Skip to main content
Poole College of Management
Enterprise Risk Management Initiative
ERM Fundamentals

Developing a Corporate Program for Risk Management

October 31, 2003 3-min. read

Corporate Risk Management

The goal of ERM focuses on achieving a risk-payoff balance within a company.  There are multiple reasons for a company to institute risk management programs, whether for the shareholders, or for the personal incentives of management.

Risk Management Process

The risk management process involves four core steps:

  • Setting risk-return goals
  • Identification and analysis of the cause of possible expense or revenue variances
  • Choice and balance of loss control and loss finance tools
  • Implementation, monitoring, and review

A corporation should contemplate its goals for the amount of risk it is willing to accept and the possible return on such risks.  The potential risks should be identified and then evaluated for the expected cash flow loss that would affect the value of the corporation.  After the risks are evaluated, methods for managing those risks are selected to achieve company-wide objectives.

Risk Responses

Some risks may be completely avoided; however, in certain situations, risk retention may be the only viable solution to manage risk.  This could include paying for the risk with current revenues, sinking funds, or previously established lines of credit.  When risk can not be handled with its own shareholder financing, it is possible to transfer the risk to another company’s shareholders.  Insurance arrangements are a prime example of this type of risk transfer; however, they are to be utilized as a last resort risk management technique.

The manager in charge of risk controls should possess the technical knowledge and communication skills necessary to effectively implement control measures.  Regardless of what choice is made, the manager needs to have a clear understanding of decision theory, organizational behavior, and psychology.  The manager needs to receive written approval from stakeholders affected by the risk management decisions, and then may implement the necessary measures to achieve the company’s goals.  The risk environment is ever-changing and the management process will need to be monitored for updates and improvements.

Uncertainties Leading to Risks

There are three particular uncertainties that formulate the risks many corporations face:

  • General environmental
  • Industry
  • Firm-specific

The general environmental uncertainties affect all industries and are systematic, such as government policy and macroeconomics.  Industry uncertainties include competition, input and product markets, and are also systematic; while the firm specific uncertainties deal with operating and behavioral issues; which are not systematic, and are diversifiable.

Best Risk Practices

A study was completed by the Canadian Treasury Board that detailed eleven of the international best risk practices.  Despite these practices being the best, they typically do not follow the normal course of information found in companies.  The eleven best practices consist of:

  • Employees comprehending risk goals and working to achieve them
  • Senior management embracing risk management measures
  • Communication channels to identify risks and take action
  • Use of a variety of teams
  • Utilization of a universal risk language
  • Creation of a company-wide responsibility center
  • Communication to shareholders on the company’s risks and risk management
  • Involvement of company’s internal audit function
  • Accessible internal consultants and tool kits
  • Integration of risk management concepts into employee training
  • Use of multiple tools and techniques to manage risk

Conclusion

Corporations are increasingly looking into innovative risk management techniques.  The view of what “risk management” is and is not is evolving into a variation of specific uncertainties that should be dealt with, not on an individual level, but instead through an enterprise-wide risk management initiative.  Managers today must deal with the challenge of coordinating a risk management program across all areas of the company.  While this is not an easy task, there is a step-by-step enterprise risk management process that companies can follow to identify and achieve their risk-return goals.

More From Enterprise Risk Management Initiative

Side of Hunt

What is Enterprise Risk Management (ERM)?
Executive Perspectives on Top Risks 2024

REPORT: Executive Perspectives on Top Risks for 2024 and a Decade Later
Elona Ruka-Wright

Integrating ERM with Other Risk and Assurance Functions