How ERM Differs from Traditional Risk Management?
Synopsis
Often times, corporations don’t see the value in adding additional processes in order to have an enterprise-wide view of risk management. Laurie Brooks, retired Chief Risk Officer at Public Services Enterprises Group and current board of director at Provident Financial Services, explains how looking at risk across business segments and from both the bottom-up and top-to-bottom perspectives can really help companies see what risks they need to monitor most. Ms. Brooks also speaks of considering velocity and ability to handle risks when assessing a risk profile.
Summary: Laurie Brooks Interview on Enterprise Risk Management (ERM)
In an interview with Bruce Branson of NC State’s ERM Initiative, Laurie Brooks, a risk management expert and board member at Provident Financial Services, outlined the distinctions between Enterprise Risk Management (ERM) and traditional risk management, highlighting its strategic value.
Key Points:
-
Difference Between ERM and Traditional Risk Management:
- Traditional Risk Management: Managed at individual or departmental levels, often focused on operational risks.
- ERM:
- Centralizes and analyzes risk information across the organization.
- Identifies correlations, concentrations, and connections among risks.
- Aims to prioritize resources for risks with the potential to impact the company’s mission and strategic objectives.
- Starts by understanding the organization’s mission and proactively identifying uncertainties that could derail strategies or miss opportunities.
-
Additional Risk Dimensions:
- Beyond probability and impact, other dimensions such as velocity (how quickly a risk could manifest) and organizational skill/agility (capability to manage risks) add value:
- Help clarify misunderstandings about likelihood.
- Provide a nuanced understanding of how prepared an organization is to handle specific risks.
- Facilitate decision-making about proactive or reactive management of risks.
- Beyond probability and impact, other dimensions such as velocity (how quickly a risk could manifest) and organizational skill/agility (capability to manage risks) add value:
-
Managing the Overwhelming Volume of Risks:
- Combine top-down and bottoms-up approaches:
- Line managers can identify emerging or operational risks, while executives focus on strategic derailers.
- Prioritize risks that:
- Have enterprise-wide implications.
- May be underestimated due to shared assumptions or pervasive groupthink.
- Appear minor individually but are widespread across the organization, indicating a larger systemic issue.
- Combine top-down and bottoms-up approaches:
-
Encouraging ERM Engagement:
- Brooks acknowledges concerns about resource strain due to extensive risk inventories but emphasizes prioritization and the strategic filtering of risks to focus on the most critical threats.
Conclusion:
Brooks underscores ERM as a strategic framework that goes beyond the operational scope of traditional risk management. By emphasizing a holistic, interconnected view of risks and leveraging strategic insights, ERM supports organizations in aligning risk management with their broader objectives.
Original Article Source: “Transcript of Interview with Laurie Brooks on How ERM Differs from Traditional Risk Management?“, Laurie Brooks and Bruce Branson, 2011