enterprise risk management

Risk Management Alternative
-	Enterprise Risk Management
-	Business Continuity Plan
-	Business Crisis Management
-	Security Risk Management

Enterprise Risk Management (ERM) is a process that identifies events that impact on business objectives

ERM is applied in strategy setting and across the enterprise to identify and manage potential events that may affect the entity as a means of assuring the attainment of objectives. Benefits of enterprise risk management implementation include;

Improved understanding of the potential for risks to effect value and the achievement of strategy and objectives
Better information on risk interrelationships
A precise description of business and operational risks
Improved capacity to identify and seize opportunities in future events
The ability to manage risks within and across business units
Cogent communications on the nature of risks

Enterprise risk management is conducted by first understanding the context under which the business is operating;

mission of the entity
strategic thrusts and vision
a clear enunciation of the business objectives
organization values;

..... plus an understanding of the structure, the various business units in play and any special facilities deployed by the entity.

The next step is to develop a risk register for the entity; a set of strategic, operational, financial, ethical and external risks that are pertinent to the organization's situation needs to be produced. This register is developed in conjunction with the business unit leaders, typically through a structured interview process.

The risk register is then pared down to a priority set of risks as selected by a cross-section of experienced personnel - management, unit leaders, project specialists etc. Each risk is then weighed, during a workshop setting led by risk consultants, by considering two principal factors;

(a) risk likelihood which can be expressed as the number of occurrences/yr and (b) risk consequences (health, safety, environmental or operational)

Both are determining factors for assessing the level of risk with respect to their impact on the achievement of business objectives.

The result of the workshop is a set of ranked risks, depicted graphically as a risk map which allows the entity to articulate which risks are intolerable, those that require additional treatment and which risks are tolerable with existing controls.

Risk treatments, also known as risk controls or risk mitigation strategies, must be identified and evaluated to modify risks that are outside of the tolerable region;

expected risk reduction (through consequence or likelihood reduction)
cost-benefit evaluation of the treatment
side effects (new risks presented by the treatment option)
feasibility & acceptability of the risk treatment

Enterprise risk management processes must be operationalized to be successful - they should be embedded within the organization through its people (skills, risk culture & communication), as part of business planning & operating processes and within a framework of continuous improvement. The latter implies performance measurement and the updating of ERM related business activities to create resiliency.