Enterprise risk management is a crucial part of business leaders’ job

Managers must assess risks that businesses are likely to face and put in place practical measures to counter them in a highly competitive and dynamic operating environment. PHOTO | FILE

Forecasting business performance used to be straightforward. Over the years, by the end of the first quarter, managers usually had a fairly reliable sense of how the business was shaping up and whether targets would be met, missed or exceeded.

Confidence in quarterly and annual predictions was so high that coming in above or below by even the smallest amount was considered a surprise and set off moves in stock prices.

But things have changed over time. Internal and external influences, some of which are “hidden” to managers make prediction and planning difficult for most managers. This calls for what is referred to as enterprise risk management (ERM).

Enterprise risk management is an enigma. Many managers say they do it, yet many corporate executives do not understand what it is. The reality is companies think they are implementing ERM, but they really aren’t.

What we see in practice often demonstrates a very limiting view of ERM, from maintaining a list of risks — enterprise list management — to summarising risk responses, leaving many corporate leaders underwhelmed with its value contributed in view of the speed of business and ever-changing economic environment.

In its immature state, ERM adds limited value because it often leaves management with a list of risks and very little insight as to what to do next.

In its various forms, ERM may increase risk awareness with management, the board of directors and others, but it will not be effective in driving decisions because it typically isn’t integrated with the enterprise’s decision-making processes.

As a result, risk is often an afterthought to strategy and risk management is an appendage to performance management.

The Committee of Sponsoring Organisations points out that ERM, among other things, is an ongoing process and applied in strategy setting across the enterprise (pervasive).

It is designed to identify potential events that, if they occur, will affect — positively and negatively — the entity and to manage risk within its risk appetite and also provide reasonable assurance regarding the achievement of business objectives.

The modern business managers and directors have no option but to take a fresh look at risk management and also ensure that enterprise risk management is part and parcel of strategy and operations because of a number of reasons including the following:

First, the time when negative consequences are realised may come sooner than expected when the fundamentals of the business completely change.

Former managers of postal services in Kenya must have appreciated the impact of technology in business — mobile phone calls and money transfers impacting negatively on services which were priority the domain of postal services.

Risk management is about securing “early mover” positioning in the marketplace. Management of strategic uncertainties requires an understanding of the key assumptions underlying the strategy and monitoring changes in the business environment to ensure that these assumptions remain valid over time.

It is not what business managers know that matters, it is what they don’t know that makes the difference. The question should be: Is our approach to assessing risk and identifying emerging risks bringing out what we don’t know?

Second, most businesses are boundary-less. A strategic perspective applied to operational risks suggests the need for an end-to-end extended enterprise view of the value chain, requiring consideration of upstream and downstream relationships.

What happens if any critical component of this chain were lost for an indeterminate period of time, for example, operations of a single supplier getting interrupted?

Sooner or later, there will be a crisis that will test your company. Even the most effective risk management cannot prevent this exposure.

Yet companies spend a lot of time guessing at probabilities and ignoring the speed of impact, the persistence of impact over time and the organisation’s response readiness.

Firms must realise that risk taking happens within an organisational context, and the appropriate risk systems, processes, and cultures must be built.

Mr Were is a financial adviser at Anchorage Ltd, a financial and business advisory firm. Email: [email protected].

PAYE Tax Calculator

Note: The results are not exact but very close to the actual.

Get it First!

Stay up to date on the editors' picks of the week.

Latest

  1. AFP_347Q3FF

    Electric vehicle firms seek a waiver of 15 taxes on components

  2. Washington Akumu

    Washington Akumu: Gentle giant who stretched the limits of business journalism  

  3. Kenya third best in Africa for immigrants targeting top pay

In the headlines

View All