Evolution From Operational Risk To Enterprise Risk

ProcessMAP > Risk & Compliance > Evolution From Operational Risk To Enterprise Risk

The last decade has seen an unprecedented change in the role of risk management in organizations. A few years ago, the role of the corporate risk manager was confined to insurance, claims & losses. However, the role has recently expanded well beyond insurance and hedging of financial exposure. The scope now includes a variety of risk – notably operational risk, reputational risk & more recently strategic risk.

How does an organization manage risk? Organizations adopt centralized vs. decentralized approach. The decentralized approach has its elements compartmentalized with the focus on managing one risk at a time, whereas centralized approach has its elements viewed together within a coordinated and a strategic framework.

The latter, known as Enterprise Risk Management (ERM) manages all facets of risk that stand in the way of achieving strategic objectives of an organization. ERM enhances stakeholder value by managing risks both at the macro / management level as well as micro / business unit level. Operational risks cannot be hedged and have to be managed at the business unit level.

Operational risk often thrives on lagging indicators and is practiced by organizations as a preventive approach. The business case for transitioning from operational to enterprise risk lies in the competitive advantage that ERM offers; identifying leading indicators for continuous improvement in performance. ERM is proportional to level of risk that a company faces, comprehensive in scope and embedded in routine activities.

ISO 31000:2009 is the defacto standard for risk management. Enterprise Risk Management can be implemented through the following ten step process:

Identify the intended benefits of the enterprise risk management initiative and involve higher management.
Define the scope of the ERM initiative and develop commonalities in definition of risk.
Establish the risk management strategy, framework, roles and responsibilities.
Adopt suitable hazard analysis methodologies and an agreed risk classification system.
Establish risk significance benchmarks and undertake risk assessments.
Determine risk appetite and risk tolerance levels, and evaluate the existing controls.
Ensure cost-effectiveness of existing controls and introduce improvements.
Inculcate risk aware culture and align risk management with other management tasks.
Monitor and review risk performance indicators to measure ERM contribution.
Report risk performance in line with legal and other obligations, and plan for continuous improvement.

Enterprise Risk Management proactively manages your risk exposure and helps you gain a competitive advantage by streamlining an organization’s processes, people and technology. ERM has become fundamental concept in helping an organization improve its stakeholder value through improved risk-based decision making.