Hundreds of years ago, prosperous towns managed the various risks of foreign invaders, thieves and wild animals by fortifying their entire communities with walls and towers. Today’s business owners can take a similar approach with enterprise risk management (ERM).
In short, enterprise risk management is an integrated, companywide system of identifying and planning for risk. Many larger companies have entire departments devoted to it. If your business is ready to implement an enterprise risk management program, be prepared for a lengthy building process.
This isn’t an undertaking most business owners will be able to complete themselves. You’ll need to sell your managers and employees on enterprise risk management from the top down. After you’ve gained commitment from key players, spend time assessing the risks your business may face. Typical examples include:
• Financial perils,
• Information technology attacks or crashes,
• Weather-related disasters,
• Regulatory compliance debacles, and
• Supplier/customer relationship mishaps.
Because every business is different, you’ll likely need to add other risks distinctive to your company and industry.
Developing the program
Recognizing risks is only the first phase. To truly address threats under your enterprise risk management program, you’ll need to clarify what your company’s appetite and capacity for each risk is, and develop a cohesive philosophy and plan for how they should be handled. Say you’re about to release a new product. The program would need to address risks such as:
• Potential liability,
• Protecting intellectual property,
• Shortage of raw materials,
• Lack of manufacturing capacity, and
• Safety regulation compliance.
Again, the key to success in the planning stage is conducting a detailed risk analysis of your business. Gather as much information as possible from each department and employee.
Depending on your company’s size, engage workers in brainstorming sessions and workshops to help you analyze how specific events could alter your company’s landscape. You may also want to designate an “enterprise risk management champion” in each department who will develop and administer the program.
Yes, just as medieval soldiers looked out from their battlements across field and forest to spot incoming dangers, you and your employees must maintain a constant gaze for developing risks. An enterprise risk management program, while an ambitious undertaking, can provide the structure for doing so. We can assist you in managing risks to your business in a financially sound manner.