There can be a tendency at times for an organisation to look dubiously at their risk management personnel and wonder why they are committing so much effort to their enterprise risk management program, in a process that some perceive as just a compliance exercise.
This is especially the case if the risk management activities concerned have not been well managed or properly implemented, and have therefore failed to achieve any tangible results.
The underlying purpose of enterprise risk management is to administer organisational governance and management processes in such a way as to enable management to make informed, risk-based decisions.
Enterprise risk management programs can provide the structure to achieve critical organisational outcomes. These include:
- Good governance – provision of critical information for accountability and transparency and strategic decision-making by Boards and other governing bodies.
- Objectives – provision of the structure within which to confirm, and then prioritise activity in accordance with their impact on the business objectives of the organisation.
- Risk control – provision of the processes by which to identify and manage risks which potentially threaten the success of the organisation (as well as opportunities which can be further exploited).
- Risk appetite – consistency of risk appetite across the organisation as demonstrated by what level of risk is considered acceptable.
- Execution – provision of the consultation and communication arrangements by which business planning and strategies can be accomplished.
- Monitoring – provision of the mechanisms by which the organisation can check progress towards achievement of business objectives, manage any associated risks, and identify previously unrecognised risks/obstacles.
When correctly designed and properly implemented, an enterprise risk management program will contribute to the organisation’s success, improving performance and governance for organisational success.
Please contact QRMC for more information.
