk; heavy on compliance and specification and mainly reactive. While enterprise risk management, on the other hand, has a much broader scope as it considers all the risk factors faced by the organisation, and it helps the Board and management make informed decisions according to its acknowledged risk appetite. While ERM like the traditional risk management does consider compliance it is a top-down process that prevents and mitigates losses and looks for opportunities in adversity for the organization thereby creating value and ensuring that the organisation’s objectives are met with minimal disruptions.
ERM is a bigger picture risk management that adopts a holistic approach to managing risk, placing it within a portfolio of things that need to be managed in order that the organization achieves its objectives. While individual departments or business units usually deal with their own risks, ERM needs everyone to be involved from frontline staff to Board level, to make it truly effective. Risk management is ostensibly undertaken with the objective of preventing loss while ERM has other, more far-reaching reasons, like lowering the organisation’s risk and increasing sustainability as this has the effect of gaining savings and increasing value for the firm in the long run
Although ERM, generally speaking may still be an ongoing process in most private institutions and more recently in the public sector, it has moved out of a reactive or panic-driven mode to become more predictive and proactive. Siloed approaches are being abandoned in favor of more collaborative, holistic and integrated frameworks.
The risk management function now assumes a more strategic role in organisations. It is increasingly being recognized as a guidance provider on the path ahead, mitigating critical risks and allowing companies to grow sustainably in the long term.
Strategy formulation on the other hand is the main part of the strategic planning process and a robust ERM framework must provide relevant risk information for decision-makers so as to reduce the possibility of selecting a mistaken strategy or overlooking an important one. Organisations need integrate the risk framework into their strategic planning process to take account of risk implications on their objectives or a lack of that process could result in failure.
To integrate ERM into the strategic planning process, organisations need to ensure that the risk information is current, complete and reliable. For this purpose, robust procedures of risk assessments, treatment and monitoring need to have a practical narrative to them. Suitable monitoring of all risks, through key risk indicators, enables organisations to foresee potential problems. If the risk tolerance tends to exceed levels, alarm bells can be triggered. Thus, organisations have the opportunity to review the treatment strategy given to the risk, which in the end improves operational and financial performance.
To add value to the creation of the business strategy and to set the tone of the organisation’s strategic objectives, it is not enough to just conduct a strategic risk assessment or even having a risk discussion at the strategy setting meeting, there is much more that organisations need to do. Most organization who follow that way of doing things find it difficult to relate if the objectives have not been defined or well documented or measured. Strategic planning that is risk-based helps to define the value proposition that the business brings to the market, and the way in which organisations intend to distinguish themselves from other competitors.
For most organisations, this may not be obvious from the outset, but as the processes of ERM gains traction and its frameworks and systems fall into place, organisations will see its risks being holistically managed. What happens also is that organisations see the development of an appropriate risk culture throughout its value chains.
Ultimately, what ERM does is support the organisation in its efforts to “get ahead of the curve” and take advantage of opportunities. Properly applied ERM becomes a decision-making tool that has the ability to become embedded in the culture of the organisation, integrate with its strategies and objectives, and leverage on its resources to improve performance, spur growth, give it a competitive edge, and maintain its sustainability.