Enterprise risk management (ERM) has grown increasingly sophisticated. Many companies start with a traditional checklist approach and limit their evaluation to risks that are identified in surveys. A value-driven approach encompasses a forward-looking probabilistic analysis for the quantification of the overall uncertainty in the value of an enterprise with a clear identification of the primary risk drivers.
The Upside of Risk – our recent webinar hosted by Texas Executive Education at the University of Texas – dives into the differences between the “traditional” definition of risk (e.g., downside) and the new definitions adopted in ISO 31000 and elsewhere as including the upside together with the downside. Leading organizations are now rethinking how they view risk and uncertainty as they look to advance ERM to create and protect enterprise value.
True value-driven ERM aligns the board, the executive team and front line management around a clearly defined risk management policy that weighs the risk/reward trade-off of every decision. Stronger, value-oriented ERM incorporates four key attributes:
- Comprehensive Assessment: All risks are taken into consideration—not just the low-probability, high-consequence risks emphasized by traditional ERM.
- Consistent Evaluation: All risks are evaluated on a consistent basis so you know what the key risks are, both by business unit and across the entire enterprise. The challenge lies with getting everything into a framework for comparable risk assessment and examining both the structure and potential magnitude of the risk.
- Consistent Risk Appetite: A consistent risk appetite is applied to all decisions, in a way that maximizes risk-adjusted shareholder value. People tend to deal with risk in proportion to their responsibility instead of what the organization can support, creating a huge value gap that may lead to critical missed opportunities.
- Value-Driven: Risk management is aligned with the business strategy and the organization shares a common language around risks. The objective of risk management is not to eliminate risks, but to shift the risk-return profile of the business toward a greater upside by taking the right risks with the right level of exposure in line with share holder value objectives.
Doing well on these four attributes can give organizations an enduring competitive advantage. SDG has a practical and proven method for establishing and implementing an ERM approach centered on creating shareholder value.