Risks are everywhere; do you have a plan?

March 18, 2016 | Cybersecurity Mark Wyzgowski, CliftonLarsonAllen, mark.wyzgowski@claconnect.com

Mark Wyzgowski, CliftonLarsonAllen

In today’s environment, it seems you can’t listen to the radio, watch a news program or read a newspaper without hearing about another scam, hack or other less-than-honest activity being perpetrated against innocent victims. In this section, I know there will be a lot of information about cybersecurity and maybe even other high-profile risks that impact you and your business. However, I wish to discuss another area of risk, an area that gets little to no coverage as it is not a risk that is necessarily inflicted from a nebulous third party, but rather is inherent in ALL business. That is enterprise risk.

Whenever we meet with the owners of a business, a very early discussion tends to revolve around the owners’ goals and dreams for their enterprise. While those discussions are very important and exciting, whatever that end- game goal is, it can’t be achieved if the enterprise fails. Therefore, besides just planning for the future assuming everything tracks according to plan, it is critical that each business consider developing an enterprise risk management (ERM) program to provide the organization the best chance to be successful. In basic terms, an ERM program is a way to effectively manage risk across the organization through the use of a common risk management framework. This framework can vary widely among organizations but typically involves people, rules and tools. Organizations often find that ERM programs provide qualitative and quantitative benefits. We wish to focus on four of the benefits.

Benefit one: Creation of a more risk-focused culture for the organization. A culture that understands risk at all levels of the organization breaks down silos with respect to how risk is managed in operational units. This leads to more transparency and more collaboration to get to the right strategy.

Benefit two: Standardized risk reporting. Standardized reports that
track enterprise risks can improve the focus of the owner (or directors and executives in larger organizations) by providing data that enables better risk mitigation (or avoidance) decisions. These reports can also help develop a better understanding of risk appetite, risk thresholds and risk tolerances and can be used in strategic planning.

Benefit three: Improved focus and perspective on risk. ERM develops indicators to help detect a potential risk event and provides an early warning. ERM permits a more complete viewpoint on risk. Traditional risk practices focus on mitigation, acceptance or avoidance. Effective ERM processes give management a framework to evaluate risk as an opportunity to increase competitive positions and exploit certain market and operational conditions.

Benefit four: Efficient use of resources. Without ERM, an organization may have multiple individuals involved with managing and reporting risk across operational units, as there is no structure or process to deal with risk. ERM can reduce redundancy, improve the framework and tools used to be consistent, and make the organization more efficient.

ERM can enable better cost management and risk visibility related to operational activities. It also enables better management of market, competitive and economic conditions, and increases leverage and consolidation of disparate risk management functions. Don’t pretend risk does not exist, but rather understand risk to better be able to adapt and be successful in the long run.