Introducing Enterprise Risk Management
Enterprise Risk Management (ERM) is a framework of processes, systems, and trained individuals that identifies, measures, manages, monitors and prioritizes potential risks. Rather than solving a single ‘problem’, it is a complete program, impacting all areas of the business.
ERM is a grouping of governance & policies, processes & procedures, people & organization, technology & infrastructure – which together enable the enterprise to achieve its strategic and tactical objectives while providing additional value to the organization. It is more than mitigating risk but identifying strategic alternatives and opportunities to achieve optimal benefits.
Thriving ERM programs are sustained top-down, working with the Board of Directors and/or the Executive Management Team to first review the governance structure and ‘risk culture’. What is their risk appetite? Their risk tolerance? How averse are they to risk? How supportive are they to optimizing returns? Importantly, do their actions say otherwise? Successful Enterprise Risk Management needs the support and engagement from business leaders, with the understanding a successful strategy should be grounded in risk-based principles.
Public Utility Risk Events, a case study
We are in the first phase of a multi-year project with a large public utility company. After being faced with several controllable, and uncontrollable ‘risk events’, the client realized their organization was underprepared to navigate future uncertainties – something particularly integral in their turbulent industry.
They found stakeholders weren’t applying risk-based decision-making to ongoing projects and events that required capital funding as well as sufficient transparency and accountability on the projects they managed. The Executive Team faced challenges and inefficiencies in their approach – but lacked the expertise and external vision to understand exactly what they were, and how to solve them.
With large, complex organizations like this – comprising of multiple divisions & offices (with varying capabilities, experience, and knowledge) – there is a need to identify, measure, and monitor enterprise risks to holistically oversee the portfolio of projects and initiatives day-to-day. A standard risk-based framework wasn’t being used consistently across their portfolio of business activities and projects to maximize benefits within defined cost parameters.
An ERM strategy empowered the client to manage and mitigate risk across the board, and our ongoing, cost-effective program is already showing real benefits.
The Vine Advisors approach
Every project is different and requires a “fit-for-purpose” strategy – but there is a process with standard risk components and requisite elements. Our job is to make everything as clear as possible throughout, while seeking potential benefits from solving inefficiencies.
- We start by analyzing and assessing the company, understanding their organization and risk culture (are they pro-risk or risk-averse?)
- We examine the challenges: asking the right questions, reviewing internal documents, validating current practices to understand what prospective root causes and what is vital for the organization to successfully perform.
- We summarize and characterize the issues on paper, getting the client engaged and onboard. We compare current practices to industry-leading standards to display what ‘good’ looks like, and how far they need to go.
- Importantly, the risks get prioritized. C-Suite Executives find this difficult and may need guidance (they’re told everything is ‘urgent’)
- Finally, we provide an implementation roadmap. Improvements are categorized in three ways:
- People – Resourcing the right skillset and mindset to be an effective risk manager requires education, training, and experience.
- Process – Developing organizational policies, guidelines, procedures, business processes, and internal controls is key to ensuring that business strategies and objectives are met and performed regularly.
- Technology – Digital enablement is a foundational requirement for all companies. Digital automation and analysis enable organizations to have more efficient, more timely risk-based decision-making.
What are the key challenges
Competing priorities
Risk Management is one of many business activities happening at one time. There may be lots of competing projects (with limited people) and transformational initiatives may not be the top priority
Investment in the future
There is only a certain amount of allocated funds directed toward risk mitigation. In most cases investing in a strong future is an integral part of any thriving business – but can be pushed to the sidelines when not prioritized correctly.
A trusted, strategic partner
Vine Advisors has a wealth of experience working with designing and implementing a “fit-for-purpose” ERM program with numerous clients, all with a breadth of challenges and issues. Put simply, we’ve seen it all before.
Consulting Partner Thad Malit heads this up, bringing a wealth of ‘big 4’ experience managing large professional service delivery teams in excess of 150 professionals. In fact, he personally helped to develop these Enterprise Risk Management frameworks over the last 25 years, helping organizations deal with any situation that may arise, identifying, prioritizing, qualifying/quantifying, managing, and monitoring risks.
