Enterprise Risk Management (Research Paper Sample)

Enterprise Risk Management
Author
Institution
Date
Introduction
Risks in an organization can stem from a variety of sources, including technical issues, natural disasters, legal liabilities, and financial uncertainties, only to mention a few. The risk management process entails identifying, assessing, and controlling threats to enterprise earnings and capital. Pimchangthong and Boonjing (2017) suggests that an effective risk management process allows an organization to discourse the entire range of risks it faces, the connection between the risks, and the cascading effect they could have on the enterprise's strategic objectives. Hopkin (2018) suggest that organizations don't manage risks to eliminate the possibility of any risks; rather, they manage and should manage risks to understand the risks worth taking, the risks that will help the organization achieve its goals, and those risks that have a negative impact on their operations.
An effective risk management program includes the organizational strategy, and the subsequent formidable task entails assessing the risks that fit in the firm's risk appetite and those that necessitate additional control prior to being acceptable. A holistic approach to managing the risks is enterprise risk management since it concentrates on internal and external threats and accentuates the significance of managing positive risks. The positive risks are those opportunities that can enhance the corporate value; conversely, they can damage an enterprise's goals or processes if not undertaken. In most cases, the risk management process aims not to eliminate all risks bur preserve the enterprise value through smart risk-taking. Risk management should be continuous and should systematically identity, analyze, treat and monitor risk in an organization.
Enterprise risk management – importance of implementation
A myriad of executives, academics, regulators, and rating agencies have proposed an innovative risk management method: Enterprise risk management (ERM). The holistic approach advocates cohesive management of any risks that an organization can face and inherently necessitates risk management arrangement with organization strategy and its governance framework (Bromiley et al., 2015). ERM proposes that an organization manage and address the risks lucidly and expansively rather than individually. Muslih (2019) defines ERM as an approach that assures the firm that it's attending to all risks; a collection of approaches for preventing instances that may lead to losses beyond the firm's tolerance; an approach to shifting the focus from a cost/benefits to a risk/reward; a language for addressing the enterprises effort to retain a manageable risk profile. It's a strategic discipline that supports the firm's objectives by communicating the complete range of the firm's risks and superintending the joint impact of the risks as a unified risk portfolio (S&P, 2008).
Most researchers argue that an ERM should bring value to an organization, which is true, but that would mean using standard organization performance criteria including return on asset and Tobin's q. to appraise risk management and using such approaches understates the value of ERM (Bromiley et al., 2015). Suppose a firm supports risk and return as legitimate dimensions for performance; therefore, risk management will work despite increasing the return.
An organization should implement an Enterprise Risk Management application to manage risks within its risk appetite (Acharyya & Mutenga, 2013). The framework consolidates and enhances risk reporting, allowing the firm to identify all risks that might affect its operations quantity, manage the risk better, and implement controls to mitigate or eliminate the risks.
An organization should implement an ERM as it creates a risk-focused culture. Implementing an ERM will improve discussions on risk management at the senior level and will likely lead to a discussion of risk identification and management across all levels in the organization. In the end, risk discussions become part of the business processes, and operational units discover that addressing the risks more formally improves productivity while supporting the risk management process. The discussion and communication of risk are identified as a method of providing pertinent information to the senior management and as a method of communicating and sharing information across operations of the business.
The ERM assists a firm in enhancing its perspective on risk as it develops lead indicators that assist detect the potential risk event and proactively informing the company of possible risks. The risk key measurements and metrics further enhance the significance of reporting and provide an ability to track probable changes in risk vulnerabilities and provide the firm an early warning to change their risk profile.
The ERM would assist an organization in improving its efficiency in utilizing and managing resources. The deficiency of a comprehensive ERM increases the scope and number of people involved in the management and reporting risk across the organization. Though establishing an Enterprise Risk Management framework doesn't change the need and method of risk management, it can enhance the framework and tools utilized to conduct critical risk management. Enterprise Risk Management has components such as objective setting, risk assessment, risk response, event identification, and control activities; therefore, it allows a firm to understand the relationship between value creation and risk, which can improve the supply chain and help the firm better forecast the customer demand and improve revenue.
Challenges and solutions to implementing ERM
Challenges
A challenge in implementing ERM is changing corporate culture (Kerstin et al. 2014). An ERM will not be effective in all cultures, and the successful implementation of ERM depends on the firm's willingness to share, be open and establish teamwork across the staff, senior management, and the board of directors. Much research is needed to understand how the firm's culture affects ERM, but with the current literature, it can be postulated that a company's culture with ERM is directly proportional to its cultural capacity of openness, teamwork, and transparency.
Though the board of directors has taken a broad step to understanding the concept of ERM, the knowledge is far from adequate (Fraser & Simkins, 2016). Previous research has indicated a deficiency of knowledge concerning information on risks, the purpose, and the value of ERM. In most cases, many organizations offer networking opportunities and risk training to the directors, but older directors may feel that they have enough experience in management and do not need the education. When such members lack such crucial knowledge and fail to understand ERM as a methodology, it would be difficult to understand the need and functions of an ERM in the organization.
Often, an enterprise ERM can become too complex on firms starting the ERM journey as they are often tempted to incorporate numerous features at once. In the end, it augments a burden to line management. A challenge exists in a consistently applied risk nomenclature, and inconsistencies between risk methodologies have a high chance of jeopardizing the program's success (Fraser & Simkins, 2016). Enterprise risk assessment is performed using a variety of stratagems and tools, and every approach provides its own value and challenges, which need to be closely evaluated to determine the firm's suitability.
Some organizations start the implementation of ERM by initially launching a series of training sessions, and previous evidence suggests that teaching ERM without considering workshops has minimal value to ERM implementation.
ERM implementation faces challenges linked to identifying risks to monitoring the risks (Kerstin et al. 2014). The biggest challenge occurs when identifying risks as it has to be conducted by a risk management team. When collecting data on potential risks that may affect the firm's performance, the team has to comprehensively consider all domains and processes that can lead to risks, quantify the risks before developing an effective ERM. There lacks risk consistency, i.e., the risk may vary from one vendor to another, from department to department, and the knowledge that open vendor may have on risks and risk management may vary from what the IT department think, which creates a challenge in maintaining consistency on applied risk terminologies.
Solutions
A firm can eliminate the challenge of risk inconsistency by ensuring that every risk is backed with correct instructions, definitive regulations, and laws defining the risks. The challenge in maintaining risk data transparency can be eliminated by implementing an ERM tool to house risk data, align the risk program portfolio in the same enterprise tool, provide full access to the risk database for all the risk managers and constantly review all the required elements for risk management.
The firms should assimilate an overarching ERM policy which should be approved at the board level (Fraser & Simkins, 2016). The policy should include the general principle of risk management, state accountabilities of primary personnel, including the CEO and the board, and define major risk concepts to incorporate the definitions company-wide. When developing the ERM framework, the firm can ground the framework based on extant frameworks, including the ISO 31000, and customize the language to fit the organization's needs.
A firm can establish an executive risk committee that focuses on risks, and the committee can consist of major...