No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

Think Holistically When Managing Risk

by Jim DeLoach
March 27, 2015
in Risk
meditation for business

We often hear references to a holistic view of risk. “Holistic” is a term used in risk management to emphasize the importance of understanding the interrelationships among individual risks (or groups of related risks) and the coordinated approach that an organization’s operating units and functions undertake to manage risk. A holistic approach to risk management is, by definition, one that is not fragmented into functions and departments, but rather is organized with the intention of optimizing risk management performance.

A silo approach to managing risk is dangerous in today’s rapidly changing environment. Organizations can face change with greater confidence with an enterprise-wide perspective. That is why an enterprise risk management (ERM) approach is intended to be holistic in its perspective toward risk and how it is managed. While the goal of thinking holistically is laudable, the question arises as to what it means from a practical standpoint.

Key Considerations

A holistic view of risk attempts to grasp the big picture by identifying the critical risks that really matter through an enterprise-level, portfolio view of risk. This is where management considers risk from an entity-wide perspective and determines whether the entity’s residual risk profile is commensurate with its overall risk appetite. Each manager responsible for a business unit, function or process must assess, from an enterprise perspective, the risks generated by the activities for which he or she is responsible. With a composite view at each level of the organization, senior management and the board then determine whether the entity’s overall risk portfolio is commensurate with its desired risk profile.

From a practical standpoint, a holistic approach means one or more of the following:

  • Senior management establishes the enterprise’s appetite for risk in the context of its overall objectives and determines how to cascade it down into the organization through appropriate risk tolerances and limit structures;
  • Each responsible manager develops a composite assessment of risks for his or her business unit, process or function, and considers the residual risk profile relative to the enterprise as a whole in addition to the objectives of the business unit, process or function, and relevant risk tolerances/limits;
  • With a roll-up of the risks assessed for individual business units, processes and functions, senior management uses a portfolio view for the entity as a whole to ascertain whether its residual risk profile is commensurate with the organization’s overall objectives and risk appetite;
  • The statement of risk appetite is supported by an analytical tool tied to status and trending reports linked to critical metrics; this tool should model relevant scenarios such as a revenue downturn or the impact of an acquisition so that management can assess the impact of potential opportunities and/or adverse events to ascertain whether their effects are in line with the company’s risk appetite;
  • Different units may be within the risk tolerances of the individual units, but, taken together, risks might exceed the risk appetite of the entity as a whole, in which case additional or different risk responses are needed to bring risk within the entity’s risk appetite, consistent with the organization’s objectives; and
  • Conversely, risks may naturally offset across the entity where, for example, some individual units have higher risk while others are relatively risk averse, such that the overall aggregate risk is within the entity’s risk appetite, obviating the need for a different risk response.

A holistic, portfolio view of risk can be obtained in a variety of ways. For example, it may be gained by focusing on major risks or event categories across business units to provide relevant themes for aggregating risk. Another approach is to focus on risk for the company as a whole, using such metrics as risk-adjusted capital or economic capital at risk. Such composite measures are particularly useful when measuring risk against objectives stated in terms of earnings, growth and other performance measures, sometimes relative to allocated or available capital.

One example of a holistic approach is a manufacturing company that takes a portfolio view of risk in the context of its operating earnings objectives. Management uses common event categories to capture risks across its business units and uses a graph showing, by category and business unit, the risk likelihood in terms of frequency on a time horizon and the relative impacts on earnings. The result is a composite view of the risks the company faces, with management and the board able to consider the nature, likelihood and relative size of the company’s risks and how they may affect its earnings.

Another example is a financial institution that calls on its business units to establish objectives, risk tolerances and performance measures, all in terms of risk-adjusted return on capital. This consistently applied metric facilitates management’s rolling up the various units’ combined risk assessments into a portfolio view of risk for the institution as a whole to consider the units’ risks, by objective, and determine whether the entity as a whole is within its risk appetite.

Still another example is the energy firm that (a) manages the impact of commodity price volatility on margins by hedging its projected natural gas revenues and entering into long-term contracts to lock in pricing for coal contracts over the planning horizon, and (b) addresses any remaining basis risk through natural offsets within its commodity portfolio.

By looking at risk from a portfolio perspective, senior executives can reevaluate the nature and type of risk they wish to undertake. In cases where the portfolio view shows risks significantly less than the entity’s risk appetite, management may decide to encourage certain unit managers to accept greater risk in targeted areas, striving to enhance the entity’s overall growth and profitability.

Following are more examples of thinking holistically when overseeing risk:

  • Brand and reputation management might be focused on a holistic view of how strategic alignment, cultural alignment, a strong operational focus, a commitment to quality and organizational resiliency can prevent unacceptable events from happening.
  • Movements in foreign currency markets, interest rates and commodity prices can have a substantial impact on a company’s revenue, income and earnings. A holistic view in managing these volatile risks means having an up-to-date, enterprisewide view of risk positions, marked-to-market. Technology is an enabler to maintaining updated, consolidated and centralized reporting of trading, physical and contractual asset portfolio positions reflecting market realities, i.e., changes in interest rates, currencies and commodity prices. Absent this capability, the enterprise is flying blind.
  • When assessing supply chain disruption risk, the risk assessment process should undertake an end-to-end view of the value chain looking upstream to suppliers (including tier 2 and tier 3 suppliers), and downstream to channel partners and to the ultimate consumer, considering the logistics that glue these vital components together. With this end-to-end knowledge and visibility as a context, management then asks appropriate questions regarding what could happen to viability of the organization’s business model if any key component of the value chain were taken away, either through failure or an unexpected catastrophe.

For example, which suppliers do we depend on for essential raw materials and component parts? What would happen if we were to lose one of them for any reason? How long would we be able to operate? What if there were temporary shortages in raw materials or serious defects in supplier raw materials and component parts? What if we lost a major channel partner? What if there were significant disruptions in transportation? When assessing the potential disruptive impact of these and other events on the company’s ability to function within the value chain, consider the following:

  • Velocity of the disruption – How quickly would we feel the initial impact, both internally and in terms of facing the customer?
  • Persistence of the disruption – How long would we be affected if the supplier disruption continued?
  • Response readiness – Given the processes in place, how resilient would we be in reacting to a loss of any significant supply chain component?

This thinking provides a touch point between risk management and crisis management.

  • With respect to project management, organizations should look at risk on a project basis as well as an enterprisewide basis, using a systematic approach to consider risks across the breadth of the organization and ensure the right projects are undertaken. This portfolio view can be useful in evaluating whether individual projects should be truncated.

The point of the above examples is that a holistic approach to managing risk is an exercise in “big picture thinking.” By gaining an appreciation of the dynamics of the global marketplace and focusing on company initiatives to achieve sustained, long-term profitable growth, a holistic approach focuses on an enterprisewide view of risk and risk management. It is the only way to achieve optimal results and effect change with confidence. The only question is how to put it into practice in an organization given its strategy, structure, industry, and operating style.


Previous Post

World Bank Debarment: Another consequence of bribery Asian companies need to know

Next Post

Firms Completed Corporate Inversions Before the Crackdown: Now What?

Jim DeLoach

Jim DeLoach

Jim DeLoach, a founding Protiviti managing director, has over 35 years of experience in advising boards and C-suite executives on a variety of matters, including the evaluation of responses to government mandates, shareholder demands and changing markets in a cost-effective and sustainable manner. He assists companies in integrating risk and risk management with strategy setting and performance management. Jim has been appointed to the NACD Directorship 100 list from 2012 to 2018.

Related Posts

Fox_DOJ Speeches_f

Analysis of Recent DOJ Statements

by Corporate Compliance Insights
March 23, 2023

DOJ leaders provide insight into agency's plans. Analysis of Recent Statements DOJ Shaping the Future of Corporate Criminal Enforcement What’s...

Fox_2023 ECCP Update_f

2023 Evaluation of Corporate Compliance Programs

by Corporate Compliance Insights
March 23, 2023

Keeping up with 2023 changes to DOJ guidelines. Additions, Deletions & Changes From 2020 2023 Evaluation of Corporate Compliance Programs...

encompass update

Encompass Launches pKYC Maturity Model

by Corporate Compliance Insights
March 22, 2023

KYC automation platform Encompass has unveiled a new perpetual Know Your Customer (pKYC) maturity model designed to help banks improve...

consilio onna partnership

Consilio, Onna Seek to Streamline eDiscovery for Cloud Apps

by Corporate Compliance Insights
March 22, 2023

Legal technology provider Consilio has launched a new platform, Sightline Collect, powered by data management supplier Onna. The platform is...

Next Post
nutcracker

Firms Completed Corporate Inversions Before the Crackdown: Now What?

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT