New use for an accepted process: in the fast-paced global economy, the stakes for understanding and managing corporate reputations are enormous. Enterprise risk management (ERM)--long accepted as a process for managing business risks--offers a holistic and systematic approach to managing such risk.Imagine a business that establishes a niche in the market for low-price, friendly service and ease of use, but then is caught flat-footed when an event exposes it as unprepared to handle a massive disruption disruption /dis·rup·tion/ (dis-rup´shun) a morphologic defect resulting from the extrinsic breakdown of, or interference with, a developmental process. . Costs skyrocket sky·rock·et n. A firework that ascends high into the air where it explodes in a brilliant cascade of flares and starlike sparks. intr. & tr.v. , prices spike A burst of extra voltage in a power line that lasts only a few nanoseconds. See power surge, power swell, sag and surge suppression. (jargon) spike - To defeat a selection mechanism by introducing a (sometimes temporary) device that forces a specific result. and service breaks down. In an age of instantaneous in·stan·ta·ne·ous adj. 1. Occurring or completed without perceptible delay: Relief was instantaneous. 2. communication, the perceived value of a business can diminish in days, if not hours. As any corporate executive who has felt the ripsaw blade of bad publicity can attest To solemnly declare verbally or in writing that a particular document or testimony about an event is a true and accurate representation of the facts; to bear witness to. To formally certify by a signature that the signer has been present at the execution of a particular writing so as , a business' reputation is a very fragile and precious asset. Yet, understanding how to manage reputation risk has stymied even the sharpest corporate stewards, probably because the concept of actively managing such risks is relatively new. Reputation reflects the trust and expectations of customers, employees, regulators, investors and even credit-rating agencies. The fragility of reputation has never been as apparent as it is in today's buyer's market for products and services. More businesses use myriad sales and marketing methods to tap into buyers and investors--especially investors--who demonstrate less loyalty and understanding when a company suffers even the slightest dent in its reputation. When a negative story about an organization is published or broadcast, it almost invariably in·var·i·a·ble adj. Not changing or subject to change; constant. in·var  i·a·bil is accompanied by a graphic of the
decline in the target's stock price. It's apparent that in our
fast-paced global economy, the stakes for getting better at
understanding, identifying and managing reputation are enormous.
It is no wonder, then, that corporate and financial executives have sought a process that can help actively manage these risks. Enterprise risk management (ERM (Enterprise Relationship Management) An umbrella term with many shades of meaning over the years. It may refer to the management of information from any or all of an organization's customers, suppliers, business partners and employees. ) offers a holistic Holistic A practice of medicine that focuses on the whole patient, and addresses the social, emotional, and spiritual needs of a patient as well as their physical treatment. Mentioned in: Aromatherapy, Stress Reduction, Traditional Chinese Medicine and systematic approach to managing reputational risks. ERM has long been accepted as a process for managing business risks. Corporate and finance executives want a practical ERM approach that is tailored to their company's culture and structure. They also want an approach that is aligned with their business strategy, embedded Inserted into. See embedded system. in their business processes and focused on their most critical risks--those that threaten the business strategy, corporate existence and business model. ERM is management's job. To effectively oversee the risk management process, and to make sure that it is delivering the right insight and information to directors, companies need to know what an effective ERM process looks like. Appropriately executed, ERM can be a simple and practical means for identifying, analyzing, prioritizing, measuring, managing, reporting, monitoring and optimizing critical risks facing an organization. Managing risk in a way that generates value is a driver of growth. And, unlike Sarbanes-Oxley compliance initiatives, ERM is more than "financial" in nature. It allows companies to make well-informed and strategic business decisions, and with a better sense of the potential outcome. Indeed, having an ERM process in place before the onset of a catastrophic event--which can have immediate and lasting impact on reputation--provides a better business model than waiting for such an event to threaten the organization's viability. Companies now desire to operate in an environment where frequent reporting of risk information to management and the board allows action to be taken in time to avoid surprises and make better business decisions. Boards Embrace Formal Risk Oversight
Oversight may refer to:
Additional regulatory and governance requirements set the stage for many companies to embark on Verb 1. embark on - get off the ground; "Who started this company?"; "We embarked on an exciting enterprise"; "I start my day with a good breakfast"; "We began the new semester"; "The afternoon session begins at 4 PM"; "The blood shed started when the partisans the formal oversight of risk. This includes New York Stock Exchange New York Stock Exchange (NYSE) World's largest marketplace for securities. The exchange began as an informal meeting of 24 men in 1792 on what is now Wall Street in New York City. listing requirements Listing requirements Requirements, including minimum shares outstanding, market value, and income, that are laid down by an exchange for any stock to be listed for trading. that audit committees discuss policies with respect to risk assessment and risk management, noting that the audit committee is not "the sole body responsible for risk." Ratings agencies are also focusing on how companies manage risk and are considering incorporating a program of detailed ERM evaluations into credit ratings for all industries. These ratings are commonly used when evaluating financial services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. companies. But as ERM's practical applications evolve, corporate and financial leaders have learned that an ERM program can help organizations meet their governance requirements, along with deriving value. This means linking risk to strategy and using risk information to make business-improvement decisions and protect the organization's reputation. Recognizing that, many boards and management teams are taking the practical first steps to build internal consensus that can help them meet rising external demands and, over time, to use ERM as the foundation for building a competitive advantage (see chart on next page). Implementing a Successful ERM Process, Achieving Governance Developing, deploying and maintaining an ERM program is not an easy task. Many organizations are only now delving into the issue. In a 2006 KPMG KPMG Klynveld Peat Marwick Goerdeler (accounting firm) KPMG Kaiser Permanente Medical Group KPMG Keiner Prüft Mehr Genau (German) KPMG Kommen Prüfen Meckern Gehen LLP-sponsored survey of 481 global companies, only 5 percent of respondents In the context of marketing research, a representative sample drawn from a larger population of people from whom information is collected and used to develop or confirm marketing strategy. said their risk management process was at an "advanced stage," while 90 percent said their organizations were either in early stages of launching or considering an ERM program, indicating it's on the corporate agenda. Understandably, many financial executives are uncertain about how to translate the concept of ERM into concrete, practical action steps, and most have little tolerance for "academic theories" about running a business. Similarly, despite evidence that links reputation with the value proposition of a company, few organizations measure reputation risk--other than when an event damages it. Getting started on creating an ERM program with a clear and practical vision is critical, and a few key steps can enable leaders to build on existing risk assessments. The following five leading practices can provide the means for overcoming old barriers, achieving buy-in and realizing ERM's potential: 1. Gain Buy-in from Those Running the Business. In the past, ERM was considered a finance department "bolt-on" project, whose champions likely had little broad support or leverage. As a result, its potential value to the business was never fully realized. A key step is to establish a management risk committee (or risk council) that is charged with obtaining buy-in for the ERM program across the organization. Reporting to the CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. , the risk council would include individuals who lead key areas within operations and support, such as legal, HR, compliance, finance, operations, strategy/corporate development and IT. A key to successful implementation is having a shared vision of the desired state you are aiming towards and accepting that it's a process that will evolve. 2. Identify and Prioritize pri·or·i·tize v. pri·or·i·tized, pri·or·i·tiz·ing, pri·or·i·tiz·es Usage Problem v.tr. To arrange or deal with in order of importance. v.intr. Top Risks--and Explore How Well They Are Managed. A successful ERM endeavor begins with a focus on two fundamentals: content and process. "Content" refers to key risks; "process" indicates how the program for managing them is sustained across the business. The risk council's first goal is to facilitate identifying and prioritizing an organization's key risks--those that may prevent it from meeting its strategic goals. Its second goal is to explore how well the business prevents and/or manages its key risks and what changes may be necessary to improve that effort. 3. Assign Accountability: From Risk Assessment to Risk Management. Identifying key risks will help executives understand accountability--who owns the risks, how effectively they are being managed and whether they are being monitored. Internal audit or compliance departments may be in charge of monitoring certain risks, but often, because organizations are structured by function or geography, and not risk, the highest risks may not have designated risk owners or risk monitors. Assigning formal accountability for identified risks to the right people helps create a greater level of assurance for the board and the audit committee and a greater level of confidence in the organization's governance framework. 4. Begin Working Toward a Single View of Risk. Many organizations have already invested in a variety of risk processes and functions, but these mechanisms often lack a unifying vision and clear objectives. Consequently, the potential benefits are unrealized. Implementing a single ERM approach allows leaders to replace the "silo" approach to risk management with a single view of risk that is articulated across the organization. 5. Consider Your Current Position within an ERM Framework. The risk council can then build consensus on where the organization wants to go next, based on its risk profile. With a single view of risk identified and an ERM framework in place, an organization can begin the critical work of articulating its own vision for ERM and its role in the organization. That vision will help determine the organization's ERM approach and will likely prompt a call for more immediate action. Using ERM to Derive Value Linking Risk Management to Strategy: In order to support sound strategic decision-making, corporate and financial management must have information and processes in place to make "risk-informed" decisions. Such processes are vital to linking risk management to strategy, enabling companies to shape the strategic direction of their business and allocate scarce resources to attain growth that is profitable, in real and economically viable terms. The key is having managerial discipline, as well as enabling processes and existing systems, to produce information content that will help ensure that strategic options are adjusted for inherent risks. The ability to maneuver maneuver /ma·neu·ver/ (mah-noo´ver) a skillful or dextrous method or procedure. Bracht's maneuver a method of extraction of the aftercoming head in breech presentation. through strategic choices is just one example of a key performance indicator that helps link risk management to strategy. For example, a fast food chain that wants to become the market leader for healthy foods must consider a number of strategies--among them including more low-fat food options on its menu. A robust ERM program can help the company identify some key risks that may occur when implementing the strategy. Among those: the potential revenue loss from customers demanding the "traditional" menu items, a possible decrease in margins due to a higher cost of "healthy" food items and the prospect that customer skepticism skepticism (skĕp`tĭsĭzəm) [Gr.,=to reflect], philosophic position holding that the possibility of knowledge is limited either because of the limitations of the mind or because of the inaccessibility of its object. could damage the company's reputation. Following this assessment of key risks, the company is able to address several strategic choices that may blunt blunt (blunt) having a thick or dull edge or point; not sharp. or mitigate mit·i·gate v. To moderate in force or intensity. mit i·ga tion n. them:
Retain some "traditional" fast food items, but with lower fat
content; institute only a marginal price increase on lower-fat menu
options; and have a clear communication and advertising strategy of the
new initiative, complemented by remodeling remodeling /re·mod·el·ing/ (re-mod´el-ing) reorganization or renovation of an old structure.bone remodeling the retail restaurants. In this way, realigning strategy commensurate com·men·su·rate adj. 1. Of the same size, extent, or duration as another. 2. Corresponding in size or degree; proportionate: a salary commensurate with my performance. 3. to the risks may enhance the benefits. ERM to Drive Decision-Making and Improving Business Performance: Executed properly, ERM is a structured and disciplined approach that aligns strategy, processes, people, technology and knowledge. Effective ERM implementation provides the much needed "glue glue: see adhesive. glue Adhesive substance resembling gelatin, extracted from animal tissue, particularly hides and bones, or from fish, casein (milk protein), or vegetables. " that delivers a performance-based focus on risk management. It may also provide evidence to stakeholders Stakeholders All parties that have an interest, financial or otherwise, in a firm-stockholders, creditors, bondholders, employees, customers, management, the community, and the government. that the business is steadily improving its risk program. However, a performance-based focus on risk management relies on an organization understanding the root causes of the key risks facing the business. That process starts with identifying all risks and the values attached to those risks--and some risks are acceptable. Once identified and rated, a program can be put in place to monitor the risks, helping management to avoid being surprised. Organizations that embrace ERM and build it into the core of their enterprises can anticipate the benefits that are possible when: * Risks (the "content") are assessed, evaluated and correlated cor·re·late v. cor·re·lat·ed, cor·re·lat·ing, cor·re·lates v.tr. 1. To put or bring into causal, complementary, parallel, or reciprocal relation. 2. across the enterprise; * A common risk framework (the "process") is in place, with accountability established for measuring, managing and monitoring risk; * Risk quantification quan·ti·fy tr.v. quan·ti·fied, quan·ti·fy·ing, quan·ti·fies 1. To determine or express the quantity of. 2. and aggregation is enabled throughout the organization via common methodologies and tools; * Risk reporting to management and the board is effective (it captures risk trends and emerging risks); * The ERM program supports strategic decision-making and brand protection and has predictive value pre·dic·tive value n. The likelihood that a positive test result indicates disease or that a negative test result excludes disease. predictive value a measure used by clinicians to interpret diagnostic test results. ; and * Corporate governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. processes are strengthened. As ERM's practical applications evolve, corporate and finance executives have learned that an ERM approach can help organizations with two critical challenges: to derive tangible value from regulatory compliance efforts and to link risk and strategy to drive business performance and enhance the organization's brand. Taking the practical first steps to build internal consensus can enable corporate leaders to meet rising external demands and, over time, to use ERM as the foundation for building competitive advantage. JOHN FARRELL For other uses, see John Farrell (disambiguation). John Farrell VC (b. March 1826 in Dublin, d. 31 August 1865) was a soldier and Irish recipient of the Victoria Cross, the highest and most prestigious award for gallantry in the face of the enemy that can be awarded to (johnmichaelfarrell@kpmg.com.), a New York-based Advisory Services advisory services advisory services provided to the public, in their capacity as owners and managers of animals, are an important part of veterinary science. They may be provided by government bureaux, by commercial companies who deal in pharmaceuticals or animals or animal partner with the U.S. audit, tax and advisory firm KPMG LLP LLP - Lower Layer Protocol , helps companies implement enterprise risk management programs. RELATED ARTICLE: TAKE AWAYS ** Reputation is a very fragile and precious asset. It reflects the trust and expectations of customers, employees, regulators, investors and even credit-rating agencies. ** In our fast-paced global economy, the stakes for getting better at understanding, identifying and managing reputation are enormous. ** ERM is a structured and disciplined approach that aligns strategy, processes, people, technology and knowledge. ** Translating the concept of ERM into concrete, practical action steps can help finance executives realize ERM's potential.
What value has your company's enterprise-wide risk management program
created? Choose all that apply. "Don't know" responses excluded from
calculations.
Percentage of
Respondents
Improved risk awareness and collaboration 76%
Improved regulatory compliance 53%
Improved operations 50%
Improved decision-making 48%
Reduced infrastructure, operating, or resource costs 29%
Improved earnings or shareholder value 24%
Reduced earnings volatility due to hedging 21%
Improved equity value or reduced debt costs 20%
No/little change 8%
Other 4%
Multiple responses provided
Source: KPMG LLP (U.S.), 2006
Note: Table made from bar graph.
|
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion