What is ERM? It is a holistic approach to managing an organization's uncertainty in order to maximize stakeholder value and optimize risk taking. Unlike traditional risk management, ERM deals with the strategic risks your organization faces, not just the operational ones. With a properly designed and implemented ERM program, an organization can optimize its risk taking, which will allow it to react more quickly and efficiently to avoid or mitigate threats and capitalize on opportunities.
Developing and implementing an effective ERM approach requires a significant investment of resources, as well as education across the enterprise. But it is an investment that will yield two important organizational benefits:
- Enhanced decision making
- Improved risk communication
Enhanced Decision Making
No matter what kind of business you run, an ERM approach allows you to explore new opportunities for profit and growth while effectively managing internal and external threats. Rather than consolidating risk management decisions at the top of the organization, an ERM approach opens this up to decision makers at all levels. The idea is that when risks, threats, and opportunities are understood across the enterprise, decision making is made more nimble to meet marketplace challenges. In addition, the following advantages can be realized:
Increased profitability. ERM increases your organization's profitability because strategic decisions involve more than preparing only for adverse outcomes. Properly implemented, ERM allows organizations to engage in additional business opportunities by allocating resources through rational decision making at the optimal level. With ERM, strategic decision making is integrated across departmental and unit silos, which makes it more sound and improves economic efficiency. Over time, organizations with a sound ERM approach will show higher earnings.
Reduced earnings volatility. In addition to maintaining cash flows and balancing its budget, your organization must manage its cash flow to ensure adequate capital to meet challenges and to explore strategic growth opportunities. ERM provides a framework that allows organizations to deploy capital through organization-wide decision making, which ultimately results in stable earnings projections to achieve higher financial ratings, appeal to stakeholders, and fund future projects.
Improved ability to meet strategic goals. ERM provides for organization-wide involvement in the strategic formulation and decision-making process. This process examines internal and external factors that contribute to threats to growth and the achievement of established goals. When used effectively, ERM can reduce variation through thorough risk identification, assessment, and management, thus improving your organization's ability to meet its strategic goals.
Increased management accountability. While an ERM approach must be supported in the C-suite, those closest to a particular risk are in the best position to evaluate and manage it. Therefore, ERM must be embedded throughout your organization's corporate culture. When ERM is part of your organization's DNA, the board and senior executives establish the overall mission, vision, and strategic goals, but each manager is responsible and accountable for decision making about risks within his or her individual unit, which increases accountability.
Improved Risk Communication
ERM allows your organization to develop systems that drive information, eliminating the barriers created by "information silos." You know the problem with silos-they limit access to critical knowledge about risks, corporate strategies, and organizational frameworks. ERM also encourages communication about risk management across all layers of the enterprise. This includes making managers aware of the need to identify obstacles and opportunities that could interfere with or aid in the achievement of your organization's strategic goals.
Improved organization-wide communication results in fewer surprises for managers who could otherwise lack adequate information or full knowledge of the gravity of risk. Strong communication can also mean greater management consensus and improved stakeholder acceptance.
Management consensus. ERM improves management consensus by creating a culture that embraces risk as a component of each decision. By empowering all managers to consider risk optimization and the cost of risk, ERM provides them with more complete information about the potential effects of a decision, including the downsides and upsides. Managers who can successfully gauge threats and opportunities act more confidently because they can appropriately evaluate the alternatives associated with a course of action. Upper management must lead the initiative and motivate all employees to embrace ERM and encourage risk ownership across all levels of your organization.
Stakeholder acceptance. ERM improves acceptance by internal stakeholders by building a spirit of cooperation among management, which can also increase confidence among employees. Boosting the spirit of cooperation begins with managers understanding that the way they manage risk will have a positive impact on the organization, employees, and themselves. A strong ERM program also encourages the buy-in of an organization's external stakeholders by establishing management strategies that protect the organization's reputation and assets. Experts estimate that for many organizations, intangible, reputation-related assets may be worth several times more than tangible ones.
Establishing an effective ERM approach can be a complex endeavor. This is why ERM education is critical. Like the practice of ERM itself, ERM education must be provided throughout your entire organization, from the C-suite to the loading dock. There are a variety of ways to acquire the necessary knowledge and skills. An education program like Enterprise-Wide Risk Management: Developing and Implementing from the American Institute for CPCU and Insurance Institute of America will help provide the necessary understanding for building a solid ERM foundation within your organization. Whatever education provider you choose, it is critical that the program be ERM-specific. It is also critical that ERM training be conducted at all levels of your organization, so managers and other decision-makers understand the role and benefits of ERM as they relate to their job functions.
Richard G. Berthelsen, JD, CPCU, ARM, is director of content development for the American Institute for CPCU/Insurance Institute of American (the Institutes) in Malvern, Pennsylvania. The Institutes are not-for-profit organizations offering educational programs, professional certification, and research to people who practice or have an interest in risk management and/or property-casualty insurance. Mr. Berthelsen can be reached at firstname.lastname@example.org.
© 2009 American Institute for CPCU/Insurance Institute of America
Richard G. Berthelsen, JD, CPCU, ARM
American Institute for CPCU and Insurance Institute of America