Risks facing companies can come from anywhere – currency-fluctuation risk related to the UK’s decision to leave the EU is a recent example – which is why enhancing enterprise risk management (ERM) efforts is a popular topic among boards and the C-suite.
Here are five benefits of an integrated ERM programme from the proposed framework released by the Committee of Sponsoring Organizations of the Treadway Commission (COSO):
Increase the range of opportunities. By considering all possibilities – both positive and negative aspects of risk – management can identify new opportunities and challenges associated with current opportunities. “Take the extra five minutes as you make a decision,” COSO Chair Bob Hirth said. “Ask, ‘What have we missed here? What have we left out? Is there some unintended consequence?’ As you have that discussion, you end up confirming your decision, or you say, ‘Wow, I didn’t realise we could look at it that way.’ This richer discussion gets you more possible opportunities.”
Identify and manage risk entity-wide. Risks can affect many parts of an organisation. Sometimes, a risk can emanate from one part of the business but have an effect on another part. As a result, management identifies and manages these entity-wide risks to sustain and improve performance. The framework document cites the example of a bank that developed a system in response to trading risks it faced. The system combined internal transaction and market information with external information to provide an aggregate view of risks and allow the bank to quantify relative risks.
Reduce negative surprises and increase gains. ERM allows organisations to improve their ability to identify risks and establish appropriate responses, reducing surprises and related financial loss, and allowing them to profit from advantageous developments. “If you have richer discussions about alternatives and unintended consequences, bad things aren’t just going to stop, but over time, you will be less surprised,” Hirth said. For example, a manufacturing company setting delivery schedules realised that not all delays in highway traffic can be avoided, but it developed alternate routes and protocols to alert clients about potential delays.
Reduce performance variability. The challenge for some entities has less to do with surprises and more to do with variability in performance. For example, a public transportation system can aim for better on-time performance, but having buses and trains go from running 10 minutes late to 10 minutes early is too wide a swing in performance. Hirth said that having an integrated ERM programme means doing a better job of judging performance on more than one target.
Improve resource deployment. Having a wealth of information on risk allows businesses to assess overall resource needs and enhance resource allocation. For example, a thorough risk assessment of a gas distribution company’s infrastructure enabled the organisation to decide what parts were so old that they needed replacing and what parts could function a few more years with repairs. Having a greater focus on resources makes those resources – time, money, and people – more efficient, Hirth said.
COSO released its proposed framework on enterprise risk management in mid-June, and public comment is open until September 30th. Specifics of the framework update, Enterprise Risk Management: Aligning Risk With Strategy and Performance, could change as a result of feedback from stakeholders. COSO is a committee of five sponsoring organisations, including the American Institute of CPAs. Comments on the exposure draft can be made by visiting coso.org.
—Neil Amato (firstname.lastname@example.org) is a CGMA Magazine senior editor.