Book Review: Making ERM Pay Off
Originally Published: December 31, 2001
Risk is defined as, "any event or action that will adversely affect an organization's ability to achieve its business objectives and execute its strategies successfully." A business that is unable to manage risks will eventually disappear. Historically, businesses have managed risks under what is called a "silo method." Under this method risks such as insurance risk, technology risk, financial risk, and environmental risk would all be managed independently in separate departments. This book introduces an emerging risk management technique known as enterprise risk management (ERM). ERM is an integrated approach to managing risks that involves personnel from every level in an organization. It is also a continuous process that broadly focuses on all business risks and opportunities.
The demand for ERM has been driven largely by the increased use of technology and the Internet. This "New Economy" has created and complicated many different types of risk. The effects of these new risks can be seen in several recent instances where businesses suffered considerable financial losses, decreased shareholder value, damaged reputations, and bankruptcy. ERM provides a process that helps prevent these undesirable events. Its goal is to create, protect, and enhance shareholder value by managing the uncertainties that could either negatively or positively influence achievement of the organization's objectives.
This book presents in-depth case analysis of several companies' risk management practices. From this analysis, emerging patterns in risk management are identified. Companies can use these patterns and information to develop their own enterprise-wide risk management
After analyzing the information
gained from the five case-study companies, the authors formulated
several lessons learned about ERM. Each company believed it was
creating, protecting, and enhancing value by managing enterprise-wide
risks. Below is a list of the lessons learned from the companies (see
book for complete list).
Implementing ERM is different in every company because so much depends on the culture of the company and the change agents who lead the effort.
• Companies should make a
formal effort to identify all their significant risks.
• Risks should be ranked on some scale that captures their importance, severity, or dollar amount.
• Risks should be ranked on some scale of frequency or probability.
• Know your company's and your shareholders' appetite for risk.
• Organizations should adopt an enterprise-wide view of risk management.
• Make risk consideration a part of the decision-making process.
• One or more champions at the senior management level is a prerequisite for ERM.
The Case-Study Companies were:
• Chase Manhattan Corp.
• Microsoft Corp.
• United Grain Growers Ltd.
• Unocal Corp.