By Julie Nyang’aya
Ask any business leaders selected at random to define ‘enterprise risk management’ (ERM), and chances are each will offer a different interpretation. Despite the ubiquity of the term ERM in the business lexicon, a standard definition remains elusive. And notwithstanding the growing awareness of the need to effectively manage risk, the range of practices falling loosely under the ERM domain is vast and growing.
ERM, broadly speaking, has been around for at least a decade. In some business sectors, notably financial services and energy, most industry-specific risks are managed with a high level of finesse, using complex probability modelling and sophisticated analyses.
Other companies, such as those in the services and consumer business sectors, may have a less refined approach to risk management, and the need for more systematic practices is now emerging.
But it is the rare company, we contend, that intelligently manages the full spectrum of risk; that adequately assesses and addresses risk from all perspectives; that breaks through the organisational barriers that obscure a view of the entirety of risks facing a company; and that systematically anticipates and prepares an integrated response to potentially significant risks.
Yes, financial services companies may have a comprehensive grasp of interest rate, currency, and credit risk, but how many of them have suffered significant losses from severe events — such as natural disasters, terrorist attacks, and other threats to business continuity— by failing to develop contingency plans for such occurrences?
True, many companies anticipated the transition to e-commerce, but how many endured reputation and customer losses because they failed to adequately protect online customer data?
Since it occurs so infrequently, we believe that when ERM is done right it deserves special designation. As such, we call such model companies Risk Intelligent Enterprises.
Of course, the path to this lofty designation is long and sometimes arduous. Every company that charts its progress will find itself in a different location on the map, depending on the unique business challenges it faces and the competencies and capabilities it possesses.
Numerous similarities
But every organisation that attains the status of the Risk Intelligent Enterprise will find that they share similar characteristics, including the following:
• Risk management practices that encompass the entire business, creating connections between the so-called "silos" that often arise within large, mature, and/or diverse corporations
• Risk management strategies that address the full spectrum of risks, including industry-specific, compliance, competitive, environmental, security, privacy, business continuity, strategic, reporting, and operational
• Risk assessment processes that augment the conventional emphasis on probability by placing significant weight on vulnerability
• Risk management approaches that do not solely consider single events, but also take into account risk scenarios and the interaction of multiple risks
• Risk management practices that are infused into the corporate culture, so that strategy and decision-making evolve out of a risk-informed process, instead of having risk considerations imposed after the fact (if at all) risk management philosophy that focuses not solely on risk avoidance, but also on risk-taking as a means to value creation.
Some of these bulleted items may be unfamiliar to you. But all, we contend, are essential characteristics of the Risk Intelligent Enterprise. Risk Intelligent Enterprises come in all sizes and industries, and each organization tailors its risk management practices to its particular circumstances and needs. Yet every Risk Intelligent Enterprise shares this insight:
Organisations that are most effective and efficient in managing risks to both existing assets and to future growth will, in the long run, outperform those that are less so. Simply put, companies make money by taking risks and lose money by failing to manage them.
—Julie Nyang’aya is a Partner and the Enterprise Risk Services Leader for Deloitte Eastern Africa
The Standard Group Plc is a multi-media organization with investments in media
platforms spanning newspaper print operations, television, radio broadcasting,
digital and online services. The Standard Group is recognized as a leading
multi-media house in Kenya with a key influence in matters of national and
international interest.
SIB partners with CISI to elevate professional standards and enhance financial advisory skills among staff
Angola ICT Minister Mario Oliveira during an interview in Nairobi on Monday.
NCPB sets in motion plans to compensate farmers for fake fertiliser
Governors reject revenue Bill, demand Sh439.5 billion allocation
Firm linked to fake fertiliser calls for arrest of Linturi, NCPB boss 
Lenders raise interest on loans despite CBK holding key rate
Ruto's tax nightmare
Job cuts loom as Ruto now targets State-owned firms to fund Sh4tr budget
CBK's fresh bid to raise core capital puts small lenders, investors on edge
After avocado, KRA now trains its guns on sugarcane farmers
Ruto tells off MPs opposing plans to lease five sugar millers
Government borrows Sh585b beyond the Sh10tr debt ceiling
Hustler Fund runs out of steam
join