Practical Considerations In Implementing Enterprise Risk Management In An Organization
Once an organization decides to go for Enterprise Risk Management, the challenge is the implementation. At the ground level there are lots of considerations in successful implementation of the same. These considerations vary with the organizations; however the following more or less remain the same:
- ERM Champion: First and foremost, considering the challenges an individual is to be selected in the organization that spearheads the initiative. He or she is often called as the chief risk officer (CRO), who either reports to the chief executive officer or the chief financial officer. Next the CRO is now provided with a staff. The whole department should be enabled to act as a change agent and is equally accountable to the top management.
- Incorporating ERM into Organizational Culture: Traditionally risks facing each function or department were taken care of the department heads. There was no such person as the Chief Risk Officer specially deployed for Risk Management of the organization. The finance department looked after financial risks, informational technology looked after operational risks, and marketing department took care of strategic risk and the like. Most importantly they reported to different heads, used different procedures, tools and strategies. Even the calibration was different. Successful ERM implementation requires a revamp that may cause the above mentioned to become defensive. There is thus a need for coordinating different departments, educating them and promoting them for more initiative and cooperation.
- Risk Assessment: This is typically the second stage in risk management cycle. Visible risks are easier to deal with or one can have a plan at least to deal with them but risks that are not visible or cannot be identified are the ones that are often the source of greatest problems. For example, no one could have thought of risks like the criminal tampering of products in pharmaceutical industry! In risk assessment the challenge is to identify and contemplate of such unthinkable events.
- Quantifying Strategic and Operational Risk: Physical hazard and financial risk are easy to quantify but what about risks that are intangible. For a situation where there is inappropriate application of knowledge leads to a knowledge risk. Similarly an operational inefficiency that goes unnoticed for long can lead to production deficit. These are risks that are difficult to estimate in terms of their likelihood and degree of impact. Such risks can be better dealt with qualitative analysis to determine the relative possibility of occurrence.
- Integrating Various Kinds of Risk: It is often very difficult to determine the exact relationship between various kinds of risks. Past relationships may mislead when considering future trends. It is however better to build structural models that permits improvement in corresponding stage over time.
- Lack of Appropriate Risk Transfer Mechanism: Although there are appropriate risk transfer mechanism available but they are often inadequate. Capital and reinsurance markets, for example, are not adequate to support an organization in its risk transferring mechanism. These markets need due evolution in terms of products and services with time. In case of operational and strategic risk the transfer mechanism is even more inappropriate.
- Monitoring the Process: Finally the ERM needs to be monitored on a continual basis. Successful ERM needs reports and comparisons to last risk assessments. Strategies need to be reworked with the changing risk environment.