Introduction
Growth (top-line) and profitability
(bottom-line) are two major indices that define how well
organizations are doing in pursuit of their strategic objectives and
short term goals.
Business organizations achieve growth
through organic or inorganic channels. Growth occurs largely via the
development of a new product, creation of a new business line,
mergers and acquisitions, increase in market share and direct
expansion into a new market. In pursuing any, a combination or all of
the aforementioned growth strategies business organizations face
several risks. Typically organizations are faced with Macro-economic
risk, Credit risk, Market risk, Reputation risk, problems associated
with access to credit, social acceptance/corporate social
responsibility risk, technology risk, political risk, geopolitical
risk, Economic shock, etc. Effective risk management enables business
organizations to successfully exploit business opportunities and
contain threats. It does this by providing insights and assurances
required to take advantage of profitable ventures.
Problem Statement
The risk management framework and
practices that exist in most business organizations are not adequate
to enable them to navigate to safety in times of trouble. The risk
management culture, the governance and organizational structure, the
design of the risk management framework, processes, policies and
procedures, risk management tools, sophistication of risk
identification and measurement techniques and skills available are
not fit for today’s purpose and tomorrows expectations. This
is evidenced by the impact of the recent global financial crisis.
Systemically exposed business organizations are even more exposed.
Business organizations need to embrace best practices to better
prepare them for the rainy day.
Previous Options
Current practice in most business
organizations is that risks are managed in 'silos'. Risks are also
not managed in the context of strategy and objectives. Risk
Management is often times seen as totally alienated from performance
management. This means that each business line, group or division in
an organization manages its strategic, business and operational risks
independently, if at all.. A case of ‘’to your tents O Israel’’.
Risks are therefore not managed centrally or in alignment with
strategic objectives and so, many of the strengths an organization
can build and the benefits of a centralized risk management do not
accrue to such organizations.
Our firm, Clement Ashley Consulting provides a
risk management framework that takes an enterprise-wide view of risk
as against silo management. This approach is called Enterprise-wide
Risk Management (ERM). Enterprise Risk Management implies that risk
management is done at the enterprise level instead of at the business
line, business group or business division level and so is centrally
coordinated. Strategic, Business and Operational risks are therefore
managed not independently but holistically at the enterprise level.
For financial institutions that are regulated Economic capital is a
must as against a purely regulatory capital limit. Risk assessment is
done from time to time so as to reflect market realities. There is
also frequent review of the application and suitability of the
established process in order to identify gaps for improvement.
Our approach begins with a review of
existing risk management process and framework in the organization
with a view to modify existing framework and practice based on
regulatory requirements, market realities, business needs and best
practices.
Benefit 1
Clement Ashley Consulting's Solution is
in concert with what regulatory and supervisory authorities and
rating agencies demand and so enables business organizations to
comply with regulatory and supervisory requirements. The framework
which Clement Ashley provides is also in line with best practices
world over.
Benefit 2
Risk aggregation at the centre provides
the required knowledge about how risks interact, about risk
concentration and the actual overall risk faced by the organization
giving that some risks offset others while some reinforce others such
that risk responses and controls provided are better targeted and
therefore more effective compared to what can be achieved under silo
management.
Benefit 3
Risk management is centralized in
Enterprise Risk Management and so duplication is avoided and
therefore cost is minimized. Central coordination also ensures that
there is consistency in the risk management approach.
Benefit 4
Any thing that can prevent an
organisation from achieving its objectives and targets (be they
financial targets or otherwise) is a risk that must be managed.
Enterprise-wide risk management therefore assists organizations meet
and exceed their performance objectives and stakeholders
expectations.
Implementation
Implementation involves assessing the
effectiveness of the designed risk management process and framework.
It includes checking how well risk responses and controls, early
warning indicators, etc are working. If responses and controls are
not effective then a further risk identification is required to
identify any risks left that made the responses and controls
ineffective. Implementation may be iterative. It is a real time and
real life activity. It does not include any form of simulation.
Implementation stage provides the opportunity to adapt the designed
framework to market realities and at the same time maintain the
desired robustness that allows it provide adequate safeguard.
Implementation is usually done in phases in line with the priorities
of the client.
Summary
Till date many organizations manage
risks in silos. Today’s realities and tomorrows expectations make
silo management utterly inadequate. Risk aggregation at the
enterprise level allows for better responses and more effective
controls in the risk management process. Beyond meeting regulatory
and rating agencies requirements and other stakeholders’
expectations, enterprise-wide risk management reduces to the barest
minimum chances of unexpected losses. Removal of duplication and the
cost reduction that go with it make enterprise risk management a more
cost effective way of managing risks.
