No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

Why Improve Risk Management?

by Jim DeLoach
October 12, 2016
in Risk
improving risk management for better governance and more

Over the years in 30 countries, I have had many discussions with directors and executives about enterprise risk management (ERM). The discussions have ranged from what it is and why it matters to how it should be implemented. With respect to the “what is it” question, I have always believed that a fundamental purpose of ERM is to provide the discipline and control to ensure that risk management capabilities are improved continuously in a constantly changing business environment. This underlying purpose frames the question, “why improve risk management?”

We believe there are six fundamental reasons for improving risk management. Each serves to help elevate risk management to a higher level and drive improvement of risk management capabilities in a changing business environment. We discuss them below.

1. Reduce unacceptable performance variability

Most companies tend to focus on traditional risks that have been known for a long time. Risk assessment processes also must undertake a systematic approach to anticipating unknown and emerging risks. Accordingly, management must (a) evaluate the likelihood, impact, velocity, persistence and response readiness around major events; and (b) develop responses that either prevent high-impact events from occurring or manage their impact on the entity if they occur, particularly if they are high-velocity and high-persistence in nature. Learning of critical risks too late or by accident spawns the type of “firefighting” that drains resources, creates new vulnerabilities and erodes brand value.

A key point in this regard is that market capitalizations often exceed historical balance sheet values significantly. Furthermore, the market capitalization of most companies cannot be fully rationalized by historical and prospective future earnings and cash flows. There is a gap attributable to intangible assets supporting business models that impact market valuations. Just as potential future events can affect the value of tangible physical and financial assets (and the related contractual obligations), so, too, can they affect the value of other sources of enterprise value, such as significant customer assets, employee/supplier assets and such organizational assets as the entity’s distinctive brands, differentiating strategies, innovative processes and proprietary systems. This is the essence of what a strategic approach to risk management contributes to the organization – the elevation of risk management to a strategic level by broadening its application to ALL sources of value, not just physical and financial ones. Thus, the challenge is to elevate the line of sight of the limited traditional risk management focus to a strategic level. With this broadened perspective, effective risk mitigation and response planning increases the emphasis on reducing earnings volatility, minimizing the risk of earnings-related surprises and managing key performance indicator (KPI) shortfalls.

2. Align and integrate varying views of risk management

There are many silos within organizations with a point of view on managing risk (e.g., treasury, insurable risk, EH&S, IT, and within the various business units). Silo mentality inhibits efficient allocation of resources and management of common risks across the enterprise. When there are multiple functions managing multiple risks, there is a need for a common framework that:

  • Assesses the need for a Chief Risk Officer (or equivalent executive), including that individual’s role, authority and reporting lines;
  • Integrates risk management into critical management activities (e.g., strategy-setting, business planning, capital expenditure and performance management processes);
  • Links risk management to more efficient capital allocation and risk transfer decisions;
  • Focuses on the importance of risk culture on risk-taking behavior and risk management performance;
  • Increases transparency by developing quantitative and qualitative measures of risks and risk management performance (KRIs); and
  • Aggregates common risk exposures across multiple business units with the objective of understanding the overall profile of the greatest threats to the enterprise as a whole and formulating an integrated enterprisewide risk response.

3. Build confidence with stakeholders and the investment community

As institutional investors, rating agencies and regulators increase their focus on the importance of risk management in their assessments of companies, management may be incented or even required to disclose and comment on the organization’s capabilities for understanding and managing risk. These disclosures are intended to enable stakeholders to make informed assessments as to the viability and sustainability of the organization and whether returns are adequate in relation to the risks undertaken. As companies increase the transparency of their risks and risk management capabilities and improve the maturity of their capabilities around managing critical enterprise risks, management will be able to articulate more effectively how well they are handling existing and emerging industry issues.

4. Enhance corporate governance

Risk management and corporate governance are inextricably linked; each augments the other. Elevating risk management to a strategic level strengthens board oversight, forces an assessment of existing senior management-level oversight structures, clarifies risk management roles and responsibilities, sets risk management authorities and boundaries and effectively communicates risk responses in support of key business objectives. All of these activities are germane to good governance. By the same token, effective governance sets the tone for (a) understanding risks and risk management capabilities and (b) aligning risk appetite with the entity’s opportunity-seeking behavior. Directors often ask, “what are the risks, how are they managed and how do you know?” An effective risk management process provides the answers.

5. Successfully respond to a changing business environment

When the business environment changes, the pace of change accelerates and the effects of change are disruptive, organizations must become better at identifying, prioritizing and planning for risk. Management must (a) understand the critical assumptions underlying the strategy and business model and (b) monitor the vital signs in the external environment to ascertain whether market trends and developments are occurring that render one or more of these critical assumptions invalid. This approach provides relevant information for decision-making and drives management to identify alternative future scenarios, evaluate the likelihood and severity of those scenarios, identify priority risks and improve the organization’s capabilities around managing those risks. As the environment changes, new risks emerge and are escalated in a timely manner for action and possible disclosure, impacting how resources are allocated across the organization.

6. Align strategy and corporate culture

Management must create risk awareness and an open, positive culture with respect to risk and risk management. In such an environment, individuals can raise issues without fear of retribution. It takes a lot of work to sustain an internal environment of this nature. With respect to matters of enterprisewide importance, centralized policy-setting:

  • Creates greater focus, discipline and control;
  • Clarifies the distinction between risk-taking and risk-avoidance behaviors;
  • Improves tools for quantifying risk exposures;
  • Increases accountability for managing risks across the enterprise; and
  • Facilitates timely identification of changes in an entity’s risk profile.

Effective alignment of strategy and culture encourages balance in both the entrepreneurial activities and control activities of the organization, so that neither one is too disproportionately strong relative to the other.

These six fundamental reasons for improving risk management provide a perspective as to management’s purpose in improving risk management capabilities. Each reason serves to help elevate risk management to a higher level and drive improvement of risk management capabilities in a changing business environment. Continuous improvement efforts can enable organizations to align risk appetite and strategy, enhance risk response decisions, reduce operational surprises and losses, identify and manage cross-enterprise risks, provide integrated responses to interrelated risks, seize “early mover” opportunities and improve deployment of capital.

As the pace of disruptive change quickens, risk management is becoming a root differentiator between mere survivors and industry pacesetters. Risk management capabilities aligned with the speed of risk and a changing marketplace protect reputation and brand image and engender confidence in facing the future. Is this enough to warrant continuous improvement in risk management? We expect more boards and executive management teams to agree that, indeed, this is more than enough.


Previous Post

Directors Weigh in on “Overboarding,” Non-GAAP Metrics

Next Post

The Evolution of the Chief Compliance Officer

Jim DeLoach

Jim DeLoach

Jim DeLoach, a founding Protiviti managing director, has over 35 years of experience in advising boards and C-suite executives on a variety of matters, including the evaluation of responses to government mandates, shareholder demands and changing markets in a cost-effective and sustainable manner. He assists companies in integrating risk and risk management with strategy setting and performance management. Jim has been appointed to the NACD Directorship 100 list from 2012 to 2018.

Related Posts

supply chain

Only 1 in 4 Manufacturers Have High Confidence in ESG Readiness of Their Supply Chains, Survey Finds

by Staff and Wire Reports
January 27, 2023

Ever-evolving regulatory requirements, consumer demand and investor expectations are all forcing manufacturers to increase the transparency of their supply chain,...

cco pressure

Survey: CCO Pressure High, Resources Low

by Staff and Wire Reports
January 27, 2023

Too few organizations are embracing compliance culture, according to a survey by FTI Consulting and Ethico, which found that while...

growth what next

Growing Pains: Mid-Sized Auditing Firms Are Seeing an Influx of New Clients, But at What Cost?

by Jey Purushotham
January 25, 2023

The era of exponential growth among mid-tier accounting firms is upon us, driven largely by the trend of top-tier firms...

board tech purchase

Directors: Don’t Approve a Tech Purchase Without Asking These Questions

by Jean Hill
January 25, 2023

Board directors don’t need to be able to fix a broken server, but they do need basic technology competence, which...

Next Post
The Evolution of the Chief Compliance Officer

The Evolution of the Chief Compliance Officer

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT