Implementing Effective Enterprise Risk Management and Compliance
As more organizations see the necessity of implementing enterprise risk management within their business processes, this report by the Economist Intelligence Unit states there are four stages that organizations go through in the maturity cycle of ERM implementation:
- “Reacting” stage: A company can encounter a risk or compliance exposure to which it is forced to react or comply. An example of this can be an operational failure or pressure from external stakeholders.
- “Anticipating” stage: At this stage, the company acts to link and automate certain processes to reduce redundancies and improve efficiency in ERM implementation.
- “Collaborating” stage: The organization sets imperatives for implementation and adopts technology to collaborate the different implementation processes
- “Orchestrating” stage: The whole organization is aligned to enterprise-wide objectives and there is consistent and complementary risk management.
The goal of each company should be to operate in the orchestrating stage of the maturity cycle. In this stage, the company has a greater ability to integrate strategy and ERM processes. The paper highlights that there is a need for investment in better processes and technology when ascending the maturity cycle. However, as the paper indicates, functions such as the sales, finance and legal functions may already have good processes developed to manage risks within their silos. Therefore, it may be advisable and efficient that the company invests in processes and technology to link and complement these processes, and align the processes with strategic goals and objectives.
The research paper includes results of a global survey of 385 senior executives from finance, risk, compliance and legal functions. In summary, the findings of the survey include:
- Companies seem to be overconfident of their risk and compliance efforts.
- Companies may only realize the weakness of their processes when an actual event strikes against their “risk and compliance management processes.”
- In some companies, silo management of risk exposures restricts the ability to prepare their whole organization for future risks.
- Companies that are high performers tend to communicate risk appetite consistently company-wide.
Experts interviewed during the research highlighted that effective risk and compliance management will assist a company to improve performance and executive enhanced strategies.
The study concludes by suggesting the following “to those charged with implementing risk and compliance management”:
- Assist the business owners to take charge of ERM processes of their enterprises.
- Help business owners to clearly define their companies’ risk appetite and to implement processes that manage the risk in predetermined levels.
- Develop consistent messaging to align risk tolerances across functions to create a balance between growth and compliance objectives.
- When breaking down or connecting silos together, use a senior executive to facilitate the process.
- Implement processes that take into account information from risk failures to develop better policies or controls.
- Account for all costs of risk failures and silo approaches to risk management.
- Before combining silos, be proactive to seek and promote commendable activities that employees or functions already developed.
- Look carefully at steps towards greater automation of the controls environment.
- Adopt technologies to enhance processes and governance company-wide.
Click below to download the publication.
Original Article Source: “Ascending the Maturity Curve: Effective Management of Enterprise Risk and Compliance,” The Economist, 2011
- Types: