As senior executives look for additional ways to increase shareholder value, they’ve begun to take a different approach in establishing how shareholder value is linked to risk management.

Many of them are beginning to recognise that risk is not just confined to a variety of negative outcomes that should be avoided, but also includes identifying and exploiting opportunities.  This article illustrates how enterprise wide risk management has evolved over the last few years and emphasises how organisations can benefit from adopting it.

Risk on its own is not always a bad thing.  But misunderstood or poorly managed risk is not a good sign.  Many organisations are beginning to accept that risk creates opportunities which in turn create shareholder value.

One key question that senior management should be asking themselves is “how do we manage the organisation’s risks to create value for our shareholders?”

Enterprise wide risk management (EWRM) has become an essential part of doing business in the 21^st century.  It’s a structured process that seeks to align an organisation’s business strategies, human resources, processes, information technology and intellectual capital.  It aims to evaluate and manage the internal and external uncertainty that confronts an organisation as it creates shareholder value.

“Enterprise wide” simply means that it’s an integrated, holistic & forward looking approach.  Traditional “silo”, functional, divisional barriers are removed so that opportunities are identified and exploited and that key business risks are managed to help senior management optimise an organisation’s key resources and to maximise shareholder value.

Senior executives are faced with a range of new challenges in their quest to increase shareholder value.  Enterprise wide risk management must now extend beyond traditional boundaries.  Globalised markets, the internet and ecommerce, increasing customer demands and the pace of modern business are changing rapidly & senior management needs to constantly address new risks.

Organisations are able to use EWRM to gain competitive advantage.  By identifying risks across the entire organisation, senior executives are able to manage and prioritise risks and link them to creating shareholder value.

But many senior management remain unclear on how they can start to translate the EWRM concept into processes that will enable them to create and increase shareholder value.  EWRM may be great in theory.  But senior management will only see its true value when they use information about their risks as a catalyst to drive better business performance and enhance shareholder value.

EWRM provides organisations with a disciplined, structured approach to help achieve their key business objectives, return on investment & drive even greater shareholder value.  Visionary companies are now beginning to embrace enterprise risk management as a powerful business tool.

After the global financial crisis hit the developed economies of the world, many companies were hit by a storm of new conditions that rocked their organisations and their ill-equipped enterprise risk management structures.  Many large companies operated risk management in silos and none of them communicated to one another, causing problems when the economy and market place suddenly changed.

Even though the silos were working towards the same ends, often their risk management approaches were only focused on their own particular area and were not compatible with other departments. In the worst cases, these separate risk management approaches actually harmed other areas of the same company.

Due to the fragmented risk strategies that most companies use (and suffer from), the prominence and importance of the Chief Risk Officer (CRO) is rising. The relatively new CRO position is an executive position and combines all of the risk management power inside an organisation and unites it under an umbrella helps drive the company forward.  The Chief Risk Officer is a strategic position that helps the company avoid nasty surprises and works through challenges while adding value and supporting growth.

What many companies realised when the crisis hit is that they had only begun to start preparing for and analysing their risk portfolios. Many companies were simply blind to what lay ahead when the winds suddenly changed.  The CRO is increasingly becoming a key player because they can help refine a company’s objectives and push it in the right direction.  CROs have the authority to ask questions about what the organisation is doing and why – with support from the board.  So who is typically going to become a Chief Risk Officer?

Those hired for the role often are typically very experienced members of industry, with 20 years or more experience. They understand the company’s processes from supply chain management right through to production and sales.  Communication is also supremely important: the CRO’s experience in the industry also means they understand the board, senior management and the stakeholders and how they think, making it easy to get important points across in relevant language.

This part of the job is very important.  Of course part of the problem with risk management silos is that the people managing their own turf are great at crunching numbers and analysing, but poor at communicating with one another and coming to an agreement that satisfies the board.  A good Chief Risk Officer will stop companies floundering when it comes to a changing environment that a fragmented strategy can’t handle.

Companies need CROs to protect their valuable market share and to ensure that they survive the current downturn. When so many factors and variables are changing — almost on a daily basis — it makes sense to have someone to captain the ship and steer it through the storm.

Adopting an enterprise wide integrated approach to risk management has become all the rage in recent times.  Not only does it allow companies to align its risk management activities with corporate performance to reduce any risk exposure, it also provides an ideal platform to review and exploit opportunities. 

It is with this in mind, that it has quickly become a pre-requisite with many organisations.

This article discusses the importance of balancing an organisation’s risk appetite with implementing successful strategies.  It encourages senior management to ask themselves:  
*  What are the organisation’s mission and objectives?
*  How much risk they are willing to take to achieve them?
*  How much exposure are we currently exposed to?

Aligning an organisation’s business objectives with its risk appetite can be completed effectively by senior management following a series of steps in a logical, systematic manner.  These steps are discussed in more detail below.   

Outline the organisation’s strategies.  Senior management should focus on setting both short term and long term strategies that are congruent with key stakeholder requirements.  Defining and communicating precise, strategic goals will help management understand what the organisation is trying to achieve.  It also helps focus the team’s activities as a goal driven culture becomes embedded within the organisation.   

Define the organisation’s risk appetite.  Senior management should agree upon the levels of risk that are acceptable in their efforts to achieve their objectives.       

Identify the organisation’s key risks.  A key risk to the organisation exists when there is a significant threat that it will fail to achieve its strategic business objectives.  Just as important in recognising the presence of negative threats will be to identify opportunities to create additional value for the organisation’s owners.  This part of the process, when combined with identifying risk appetite, should give senior management a much better understanding of the risks they are willing to take.             

Re-assess the organisations’ risk appetite.  Risk management is a “living” process.  As such, senior management’s risk appetite may change as they become more familiar with the correlation between risk and reward.  Organisations should continue to reassess and modify their risk appetite as the market place changes and management gain a better understanding of risk.      

Carry out regular risk assessments.  As discussed, risk management is an iterative process.  But at the core of it is senior management’s ongoing evaluation of the significance (also called impact) and likelihood of each risk materialising.   

Document and review any residual risk exposure.  This part of the process identifies any significant exposure that the company is faced with.  Normally documented via a grid (or matrix) it allows senior management to quickly identify those risks that, if left unmanaged, may hamper the organisation’s ability to achieve its business objectives.

Being complacent with risk management is like playing Russian roulette in today’s changing world. Regulations change, markets collapse and finance is becoming harder to come by.  Though many companies are now scrambling just to survive, it didn’t have to end up that way.

Many companies ignored enterprise risk management (ERM) strategies and did not create a culture dealing with ERM before the global financial crisis. This meant they were hit hard when conditions rapidly changed.  Too many managers didn’t understand the risk profile their company faced — a mistake that led to bankruptcy or administration for scores of businesses. The reality is that for many managers, when times were good, risk management just wasn’t a priority.

On top of the indifference to ERM, many managers do not have the skills and have not created the right management structure to accurately assess their company’s risk portfolio.  This inability to judge and act on risk has had dire consequences: massive losses to shareholder value.  Some 10 percent of the Fortune 1000 lost a quarter of their value within a month. Operational and strategic failures led to the loss of billions of dollars across the world.

Analysis of the situation shows that strategic failure led to the sudden and irreversible loss of value for companies, something that didn’t need to happen. If companies had proper ERM systems in place, they could still be thriving, even in today’s turbulent times of changing conditions.  In fact, companies that foster a strong culture of ERM should never have to face the prospect of insolvency, even in the hardest of times.

Companies without ERM systems in place must start establishing them to protect their interests and the interests of their stockholders in future.  Governments already recommend certain points that should be covered in risk management: Australian and New Zealand standards in risk management suggest that the strategic, organisational and risk management contexts should all be considered in an ERM plan.

What companies need to do is define the risk management context. This involves setting the scope and boundaries of the risk assessment process, including the time frame and specific project or activity.

One big advantage of ERM is that it helps managers clean up the loose ends in a business. ERM helps identify parts of the business where low or indirect value creation may have otherwise gone unnoticed. With good ERM, managers can make informed decisions about how they can streamline, outsource or reassign resources to produce added value for their organisation.

Companies that do employ a solid ERM strategy will better understand their own business. They will be able to withstand changes in the market that would otherwise shock them. Having good ERM practices will ensure growth because management will be equipped to make the right decisions.