Essentials of Enterprise Risk Management
eBook - ePub

Essentials of Enterprise Risk Management

  1. 146 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Essentials of Enterprise Risk Management

About this book

Enterprise risk management has never been as topical. The 2008 financial crisis, ever-present cyber-security threats, market volatility, increasing regulation, climate change, stakeholder activism and changing workforce demographics are just a few of the factors creating a focus on enterprise risk management. This book lays out the basics of enterprise risk management in a common sense and highly applicable manner. This book, intended for general managers of all levels, board of directors, students of risk management and others who need to be concerned about risk management and strategy, provides a solid base for understanding best practice in risk management. It gives readers the concepts and tools to excel in the current dynamic risk management environment and make risk management a value-adding activity within their organization.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Essentials of Enterprise Risk Management by Rick Nason, Leslie Fleming in PDF and/or ePUB format, as well as other popular books in Business & Finance. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Business Expert Press
Year
2018
Print ISBN
9781947098367
eBook ISBN
9781947098374
Topic
Business
Subtopic
Finance
Index
Business
CHAPTER 1
What Is ERM?
Defining enterprise risk management (ERM) is like defining what constitutes great art. In large part, ERM is in the eye of the beholder. For some organizations it is an overall operating procedure that covers almost all of the operating activities undertaken by the organization. For others it is simply a mindset of how to think about issues as they arise.
In this chapter, we will go through a couple of the different definitions and ways of thinking of ERM. In a nutshell, we believe that ERM is simply a way of doing business so that the management of the company is as efficient and as effective as possible in achieving its overall goals and objectives despite the plethora of risks, uncertainties, and challenges that arise or that may potentially arise. An ERM mindset both implicitly and explicitly recognizes that the strategies and plans of an organization are rarely, if ever, executed exactly as they are first envisioned. Risks force these changes. ERM explicitly acknowledges that a risk management plan is needed in addition to the operating plan to deal with the inevitable risks that will arise. The better that an organization is at dealing with risk, the better the organization will be in achieving its goals and executing its plans. As President Eisenhower once said “in preparing for battle I have always found that plans are useless, but planning is indispensable.” ERM is what applies to ensure that the plans do not become useless and that the organization’s ultimate objectives are achieved as efficiently as possible.
Defining Risk
Let us start with a very basic question; what is risk? Generally, we think of risk as being the possibility of something bad happening. Risk is something that we want to avoid, and certainly not something that we want to covet. However, a more enlightened and useful definition of risk is; “risk is the possibility that bad or good things may happen.”
There are three elements to our proposed definition: an element of the future, uncertainty, and that risk has both upside as well as upside components to it. Risk is about the future, and as we will see, risk management is about planning for future events. Unfortunately, the forward looking aspect of risk is too often ignored, and organizations make the common mistake of managing the past—for which they cannot alter—and forgo managing the future—for which they do have some level of control and manageability.
Uncertainty is the realization that we do not know what is going to happen. Uncertainty is that quality of risk that cannot be measured. It is the unknown unknowns. Although uncertainty cannot be predicted, it can be prepared for and some might argue this is the primary reason that many organizations practice ERM. Good risk management may not prevent uncertainty, but it should help organizations better deal with it when uncertain events inevitably do occur.
Then, there is the two-sided component of risk. Risk can be both positive and negative. This is a constant theme throughout this book, so we will not overextend the discussion here beyond the case study of the Philadelphia Eagles, Super Bowl LII champions. However, it is this third component of the definition of risk which we believe is central to the successful implementation of ERM.
Case Study: Philadelphia Eagles, Super Bowl
LII Champions
Throughout most of the 2017 NFL season, the Philadelphia Eagles looked like they might have a shot of going deep into the playoffs, and potentially even to the Super Bowl. Their quarterback, Carson Wentz was widely considered by many sports commentators to be the front-runner for the league’s Most Valuable Player award despite being in just his second year of professional football. However, while atop the standings as the season drew near to a close, disaster struck and Carson Wentz was out for the rest of the season as well as the playoffs with an injury. Backup Nick Foles had bounced around the league as a journeyman quarterback. Although he had a very successful season with the Philadelphia Eagles in 2013, and his quarterback rating was amongst the highest in the league which in turn had him as a selection for the 2014 Pro Bowl, his career was far from impressive. After his 2013 season, Foles struggled somewhat, and was traded a couple of times, seeing limited action as a backup quarterback. He even considered retiring from the game, but eventually he was traded back to the Philadelphia Eagles for the 2017 season.
Replacing the injured Wentz, Foles was able to win the final two games of the season, but he obviously was not playing to the standard of Wentz, and was a long way away from having the kind of success he had in his 2013 season. At this point the coaching staff of the ­Philadelphia Eagles could have gone into downside risk mitigation mode and developed a game plan to minimize the weaknesses of Foles as a quarterback. Instead however they looked at the upside risk. To do so they examined the types of plays that had made Foles so successful as a quarterback in 2013. With minimal time left in the season, they revamped the playbook of the Eagles. The payoff was almost immediate as in the first two playoff games Foles seemed to thrive with the new set of plays.
In the Super Bowl, the Eagles were up against the heavily favored New England Patriots and their storied quarterback Tom Brady. The odds makers, as well as most sports pundits gave the Eagles virtually no chance of winning. However, the new set of plays that the Eagles coaching staff implemented worked to perfection and Nick Foles had one of the best games ever in the Super Bowl for a quarterback and was named the Most Valuable Player of the game.
While this can be seen as a feel-good David and Goliath type sports story, it can also be viewed as a risk management case study in which the focus on the upside of risk can be as valuable as a focus on the downside. If the coaching staff of the Eagles had gone into downside risk mitigation mode, instead of focusing on the upside risk then it is quite likely that the story would have ended quite differently for Nick Foles and the Philadelphia Eagles.
Defining Risk Management
Before getting to a definition of ERM, perhaps it is wise to take a minute and examine what we mean by risk management, and then proceed to develop a definition for the more specific ERM. If the definition of risk as the possibility that bad or good things may happen is accepted, then the definition of risk management must be “the design and implementation of tools, tactics and strategies that increase the probability and magnitude of good risks occurring while also decreasing the probability and severity of bad risks occurring.”
Risk management does not necessarily mean avoiding or eliminating risk. Risk management means choosing the level of risk desired, choosing the responses to risk and to a certain extent choosing the risks that the firm will encounter. Good risk management means that the firm will be able to prudently take on more risk and different types of risk than it would otherwise. As all types of organizations exist to take on risks, good risk management means that they can accomplish their objectives more effectively.
Defining ERM
To begin, perhaps it is easiest to cite the definition of ERM as proposed by the Committee of Sponsoring Organizations of the Treadway Commission, often better known as COSO. The COSO framework for ERM was first developed in 2004, and then extensively revised in 2017. It has become one of the benchmark frameworks for ERM and will be discussed at length in Chapter 3. The definition of ERM as provided by COSO is:
"
Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in ­strategy ­setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk ­appetite, to provide reasonable assurance regarding the achievement of entity objectives.1
There is a lot to unpack in this rather precise and lengthy definition. The first element is that ERM is a process. ERM is not a onetime exercise that magically solves all problems with one swoop. ERM is a continuous ongoing activity.
The second major element is that ERM is an element of an organization’s strategy. ERM is not an organizational silo, but is an integral part of the organization’s strategy. A consistent and constant theme throughout this book will be that ERM exists first and foremost as a key component for the achievement of an organization’s strategy and overall objectives.
Ultimately though, what makes ERM unique is that it is both a holistic as well as an integrated strategy for managing risk across an organization. ERM is holistic as it covers the full range of risks that an organization is reasonably likely to face in the course of its operations. ERM is integrated in that risk is not managed in silos amongst the various units, but instead is managed from the viewpoint of the entire enterprise—thus the name ERM.
In particular, ERM takes into account the fact that risks are seldom isolated in their effect. Risks tend to have ripple effects across an organization with spin-off effects and unintended and unforeseen consequences. ERM is an approach to risk management that explicitly acknowledges both the interconnectedness of risk as well as the fact that risk emerges in unforeseen ways. It is an approach that understands that risk is a complex phenomenon. ERM is an approach to dealing with risk that attempts to overcome the inefficiencies of managing risk in a set of separate silos for each component of an organization. ERM views an organization as a portfolio of risks. When risk is examined as a portfolio, then diversification, leverage, and feedback loops are viewed more realistically and productively.
Just as an organization has an overall strategy that guides the operational processes of an organization in a coordinated and consistent ­manner, ERM is an overall set of risk practices and principles that likewise guide the organization in terms of how it identifies, measures, and manages its risk processes. Admittedly, in large organizations there will ­usually be different divisional strategic tactics utilized based on the specific ­operations of a given division. Likewise there will be unique risk management tactics employed by specific operational units of an organization. However, the key point being that ultimately the risk management is consistent throughout the organization and takes a systems view of risk.
The Rise of ERM
The corporate debacles of the 1990s were a major impetus for the rise of ERM. The defaults of Worldcom, Enron, as well as others led to stakeholders taking a serious look at why organizations fail, particularly organizations with the scale and scope of some of the major defaults of this era. Two critical changes in ERM came out of the 1990 fall of major organizations. Those changes were the Dey Report and SOX. The Dey Report, published in 1994 was a report by Peter Dey and the Toronto Stock Exchange. The report was an attempt to improve the corporate governance of Canadian corporations. The Dey Report focused on the implementation of three key areas that they felt were crucial to a healthy corporate governance culture. The first was a stronger board of directors which
allowed them to act independently of the management team to fulfill th...

Table of contents

  1. Cover
  2. halftitle
  3. title
  4. copyright
  5. Abstract
  6. contents
  7. INTRO
  8. 01_Chapter 1
  9. 02_Chapter 2
  10. 03_Chapter 3
  11. 04_Chapter 4
  12. 05_Chapter 5
  13. 06_Chapter 6
  14. 07_Chapter 7
  15. 08_Chapter 8
  16. 09_Chapter 9
  17. 10_Chapter 10
  18. 11_Index
  19. 12_Adpage