SlideShare a Scribd company logo

Integrating Enterprise Risk Management (ERM) with Organizational Strategy

H
henrytk2

This article was published in the Risk Management Association (RMA) Journal (May 2009).

1 of 6
Download to read offline
Enterprise Risk Integrating Enterprise Risk Management with Organizational Strategy Arielle Morris/shutterstock ••An ERM program must align with corporate strategy to give the organization a complete and comprehensive approach to managing risk. by Henry KillacKey Once regarded as unsinkable, the RMS Titanic nonetheless collided with an iceberg on April 14, 1912, and sank to the bottom of the frigid Atlantic in less than three hours. More than 1,500 passengers died. 32 May 2009 The RMA Journal
The builders and crew of the vessel had praised its ad- holder value by managing the uncertainties that could vanced technology and numerous safety features, believing influence achieving the organization’s objectives.”3 By this it could withstand any threat from nature. Their overcon- stated purpose, ERM ini- fidence became evident when the ship’s poor design has- tiatives are not intended If ERM can be understood tened its demise and a shortage of lifeboats led to many to eliminate risk, but to unnecessary deaths. Had the crew and builders properly manage risk for the sake as a process that guides the accounted for all potential risks, the ship and its passengers of achieving organization- achievement of objectives, might have avoided disaster. al objectives. it can be integrated into In recent years, many financial executives developed But while many tradi- the same kind of unwarranted confidence in their enter- tional or outdated defini- the strategic actions of prise risk management (ERM) programs. Institutions such tions of enterprise risk the organization. as Lehman Brothers and AIG implemented ERM programs describe risk in a negative to protect their assets and prevent their organizations from light, Thomas Stewart says risk should not be eliminated: collapsing. Yet changing business conditions and mis- “Risk—let’s get this straight up front—is good. The point of guided moves by internal players created risks that nei- risk management isn’t to eliminate it; that would eliminate ther organization anticipated. Their ERM programs failed reward. The point is to manage it—that is, choose where to protect them from risks that led to disaster. to place bets, and where to avoid betting altogether.”4 Despite the experiences of Lehman Brothers and AIG, In short, risk has to be managed for the organization enterprise risk management can be a valuable tool in pro- to seize new opportunities, avoid potential losses, and tecting your organization. The key is to align your ERM execute strategy. program and your corporate strategy to give your organi- zation a complete and comprehensive approach to manag- Clarifying Strategy and Organizational Objectives ing all types of risk. Organizational strategy is the intended course of action re- quired to achieve goals or objectives, and it must be execut- Defining ERM ed to achieve the desired end result. The COSO definition The current financial crisis and global economic reces- of ERM gives it a strategic purpose. But in order to make sion offer a vivid reminder to the risk management com- ERM a part of the strategy, that strategy must be clarified munity that changes in business conditions can happen and understood by the organization. quickly. Driving these changes are globalization, technol- Unfortunately, strategy rarely gets the attention it de- ogy advances, compliance with new regulations, emerg- serves, despite the important role it plays in an organi- ing markets, competition, geopolitical threats, and natural zation’s performance. This has resulted in the failure to hazards, among other risk events. Rapid and significant execute strategy by nine out of 10 organizations, accord- change increases an organization’s exposure to loss, mak- ing to the Balanced Scorecard Collaborative. The firm has ing a comprehensive ERM program necessary. identified four barriers to executing strategy, as shown in For many publicly traded companies, ERM has emerged Figure 1. as a value-added contribution to Sarbanes-Oxley (SOX) If ERM can be understood as a process that guides the compliance and audit efforts.1 According to a survey re- achievement of objectives, it can be integrated into the ported in Business Finance Magazine, 76% of respondents strategic actions of the organization. Accordingly, it is im- indicated they either intended to expand SOX compliance portant that a broad strategy be broken down to opera- into ERM, or were already in the process of doing so.2 tional terms that employees, managers, and other internal Widely accepted definitions of ERM emphasize that it stakeholders can understand. An understanding of strat- needs to be a part of the organization’s DNA. For instance, egy can help foster buy-in and inspire action. as defined by COSO in 2004, ERM is “effected by an enti- The integration of ERM and strategy begins with the ty’s board of directors, management and other personnel.” Balanced Scorecard (BSC). Developed by Robert Kaplan It is “applied in strategy setting across the enterprise” and and David Norton, the BSC is a management and com- “designed to identify potential events that may affect the munication tool that articulates strategy and the organiza- entity, and manage risks to be within its risk appetite to tion’s progress in executing it across four perspectives: provide reasonable assurance regarding the achievement 1. Financial: How do shareholders view the organization? of entity objectives.” 2. Customer: How do customers view the organization’s The COSO definition describes ERM as guiding the product, brand, and image? achievement of organizational goals and objectives. Ac- 3. Internal Process: At which processes must the or- cording to Barton, Shenkir, and Walker, the purpose of ganization excel in order to satisfy customers and ERM initiatives is to “create, protect, and enhance share- shareholders? The RMA Journal May 2009 33
Figure 1 the success of internal processes. An educated and well- trained workforce can execute more sophisticated pro- Four Barriers to Executing Strategy cesses, which in turn improves organizational efficiency and directly influences the customer’s perspective. Im- proved efficiency from better processes can increase cus- Vision Barrier tomer satisfaction and loyalty. Finally, improved custom- er satisfaction and loyalty can result in larger sustainable Only 5% of work- revenue streams for the organization, which translates force understands into greater financial performance, directly impacting the strategy. shareholder satisfaction. Identifying and Measuring Risk When a strategy is broken down to operational or under- People Barrier standable terms, the organization can begin work on identi- fying specific risks that threaten organizational performance. Only 25% of managers have The following are some typical ways to identify risks. incentives linked to the strategy. Internal investigation: An organization can examine Nine out of 10 itself to find risks and their impacts. Methods for inves- organizations fail tigation include brainstorming sessions among business to execute their Management strategy. unit managers, SWOT analysis, surveys, and interviews. Barrier Looking internally enables the organization to gather in- 85% of executive formation from the employees and managers who work to teams spend less prevent risks from adversely affecting business units. than one hour per month discussing External sources: An organization can gain valuable long-term strategy. information about its risks by relying on external sources. This effort can include conversations with risk consultants Resources and discussions with subject matter experts outside of the Barrier organization. Benchmarking is another external source. 60% of Benchmarking involves researching best practices in the organizations do industry and comparing the organization’s risk manage- not link strategy to ment efforts to those practices.5 The information gathered budgets. from these sources can help an organization refine its course of action for managing risk. Source: Balanced Scorecard Collaborative newsletter. Tools: Risks can be identified by dissecting business processes. Tools such as Six Sigma, Pareto analysis, and 4. Learning and Growth: Which human capital assets Ishikawa diagrams can provide insight into the controls must the organization develop or draw from in order to and gaps within business processes.6 execute value-creating processes? Once a risk has been identified, it can be classified. Is A complete BSC contains measures, targets, and ini- it a hazard risk, a strategic risk, a legal risk, or some other tiatives within each of the four perspectives that link to type of risk? Classification also includes determining the strategy. All of these elements are derived from a strategy likelihood of a risk event occurring.7 map, a diagram reflecting the cause-and-effect relation- The following qualitative methods are often used for ships among the strategic objectives of the four perspec- classifying risks: tives. Learning/growth and internal process are regarded • Risk “heat maps” that depict the impact and likelihood as input perspectives because they drive results within the of risk events. customer and financial perspectives (also known as out- • Risk rankings. come perspectives). • Identification of risk correlations. At the core of the strategy map is learning and growth. Once a risk has been classified, it can be measured for Employee growth and development is a catalyst for or- severity. Indeed, quantifying risk is necessary in order ganizational performance and has a direct influence on to understand the size of its impact. Many organizations 34 May 2009 The RMA Journal
Figure 2 Risk “Heat Map” Template for Classifying Risk Probability of Occurrence High Yellow Red Red Emerging Risk High Impact Risk High Impact Risk Green Yellow Red Controlled Risk / Poses Limited Threat Deserves Monitoring Requires Attention Green Green Yellow Controlled Risk / Poses Limited Threat Controlled Risk / Poses Limited Threat Has Potential to Become Severe Low Magnitude of Risk High *Some companies will use more or fewer cells in a heat map, depending upon their risk portfolio or their desired level of detail. need this information to perform tasks such as purchasing Figure 3 insurance or determining economic capital. The following quantitative methods are often used for Strategic Linkage of the Four Perspectives measuring risks: of the Balanced Scorecard • ornado chart (a bar chart that compares multiple sets T of risk data). Organizational Vision / Mission • Gain/loss chart (a chart that determines the valuation of Strategic objectives are placed within an asset). the four perspectives of the BSC. • Cash flow at risk (a method that determines how chang- Financial es in risk factors affect an organization’s cash flow). To succeed financially, how must we appear to shareholders? Monitoring Customer Effective ERM requires monitoring and reporting on the To achieve our vision, performance of risk management processes. It is a con- how should we appear to our customers? tinuous and collaborative effort that should involve the Internal Business Processes input and cooperation of stakeholders such as the C-level To satisfy our shareholders and customers, executives, the audit committee, and the board of direc- what business processes must we excel at? tors. This collaboration is essential to ensure that ERM Learning and Growth (strategic enablers) enhances organizational confidence in making decisions and executing strategy. Which key assets must we draw to execute our value-creating process? It is vitally important, however, to remember the COSO definition of ERM and its clear link with strategy: a pro- mitigating operational risks or the risks that affect a spe- cess “applied in strategy setting across the enterprise.” cific business unit. ERM requires the assessment and man- ERM and the BSC can be integrated because of the agement of the entire portfolio of risks that can impact organization-wide view that each requires from users. any internal process, employee, customer perspective, or To be effective, the BSC has to provide a balanced view financial result.8 of the organization to drive strategy execution and busi- Strategic objectives for risk management can be built ness performance across the enterprise. The BSC requires into the internal process perspective of the organization- input and feedback from entities inside and outside the al strategy map, in which processes are segregated into organization. It does not rely solely on the viewpoints of four categories: operations management, customer man- shareholders or the financial returns of the enterprise, but agement, innovation, and regulatory/social. Risks can be on the perspectives of customers, employees, and other managed within each of these categories. In operations internal stakeholders. Meanwhile, ERM is not just about management, risks can affect supplies, logistics, and The RMA Journal May 2009 35
Figure 4 Example of a Strategy Map Main Street Financial Corporation Strategy Map for a Fictitious Bank Purpose: Maximize the long term total return to our shareholders F1–Long Term Growth with Top Tier Earnings Financial Become a Top Performing Sales Organization F3–Maintain a High Level F5–Strategically F2–Increase Revenues F4–Manage Expenses of Risk Management Invest/Divest Acquire and Retain Customers Customers C1–Provide Financial C2–Deliver Quality Service Solutions for Life I2–Use the Preferred Way 13–Profitably Deliver of Selling Consistent Service Internal Processes I1–Expand and Enhance Offerings Optimize Business Effectiveness I4–Proactively Manage I5–Continually Improve Resource Allocation our Business Processes Employees are our #1 Asset E2–We Will Develop E3–We Will Have E1–We will be the E4–We Will Recognize and Learning the Leadership Expertise Employees Who Volunteer preferred Employer Reward Outstanding Results to Succeed in our Communities production (traditionally for nonfinancial industries). In supervising new employees. Also, there are risks in not managing customers, there are risks involved in selecting having an effective succession plan for the future health and acquiring custom- of the organization. ERM-related strategic objectives can ERM applied in the ers. There are innovation be built into this perspective to mitigate the chance and internal process risks in developing new impact of these risks. Objectives created for such risks can products and introducing communicate the importance of ERM to human resources perspective can ensure them to the marketplace. and organizational development professionals who work product quality Also, damage can be within the enterprise. done to an organization’s By applying ERM to the input perspectives, positive that strengthens the reputation when there is results can emerge in the customer and financial perspec- organizational brand a failure to comply with tives. Driving ERM in the learning/growth and internal image to the customer. regulations. Strategic ob- process perspectives can lead to greater cost controls and, jectives related to ERM as a result, reasonable prices for customers. ERM applied can be linked into each of these process categories to en- in the internal process perspective can ensure product sure alignment across the perspective and achieve broad quality that strengthens the organizational brand image to impact. the customer. In every benefit that comes to customers There are also risks in the learning and growth per- through integrating ERM in the input perspectives, there spective on which ERM-related strategic objectives can is the greater opportunity that can come by ensuring cus- be built. There are risks behind selecting potential new tomer loyalty and acquiring new customers, which can employees. There is the risk of improperly training and drive financial results for shareholders. 34 May 2009 The RMA Journal
The BSC can effectively align ERM efforts with strategy Notes while communicating the relevance of risk management 1. Killackey, Henry. “The Balanced Approach to Managing to individuals and business units. By including in the or- Risk—Integrating the Balanced Scorecard with Enterprise Risk Management.” Information Management Magazine, February 1, ganizational strategy map nine- or 10-word strategic ob- 2008. Available at http://www.information-management.com/ jectives that communicate the mitigation of specific risks, issues/2007_44/10000635-1.html. individuals can understand how risk management aligns 2. “How Compliance Became an ERM Trigger.” Business Finance Mag- with their jobs. azine, September 11, 2007. Available at http://businessfinancemag. com/article/how-compliance-became-erm-trigger-0911. Conclusion 3. Barton, Thomas, William Shenkir, and Paul Walker. Making En- Once it is integrated into strategy, ERM can spread terprise Risk Management Pay Off: How Leading Companies Implement throughout the entire organization. This integration re- Risk Management. Upper Saddle River: Financial Times/Prentice quires cooperation among executives, managers, and Hall, 2003, p.5. employees. It also requires an organizational commitment 4. Op. cit., p. 1. to identify risk across business units and to thoroughly assess and measure risk. With the help of the Balanced 5. Pyzdek, Thomas. The Six Sigma Handbook: A Complete Guide for Green Belts, Black Belts, and Managers at All Levels. New York: Scorecard, an organization can articulate its strategy and McGraw-Hill, 2003, p. 91. ERM programs while alleviating the challenges of execut- ing the strategy. v 6. Schaefer, John. “Practical Approaches to ERM.” Presented at the Enterprise Risk World conference, Houston, November 28, 2006. •• 7. Killackey, Henry. “Building the Quality-Centered Enterprise Risk Henry Killackey, a certified Six Sigma Green Belt, is the educational services Program.” The RMA Journal, May 1, 2007. manager and a founding member of the Global Institute for Management (www. 8. Killackey, Henry. “The Balanced Approach to Managing Risk—Inte- gimanagement.com), an educational services provider that facilitates workshops and grating the Balanced Scorecard with Enterprise Risk Management.” training sessions covering issues in performance management and risk management. Contact him by e-mail at henry.killackey@gimanagement.com. Write to editor@rmahq.org. The RMA Journal May 2009 35

Recommended

Aligning Enterprise Risk Management with Strategy Through the Balance Score Card
Aligning Enterprise Risk Management with Strategy Through the Balance Score CardAligning Enterprise Risk Management with Strategy Through the Balance Score Card
Aligning Enterprise Risk Management with Strategy Through the Balance Score Card
syedmohsin4
 
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementStrategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Andrew Smart
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk Management
Andrew Smart
 
Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite
Andrew Smart
 
Manigent Aligning Risk Appetite And Exposure
Manigent Aligning Risk Appetite And ExposureManigent Aligning Risk Appetite And Exposure
Manigent Aligning Risk Appetite And Exposure
Andrew Smart
 
Governance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskGovernance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational Risk
Andrew Smart
 
Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.
Andrew Smart
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
Andrew Smart
 

Recommended

Aligning Enterprise Risk Management with Strategy Through the Balance Score Card
Aligning Enterprise Risk Management with Strategy Through the Balance Score CardAligning Enterprise Risk Management with Strategy Through the Balance Score Card
Aligning Enterprise Risk Management with Strategy Through the Balance Score Card
syedmohsin4
 
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementStrategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Andrew Smart
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk Management
Andrew Smart
 
Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite
Andrew Smart
 
Manigent Aligning Risk Appetite And Exposure
Manigent Aligning Risk Appetite And ExposureManigent Aligning Risk Appetite And Exposure
Manigent Aligning Risk Appetite And Exposure
Andrew Smart
 
Governance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskGovernance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational Risk
Andrew Smart
 
Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.
Andrew Smart
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
Andrew Smart
 
ERM overview
ERM overviewERM overview
ERM overview
Hisham Haridy MBA, PMP®, RMP®, SP®
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and Sustainability
Jeff B
 
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ InovastraEnterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Nik Hasyudeen
 
Embedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyEmbedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business Strategy
Andrew Smart
 
Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard
Andrew Smart
 
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
prosenzw69
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk management
rejoysirvel
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Process
regio12
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
Anu Damodaran
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentation
alygale
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
Aronson LLC
 
A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...
Hassan Zaitoun
 
Enterprise Risk Management Erm
Enterprise Risk Management ErmEnterprise Risk Management Erm
Enterprise Risk Management Erm
Nexus Aid
 
Management of Risk M_o_R Dubai - Syzygal
Management of Risk M_o_R Dubai - SyzygalManagement of Risk M_o_R Dubai - Syzygal
Management of Risk M_o_R Dubai - Syzygal
Syzygal
 
GRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program OverviewGRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program Overview
Denise Robinson
 
Incorporating Risk Management into BCP
Incorporating Risk Management into BCPIncorporating Risk Management into BCP
Incorporating Risk Management into BCP
Ron Andrews
 
Strategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesStrategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processes
GlobalStrategyTribe
 
ToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_enToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOPiTech
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk Management
Jorge Vaz Girão , CISA, PMP, PMDPro I, ERMCP
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
Croydon Consulting, LLC
 
Strategic program management
Strategic program managementStrategic program management
Strategic program management
Edwin Provencal
 
20080416 standard iso38500
20080416 standard iso3850020080416 standard iso38500
20080416 standard iso38500
Guillermo Ramirez
 

More Related Content

What's hot

UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
prosenzw69
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk management
rejoysirvel
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Process
regio12
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
Anu Damodaran
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentation
alygale
 
A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...
Hassan Zaitoun
 
Management of Risk M_o_R Dubai - Syzygal
Management of Risk M_o_R Dubai - SyzygalManagement of Risk M_o_R Dubai - Syzygal
Management of Risk M_o_R Dubai - Syzygal
Syzygal
 
Incorporating Risk Management into BCP
Incorporating Risk Management into BCPIncorporating Risk Management into BCP
Incorporating Risk Management into BCP
Ron Andrews
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk Management
Jorge Vaz Girão , CISA, PMP, PMDPro I, ERMCP
 

What's hot (20)

ERM overview
ERM overviewERM overview
ERM overview
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and Sustainability
 
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ InovastraEnterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
 
Embedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyEmbedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business Strategy
 
Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard
 
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk management
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Process
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentation
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
 
A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...
 
Enterprise Risk Management Erm
Enterprise Risk Management ErmEnterprise Risk Management Erm
Enterprise Risk Management Erm
 
Management of Risk M_o_R Dubai - Syzygal
Management of Risk M_o_R Dubai - SyzygalManagement of Risk M_o_R Dubai - Syzygal
Management of Risk M_o_R Dubai - Syzygal
 
GRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program OverviewGRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program Overview
 
Incorporating Risk Management into BCP
Incorporating Risk Management into BCPIncorporating Risk Management into BCP
Incorporating Risk Management into BCP
 
Strategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesStrategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processes
 
ToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_enToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_en
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk Management
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 

Viewers also liked

Strategic program management
Strategic program managementStrategic program management
Strategic program management
Edwin Provencal
 
The Age of Alignment Part II: Getting Strategy-Driven Performance Measurement...
The Age of Alignment Part II: Getting Strategy-Driven Performance Measurement...The Age of Alignment Part II: Getting Strategy-Driven Performance Measurement...
The Age of Alignment Part II: Getting Strategy-Driven Performance Measurement...
Pearl Meyer
 
Materi#2 performance management concepts
Materi#2 performance management conceptsMateri#2 performance management concepts
Materi#2 performance management concepts
Mokh Afifuddin Machfudz
 

Viewers also liked (16)

Strategic program management
Strategic program managementStrategic program management
Strategic program management
 
20080416 standard iso38500
20080416 standard iso3850020080416 standard iso38500
20080416 standard iso38500
 
The Age of Alignment Part II: Getting Strategy-Driven Performance Measurement...
The Age of Alignment Part II: Getting Strategy-Driven Performance Measurement...The Age of Alignment Part II: Getting Strategy-Driven Performance Measurement...
The Age of Alignment Part II: Getting Strategy-Driven Performance Measurement...
 
Materi#2 performance management concepts
Materi#2 performance management conceptsMateri#2 performance management concepts
Materi#2 performance management concepts
 
Laporan Kegiatan Magang Calon Pendidik
Laporan Kegiatan Magang Calon PendidikLaporan Kegiatan Magang Calon Pendidik
Laporan Kegiatan Magang Calon Pendidik
 
Tired Of Strategic Planning
Tired Of Strategic PlanningTired Of Strategic Planning
Tired Of Strategic Planning
 
IT 2.0 Transformation 101
IT 2.0 Transformation 101IT 2.0 Transformation 101
IT 2.0 Transformation 101
 
Performance Measurement: Rules For Driving Results
Performance Measurement: Rules For Driving ResultsPerformance Measurement: Rules For Driving Results
Performance Measurement: Rules For Driving Results
 
Materi#3 modern performance model
Materi#3 modern performance modelMateri#3 modern performance model
Materi#3 modern performance model
 
Overcoming Skepticism In Performance Measurement Hci April 14, 2011 Final
Overcoming Skepticism In Performance Measurement Hci April 14, 2011 FinalOvercoming Skepticism In Performance Measurement Hci April 14, 2011 Final
Overcoming Skepticism In Performance Measurement Hci April 14, 2011 Final
 
Standardization of IT Processes
Standardization of IT ProcessesStandardization of IT Processes
Standardization of IT Processes
 
SPMS. Strategic human resource develoment
SPMS. Strategic human resource develomentSPMS. Strategic human resource develoment
SPMS. Strategic human resource develoment
 
Levers for change in healthcare systems: The role of performance measurement ...
Levers for change in healthcare systems: The role of performance measurement ...Levers for change in healthcare systems: The role of performance measurement ...
Levers for change in healthcare systems: The role of performance measurement ...
 
Christophe feltus introduction to iso 38500 v1 0
Christophe feltus introduction to iso 38500 v1 0Christophe feltus introduction to iso 38500 v1 0
Christophe feltus introduction to iso 38500 v1 0
 
Superior it governance with iso 38500.key
Superior it governance with iso 38500.keySuperior it governance with iso 38500.key
Superior it governance with iso 38500.key
 
Re-Architect Your Legacy Environment To Enable An Agile, Future-Ready Enterprise
Re-Architect Your Legacy Environment To Enable An Agile, Future-Ready EnterpriseRe-Architect Your Legacy Environment To Enable An Agile, Future-Ready Enterprise
Re-Architect Your Legacy Environment To Enable An Agile, Future-Ready Enterprise
 

Similar to Integrating Enterprise Risk Management (ERM) with Organizational Strategy

Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Strategically+Speaking+October+2015
Strategically+Speaking+October+2015
Andrew Smart
 
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxDISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
madlynplamondon
 
Risk Gov Reform RMAJournal
Risk Gov Reform RMAJournalRisk Gov Reform RMAJournal
Risk Gov Reform RMAJournal
peterjschild
 
Amper ERM Presentation to FEI
Amper ERM Presentation to FEIAmper ERM Presentation to FEI
Amper ERM Presentation to FEI
jravi
 
The requirement for presentation(need in 4hrs)slide1ERM at M.docx
The requirement for presentation(need in 4hrs)slide1ERM at M.docxThe requirement for presentation(need in 4hrs)slide1ERM at M.docx
The requirement for presentation(need in 4hrs)slide1ERM at M.docx
kathleen23456789
 
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Tim Leech
 
Testing value creation through erm maturity
Testing value creation through erm maturityTesting value creation through erm maturity
Testing value creation through erm maturity
Mbuthiac Mbuthiac
 
Common failures of risk management
Common failures of risk management Common failures of risk management
Common failures of risk management
Surajit Datta
 
Narayana Rao Mahankali Week 11 - DiscussionCOLLAPSETop of Fo.docx
Narayana Rao Mahankali Week 11 - DiscussionCOLLAPSETop of Fo.docxNarayana Rao Mahankali Week 11 - DiscussionCOLLAPSETop of Fo.docx
Narayana Rao Mahankali Week 11 - DiscussionCOLLAPSETop of Fo.docx
vannagoforth
 
Enterprise Risk Management Integrating with Strategy and Per
Enterprise Risk Management Integrating with Strategy and PerEnterprise Risk Management Integrating with Strategy and Per
Enterprise Risk Management Integrating with Strategy and Per
TanaMaeskm
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_Articulate
Anthony Chiusano
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
Anu Damodaran
 

Similar to Integrating Enterprise Risk Management (ERM) with Organizational Strategy (20)

Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Strategically+Speaking+October+2015
Strategically+Speaking+October+2015
 
Common Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAECommon Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAE
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
 
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxDISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
 
Risk Gov Reform RMAJournal
Risk Gov Reform RMAJournalRisk Gov Reform RMAJournal
Risk Gov Reform RMAJournal
 
An approach to erm in the insurance industry apria 2002 rama warrier&preeti
An approach to erm in the insurance industry apria 2002 rama warrier&preetiAn approach to erm in the insurance industry apria 2002 rama warrier&preeti
An approach to erm in the insurance industry apria 2002 rama warrier&preeti
 
Amper ERM Presentation to FEI
Amper ERM Presentation to FEIAmper ERM Presentation to FEI
Amper ERM Presentation to FEI
 
grc-today-oct-2015
grc-today-oct-2015grc-today-oct-2015
grc-today-oct-2015
 
The requirement for presentation(need in 4hrs)slide1ERM at M.docx
The requirement for presentation(need in 4hrs)slide1ERM at M.docxThe requirement for presentation(need in 4hrs)slide1ERM at M.docx
The requirement for presentation(need in 4hrs)slide1ERM at M.docx
 
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
 
CRO Insight
CRO InsightCRO Insight
CRO Insight
 
Testing value creation through erm maturity
Testing value creation through erm maturityTesting value creation through erm maturity
Testing value creation through erm maturity
 
Strategy value ff
Strategy value ffStrategy value ff
Strategy value ff
 
Control Risks-ERM-whitepaper
Control Risks-ERM-whitepaperControl Risks-ERM-whitepaper
Control Risks-ERM-whitepaper
 
Common failures of risk management
Common failures of risk management Common failures of risk management
Common failures of risk management
 
Narayana Rao Mahankali Week 11 - DiscussionCOLLAPSETop of Fo.docx
Narayana Rao Mahankali Week 11 - DiscussionCOLLAPSETop of Fo.docxNarayana Rao Mahankali Week 11 - DiscussionCOLLAPSETop of Fo.docx
Narayana Rao Mahankali Week 11 - DiscussionCOLLAPSETop of Fo.docx
 
Developing an Effective Enterprise Risk Capability
Developing an Effective Enterprise Risk CapabilityDeveloping an Effective Enterprise Risk Capability
Developing an Effective Enterprise Risk Capability
 
Enterprise Risk Management Integrating with Strategy and Per
Enterprise Risk Management Integrating with Strategy and PerEnterprise Risk Management Integrating with Strategy and Per
Enterprise Risk Management Integrating with Strategy and Per
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_Articulate
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 

Integrating Enterprise Risk Management (ERM) with Organizational Strategy

  • 1. Enterprise Risk Integrating Enterprise Risk Management with Organizational Strategy Arielle Morris/shutterstock ••An ERM program must align with corporate strategy to give the organization a complete and comprehensive approach to managing risk. by Henry KillacKey Once regarded as unsinkable, the RMS Titanic nonetheless collided with an iceberg on April 14, 1912, and sank to the bottom of the frigid Atlantic in less than three hours. More than 1,500 passengers died. 32 May 2009 The RMA Journal
  • 2. The builders and crew of the vessel had praised its ad- holder value by managing the uncertainties that could vanced technology and numerous safety features, believing influence achieving the organization’s objectives.”3 By this it could withstand any threat from nature. Their overcon- stated purpose, ERM ini- fidence became evident when the ship’s poor design has- tiatives are not intended If ERM can be understood tened its demise and a shortage of lifeboats led to many to eliminate risk, but to unnecessary deaths. Had the crew and builders properly manage risk for the sake as a process that guides the accounted for all potential risks, the ship and its passengers of achieving organization- achievement of objectives, might have avoided disaster. al objectives. it can be integrated into In recent years, many financial executives developed But while many tradi- the same kind of unwarranted confidence in their enter- tional or outdated defini- the strategic actions of prise risk management (ERM) programs. Institutions such tions of enterprise risk the organization. as Lehman Brothers and AIG implemented ERM programs describe risk in a negative to protect their assets and prevent their organizations from light, Thomas Stewart says risk should not be eliminated: collapsing. Yet changing business conditions and mis- “Risk—let’s get this straight up front—is good. The point of guided moves by internal players created risks that nei- risk management isn’t to eliminate it; that would eliminate ther organization anticipated. Their ERM programs failed reward. The point is to manage it—that is, choose where to protect them from risks that led to disaster. to place bets, and where to avoid betting altogether.”4 Despite the experiences of Lehman Brothers and AIG, In short, risk has to be managed for the organization enterprise risk management can be a valuable tool in pro- to seize new opportunities, avoid potential losses, and tecting your organization. The key is to align your ERM execute strategy. program and your corporate strategy to give your organi- zation a complete and comprehensive approach to manag- Clarifying Strategy and Organizational Objectives ing all types of risk. Organizational strategy is the intended course of action re- quired to achieve goals or objectives, and it must be execut- Defining ERM ed to achieve the desired end result. The COSO definition The current financial crisis and global economic reces- of ERM gives it a strategic purpose. But in order to make sion offer a vivid reminder to the risk management com- ERM a part of the strategy, that strategy must be clarified munity that changes in business conditions can happen and understood by the organization. quickly. Driving these changes are globalization, technol- Unfortunately, strategy rarely gets the attention it de- ogy advances, compliance with new regulations, emerg- serves, despite the important role it plays in an organi- ing markets, competition, geopolitical threats, and natural zation’s performance. This has resulted in the failure to hazards, among other risk events. Rapid and significant execute strategy by nine out of 10 organizations, accord- change increases an organization’s exposure to loss, mak- ing to the Balanced Scorecard Collaborative. The firm has ing a comprehensive ERM program necessary. identified four barriers to executing strategy, as shown in For many publicly traded companies, ERM has emerged Figure 1. as a value-added contribution to Sarbanes-Oxley (SOX) If ERM can be understood as a process that guides the compliance and audit efforts.1 According to a survey re- achievement of objectives, it can be integrated into the ported in Business Finance Magazine, 76% of respondents strategic actions of the organization. Accordingly, it is im- indicated they either intended to expand SOX compliance portant that a broad strategy be broken down to opera- into ERM, or were already in the process of doing so.2 tional terms that employees, managers, and other internal Widely accepted definitions of ERM emphasize that it stakeholders can understand. An understanding of strat- needs to be a part of the organization’s DNA. For instance, egy can help foster buy-in and inspire action. as defined by COSO in 2004, ERM is “effected by an enti- The integration of ERM and strategy begins with the ty’s board of directors, management and other personnel.” Balanced Scorecard (BSC). Developed by Robert Kaplan It is “applied in strategy setting across the enterprise” and and David Norton, the BSC is a management and com- “designed to identify potential events that may affect the munication tool that articulates strategy and the organiza- entity, and manage risks to be within its risk appetite to tion’s progress in executing it across four perspectives: provide reasonable assurance regarding the achievement 1. Financial: How do shareholders view the organization? of entity objectives.” 2. Customer: How do customers view the organization’s The COSO definition describes ERM as guiding the product, brand, and image? achievement of organizational goals and objectives. Ac- 3. Internal Process: At which processes must the or- cording to Barton, Shenkir, and Walker, the purpose of ganization excel in order to satisfy customers and ERM initiatives is to “create, protect, and enhance share- shareholders? The RMA Journal May 2009 33
  • 3. Figure 1 the success of internal processes. An educated and well- trained workforce can execute more sophisticated pro- Four Barriers to Executing Strategy cesses, which in turn improves organizational efficiency and directly influences the customer’s perspective. Im- proved efficiency from better processes can increase cus- Vision Barrier tomer satisfaction and loyalty. Finally, improved custom- er satisfaction and loyalty can result in larger sustainable Only 5% of work- revenue streams for the organization, which translates force understands into greater financial performance, directly impacting the strategy. shareholder satisfaction. Identifying and Measuring Risk When a strategy is broken down to operational or under- People Barrier standable terms, the organization can begin work on identi- fying specific risks that threaten organizational performance. Only 25% of managers have The following are some typical ways to identify risks. incentives linked to the strategy. Internal investigation: An organization can examine Nine out of 10 itself to find risks and their impacts. Methods for inves- organizations fail tigation include brainstorming sessions among business to execute their Management strategy. unit managers, SWOT analysis, surveys, and interviews. Barrier Looking internally enables the organization to gather in- 85% of executive formation from the employees and managers who work to teams spend less prevent risks from adversely affecting business units. than one hour per month discussing External sources: An organization can gain valuable long-term strategy. information about its risks by relying on external sources. This effort can include conversations with risk consultants Resources and discussions with subject matter experts outside of the Barrier organization. Benchmarking is another external source. 60% of Benchmarking involves researching best practices in the organizations do industry and comparing the organization’s risk manage- not link strategy to ment efforts to those practices.5 The information gathered budgets. from these sources can help an organization refine its course of action for managing risk. Source: Balanced Scorecard Collaborative newsletter. Tools: Risks can be identified by dissecting business processes. Tools such as Six Sigma, Pareto analysis, and 4. Learning and Growth: Which human capital assets Ishikawa diagrams can provide insight into the controls must the organization develop or draw from in order to and gaps within business processes.6 execute value-creating processes? Once a risk has been identified, it can be classified. Is A complete BSC contains measures, targets, and ini- it a hazard risk, a strategic risk, a legal risk, or some other tiatives within each of the four perspectives that link to type of risk? Classification also includes determining the strategy. All of these elements are derived from a strategy likelihood of a risk event occurring.7 map, a diagram reflecting the cause-and-effect relation- The following qualitative methods are often used for ships among the strategic objectives of the four perspec- classifying risks: tives. Learning/growth and internal process are regarded • Risk “heat maps” that depict the impact and likelihood as input perspectives because they drive results within the of risk events. customer and financial perspectives (also known as out- • Risk rankings. come perspectives). • Identification of risk correlations. At the core of the strategy map is learning and growth. Once a risk has been classified, it can be measured for Employee growth and development is a catalyst for or- severity. Indeed, quantifying risk is necessary in order ganizational performance and has a direct influence on to understand the size of its impact. Many organizations 34 May 2009 The RMA Journal
  • 4. Figure 2 Risk “Heat Map” Template for Classifying Risk Probability of Occurrence High Yellow Red Red Emerging Risk High Impact Risk High Impact Risk Green Yellow Red Controlled Risk / Poses Limited Threat Deserves Monitoring Requires Attention Green Green Yellow Controlled Risk / Poses Limited Threat Controlled Risk / Poses Limited Threat Has Potential to Become Severe Low Magnitude of Risk High *Some companies will use more or fewer cells in a heat map, depending upon their risk portfolio or their desired level of detail. need this information to perform tasks such as purchasing Figure 3 insurance or determining economic capital. The following quantitative methods are often used for Strategic Linkage of the Four Perspectives measuring risks: of the Balanced Scorecard • ornado chart (a bar chart that compares multiple sets T of risk data). Organizational Vision / Mission • Gain/loss chart (a chart that determines the valuation of Strategic objectives are placed within an asset). the four perspectives of the BSC. • Cash flow at risk (a method that determines how chang- Financial es in risk factors affect an organization’s cash flow). To succeed financially, how must we appear to shareholders? Monitoring Customer Effective ERM requires monitoring and reporting on the To achieve our vision, performance of risk management processes. It is a con- how should we appear to our customers? tinuous and collaborative effort that should involve the Internal Business Processes input and cooperation of stakeholders such as the C-level To satisfy our shareholders and customers, executives, the audit committee, and the board of direc- what business processes must we excel at? tors. This collaboration is essential to ensure that ERM Learning and Growth (strategic enablers) enhances organizational confidence in making decisions and executing strategy. Which key assets must we draw to execute our value-creating process? It is vitally important, however, to remember the COSO definition of ERM and its clear link with strategy: a pro- mitigating operational risks or the risks that affect a spe- cess “applied in strategy setting across the enterprise.” cific business unit. ERM requires the assessment and man- ERM and the BSC can be integrated because of the agement of the entire portfolio of risks that can impact organization-wide view that each requires from users. any internal process, employee, customer perspective, or To be effective, the BSC has to provide a balanced view financial result.8 of the organization to drive strategy execution and busi- Strategic objectives for risk management can be built ness performance across the enterprise. The BSC requires into the internal process perspective of the organization- input and feedback from entities inside and outside the al strategy map, in which processes are segregated into organization. It does not rely solely on the viewpoints of four categories: operations management, customer man- shareholders or the financial returns of the enterprise, but agement, innovation, and regulatory/social. Risks can be on the perspectives of customers, employees, and other managed within each of these categories. In operations internal stakeholders. Meanwhile, ERM is not just about management, risks can affect supplies, logistics, and The RMA Journal May 2009 35
  • 5. Figure 4 Example of a Strategy Map Main Street Financial Corporation Strategy Map for a Fictitious Bank Purpose: Maximize the long term total return to our shareholders F1–Long Term Growth with Top Tier Earnings Financial Become a Top Performing Sales Organization F3–Maintain a High Level F5–Strategically F2–Increase Revenues F4–Manage Expenses of Risk Management Invest/Divest Acquire and Retain Customers Customers C1–Provide Financial C2–Deliver Quality Service Solutions for Life I2–Use the Preferred Way 13–Profitably Deliver of Selling Consistent Service Internal Processes I1–Expand and Enhance Offerings Optimize Business Effectiveness I4–Proactively Manage I5–Continually Improve Resource Allocation our Business Processes Employees are our #1 Asset E2–We Will Develop E3–We Will Have E1–We will be the E4–We Will Recognize and Learning the Leadership Expertise Employees Who Volunteer preferred Employer Reward Outstanding Results to Succeed in our Communities production (traditionally for nonfinancial industries). In supervising new employees. Also, there are risks in not managing customers, there are risks involved in selecting having an effective succession plan for the future health and acquiring custom- of the organization. ERM-related strategic objectives can ERM applied in the ers. There are innovation be built into this perspective to mitigate the chance and internal process risks in developing new impact of these risks. Objectives created for such risks can products and introducing communicate the importance of ERM to human resources perspective can ensure them to the marketplace. and organizational development professionals who work product quality Also, damage can be within the enterprise. done to an organization’s By applying ERM to the input perspectives, positive that strengthens the reputation when there is results can emerge in the customer and financial perspec- organizational brand a failure to comply with tives. Driving ERM in the learning/growth and internal image to the customer. regulations. Strategic ob- process perspectives can lead to greater cost controls and, jectives related to ERM as a result, reasonable prices for customers. ERM applied can be linked into each of these process categories to en- in the internal process perspective can ensure product sure alignment across the perspective and achieve broad quality that strengthens the organizational brand image to impact. the customer. In every benefit that comes to customers There are also risks in the learning and growth per- through integrating ERM in the input perspectives, there spective on which ERM-related strategic objectives can is the greater opportunity that can come by ensuring cus- be built. There are risks behind selecting potential new tomer loyalty and acquiring new customers, which can employees. There is the risk of improperly training and drive financial results for shareholders. 34 May 2009 The RMA Journal
  • 6. The BSC can effectively align ERM efforts with strategy Notes while communicating the relevance of risk management 1. Killackey, Henry. “The Balanced Approach to Managing to individuals and business units. By including in the or- Risk—Integrating the Balanced Scorecard with Enterprise Risk Management.” Information Management Magazine, February 1, ganizational strategy map nine- or 10-word strategic ob- 2008. Available at http://www.information-management.com/ jectives that communicate the mitigation of specific risks, issues/2007_44/10000635-1.html. individuals can understand how risk management aligns 2. “How Compliance Became an ERM Trigger.” Business Finance Mag- with their jobs. azine, September 11, 2007. Available at http://businessfinancemag. com/article/how-compliance-became-erm-trigger-0911. Conclusion 3. Barton, Thomas, William Shenkir, and Paul Walker. Making En- Once it is integrated into strategy, ERM can spread terprise Risk Management Pay Off: How Leading Companies Implement throughout the entire organization. This integration re- Risk Management. Upper Saddle River: Financial Times/Prentice quires cooperation among executives, managers, and Hall, 2003, p.5. employees. It also requires an organizational commitment 4. Op. cit., p. 1. to identify risk across business units and to thoroughly assess and measure risk. With the help of the Balanced 5. Pyzdek, Thomas. The Six Sigma Handbook: A Complete Guide for Green Belts, Black Belts, and Managers at All Levels. New York: Scorecard, an organization can articulate its strategy and McGraw-Hill, 2003, p. 91. ERM programs while alleviating the challenges of execut- ing the strategy. v 6. Schaefer, John. “Practical Approaches to ERM.” Presented at the Enterprise Risk World conference, Houston, November 28, 2006. •• 7. Killackey, Henry. “Building the Quality-Centered Enterprise Risk Henry Killackey, a certified Six Sigma Green Belt, is the educational services Program.” The RMA Journal, May 1, 2007. manager and a founding member of the Global Institute for Management (www. 8. Killackey, Henry. “The Balanced Approach to Managing Risk—Inte- gimanagement.com), an educational services provider that facilitates workshops and grating the Balanced Scorecard with Enterprise Risk Management.” training sessions covering issues in performance management and risk management. Contact him by e-mail at henry.killackey@gimanagement.com. Write to editor@rmahq.org. The RMA Journal May 2009 35