Risk management is nothing new in the business world. But, just as risks continually evolve, so do efforts to manage them. And, with continued economic uncertainty, constant technological threats and the always-prevalent regulatory issues making life difficult for business owners, risk management has never been more important.
Among the most popular approaches is enterprise risk management, or ERM. Like a computer system, it seeks to manage risk on an integrated, companywide level. And though an ERM program can be circumvented or mismanaged, it still offers a comprehensive means to steer your company clear of whatever threatens it the most.
Lay the groundwork
Risk management takes many forms and the number of strategies available to deal with it may seem overwhelming. This is largely why ERM came about ”“ to bring together the best practices in the field to build sound risk protection that addresses a company”™s every foreseeable need.
Before you can implement an ERM program, you must lay the groundwork. This typically isn”™t something you can do by yourself: You”™ll need to sell your colleagues on “risk religion,” from the top down. After you”™ve gained commitment from key players, spend time assessing the risks your business may face.
The first task in creating an ERM program is to develop a comprehensive list of risks. Then determine the impact and likelihood of each one. Obvious risks may include financial perils, IT attacks or crashes, weather-related disasters, regulatory compliance debacles and supplier/customer relationship mishaps. Because every business is different, you”™ll likely need to add other risks unique to your business and industry.
Develop a philosophy
Recognizing risks is only the first phase. Many of the large companies struck by fraud or misfortune over the last decade had risk-management programs in place ”“
to no avail.
To truly address the risks specific to your business, clarify what your company”™s appetite and capacity for each risk is, and then develop a cohesive philosophy and plan for how they should be handled.
Let”™s say your company creates a new, innovative product. You”™d likely face a number of perils involved with the new high-tech product, including product liability or violations of your intellectual property. You might also run afoul of safety regulations or run into a shortage of raw materials or lack of manufacturing capacity.
Before rolling out the product, your company would need to spend time developing and analyzing worst-case scenarios for each risk and then craft a plan to survive each one. The key to success in this planning stage is conducting a detailed analysis of your business.
Gather as much information as possible from each department and employee. Depending on your company”™s size, engage workers in brainstorming sessions and workshops to help you analyze how specific events could alter your company”™s landscape.
In addition to developing strategies, assign someone to manage each of the various aspects of risk. In other words: Each risk should have an “owner.” If the list of risks seems overwhelming, manage the largest ones first and work your way down the list.
Weave it in
The ultimate goal is to embed ERM in your company culture, weaving it into every aspect of the business. Beware of top-down impositions during this phase: Squelching an otherwise free-wheeling company culture through ERM is actually one of the risks you face.
ERM software may help you integrate this risk-management process into the daily operations of your business. If employees understand the software application and use it regularly, ERM will maintain a higher visibility in their respective jobs and will be less likely to fade away.
For you, frequent monitoring of important metrics is an integral part of keeping up with ERM. To this end, many software packages come with “digital dashboards” that keep critical risk-related info instantly accessible on your computer”™s desktop.
Although we have some vague ideas, no one knows precisely what the biggest risks of the next decade will be. Putting an ERM system in place now can help you recognize developing threats as early as possible and get ahead on the tough task of keeping these dangers from undermining your profitability.
Norman G. Grill Jr. is managing partner of Grill & Partners L.L.C., certified public accountants and consultants with offices in Fairfield and Greenwich. Reach him at N.Grill@GRILL1.com.