If you wear your seat belt when you drive, that's risk management. When you apply that discipline to your entire organization, that's enterprise risk management.
Enterprise risk management (ERM) is the process of identifying, assessing, and treating the risks that can impact your ability to achieve your goals. Once listed, each risk is assessed on its severity and probability. This lets you see which risks require attention urgently and which ones are less of a priority. The results may surprise you!
ERM helps you prepare for problems before they become problems.
ERM helps minimize costly surprises. It also shows where the key hazards are in your market, your processes, and your strategies, so you can prepare for those hazards and avoid (or at least reduce) them. After all, if you have to walk through a minefield, wouldn't you rather have a map?
Using ERM to evaluate your strategies, plans, and projects reduces the possibility that unforeseen risks will manifest themselves and impede your organization's ability to achieve its goals. Another way to consider ERM is as 'success assurance'.
Knowing where your risks are helps you find your strengths and challenges. It also helps you find opportunities as you play those strengths. An example from our history is when an organization needed data from its clients for a research study commissioned by the group. Many clients didn't have the resources to gather the data for the study. That's when the organization's team realized that they had the unique expertise to gather the data for their clients, opening up a new consulting opportunity.
We all manage risks every day without even thinking about it. As the adage says, all management is risk management. What few of us do, however, is list all the risks that can impact our organizations together and compare them. This process helps you deal with the risks that most urgently require care, and allocate your resources most effectively to help your organization achieve its goals and more.
If you're currently managing your insurable risks to control your insurance premiums, you're partway there. Expanding your risk management to enterprise risks allows you to take an enterprise-wide approach, as the word implies. It moves you beyond the realm of insurable risks and into looking at ALL risks that can affect your organization.
1. How is Enterprise Risk Management different from traditional risk management?
Traditional risk management deals mainly with 'pure' risks that are often insurable. For example, health and safety measures such as safety strips on stairs, evacuation plans, and health and safety programs help maintain compliance with provincial /state and federal regulations, and can help reduce your insurance premiums. Traditional risk management, however does not deal with 'speculative' risks which can have an upside, such as financial, strategic, or economic risks. The comprehensive approach of ERM takes into account both pure and speculative risks, allowing your organization to look at all risks with the same lens, to help you prioritize them and allocate resources more effectively to deal with them.
2. How hard is it to implement ERM in my small business?
The smaller the organization, the simpler it is. We can meet with you to implement a simple process for you to identify and assess your own risks, and help you devise plans to mitigate them. You will own the process, and we can help review it periodically and make sure you're still on track. For a small business, the process could be started, and your first risk register created, in a matter of hours. It needs to be reviewed periodically, and the mitigations you come up with form part of your work plan.
3. What would be involved in a larger organization?
We would meet with you to learn about your organization and develop a plan. Our plans are scalable, and proven to be effective with both a medium-sized organization and a major city. We will customize a process that is tailor made for your organization.