ERM is an Integrative Approach to Risk Management

Risk management as traditionally practiced in organisations, tended to be silo-based.  Risks originating from one area is expected to be managed in that area which is assigned the responsibility for managing, while risks originating from another area is managed by that area. 

One reason Chapman gives as to why this approach developed is our tendency to compartmentalise. Our analytical mindset approach to problem solving leads us to split things into their basic components, to make them easier to manage. 

Over the years, there have been growing recognition that the silo-based approach is flawed.  The impact of risks span across silos -- a breakdown in manufacturing leads to impacts well beyond the manufacturing department.  Mismanagement of risk in one silo affects other silos, which may not be prepared for that risk because they had assumed that other area was managing that risk.  

ERM is a new approach to managing risk.  The thrust is of ERM is the integrative management of risks, understanding the interdependencies, their impacts, and areas where they can be leveraged so that addressing a single cause can prevent multiple risks.

Reference: Chapman, Robert. Simple Tools and Techniques for Enterprise Risk Management 2006.

Tools and Techniques of Enterprise Risk Management, Part 1

I’m going to go through Robert Chapman’s ERM book.  Based on the table of contents, the first part of the book what ERM is. Part II is about ‘The Appointment’ or what I think is a discussion of the engagement process.  The table of contents covers topics about interviewing the client, preparing the proposal, and implementation (of what, I am not sure yet).

Part II covers the Risk Management Process.  It seems to be about a fairly standard process: Analysis of the Business, Risk Identification, Risk Assessment, Risk Planning, and Risk Management.

Part IV covers ‘Internal Influences’ which I think is about internally generated risks.  The table of contents says it covers Financial Risk Management, Operational Risk Management, and Technological Risk.

The final part covers ‘External Influences’ which seems like about risks generated externally.  It discusses Economic, Environmental, Legal, Political, Market, and Social risks.

Finally there are 14 short Appendixes which discuss techniques like SWOT, PEST, VRIO analysis, Change Management, among other topics.

Contemporary Enterprise-Wide Risk Management Frameworks: A Comparative Analysis in a Strategic Perspective

Per Henriksen and Thomas Uhlenfeldt

Summary:

Many risk management frameworks claim to be holistic and ‘enterprise-wide’.  Henriksen and Uhlenfeldt argue that for a risk management framework to be truly holistic and strategic, it must address the strategy creation process and not just the strategy implementation arena.  It is in the area of strategy process where many strategic risks are created. Hence, an enterprise-wide risk management system that does not lend itself to be used in the strategy creation process falls short of the mark. 

The authors investigate 4 ERM frameworks that claim to be holistic: DeLoach EWRM, COSO ERM, FERMA (a precursor to the current IRM Risk Management Standard), and AS/NZS 4360:2004.  Their study reveals that while these frameworks claim to be applicable at the strategic level, they fall short of providing actionable guidance on how risk management can be performed concurrently with the strategic processes.

A key weakness lies in the frameworks’ treatment of consolidating, prioritizing, and communicating key risks.  The very point of ERM is to consolidate the key risks faced by the organisation so that it can allocate scarce resources most effectively. The frameworks provide little, if any, guidance on how this consolidation, prioritisation, and organisational communication can be done.

The frameworks also acknowledge that risks can result in positive opportunities for the organisation but provide little guidance on how to take advantage of this.  Since the frameworks are not integrated with the strategy creation process - where the biggest opportunities to identify and seize opportunities exists - the frameworks’ take on positive risks are not that helpful.  The authors recognise that in the real world, preventing losses is the focus of management and identifying opportunities is generally the remit of strategy. 

Hence, while risk management in theory helps in identification and grabbing of opportunities, this is seldom done in practice.  The orientation of the frameworks in the process steps is still heavily slanted toward negative risks.

The frameworks add some value in that they pave the way for common risk language and processes across an organisation.