The CAS committee on Enterprise risk management has given the following definition of the same - â€˜The discipline by which any organization in any industry assesses, controls, exploits, finances and monitors risk from all the sources for the purpose of increasing organizations short-term and long-term value to its stakeholdersâ€™.
In simpler terms enterprise risk management includes all the tools and processes employed by an organization to manage and control risks and grab more opportunities in the market place. It provides a framework for better risk management.
Enterprise risk management starts with identification of events that are of relevance to the organization, the risks and opportunities. These events are evaluated on the basis of their impact and probability of occurrence and a strategy is designed to counter or meet the same; all this to add more value to stakeholders.
It is an approach where in risk is looked upon as an opportunity and at the same time is monitored such that it may not affect an organization to a large extent.
Typically the following four strategies, called as â€˜risk response strategyâ€™ are adopted by organizations while facing a risk.
Exit strategy: Avoiding the activities that lead to risk.
Reduction strategy: taking certain actions that decrease the impact of the risk.
Share or Insure strategy: Transferring a certain component of risk so that impact is reduced.
Accept strategy: No step is taken to mitigate risk. This is taken due to cost/benefit considerations.
A brief explanation of the various kinds of risk is as follows:
Hazard Risk: Natural disasters, liability damages, Property damages due to fire, tornado etc, injury or illness to its employees.
Financial Risk: Risks like foreign exchange risk, commodity risk, pricing risk, asset risk, liquidity risk.
Operational Risk: labor relations, customer satisfaction, product failure etc.
Strategic Risk: Competition, fluctuation in demand and market price, regulatory and political trends, social trend, capital availability.
The other dimension of the table carries the steps of entire risk management process. The process starts from an understanding the conditions in which organization operates (Establishing context). In the next stage various threats are identified (Identifying threats) proceeded by analysis of risks.
The risks are then integrated and prioritized. In the penultimate stage strategies are designed for controlling risks (Treat Risk). Finally, the risk environment is continually monitored and the strategies are evaluated.
Organizations have various departments and functions that identify, manage and deal with different risks. These risk functions or departments vary in capability and coordinates in a unique fashion with other functions. The entire task of enterprise risk management revolves around improving or enhancing this coordination. Finally stakeholders need a cohesive picture which is provided as the output of enterprise risk management. ERM thus, enables and improvises organizationâ€™s ability to deal with risks better.