Enterprise Risk Management (ERM) is a disciplined and structured approach where strategy, processes, people, technology and knowledge are aligned with the primary purpose of identifying, evaluating and managing the uncertainties an organisation is faced with during its drive to create value for its stakeholders. Risk Management requires that organisations abolish traditional company silos.
The organisation needs to focus across the entire business value chain and across any departmental and cultural boundaries. Facing risks is inevitable, and taking risks is not wrong. The question is how much of a specific risk are we willing to take – to what extent can we tolerate a certain risk and what is our appetite for others?
In order to take risks intelligently, the organisation needs a framework to evaluate risks from the boardroom to the mail room, from data management and threats, to brand equity and power outages. Management-Risk drives a one-view approach by delivering a single corporate repository for managing risk portfolios as well as delivering the necessary management tools to stay on top of it all.
Facing risks is inevitable, and taking risks is not wrong. The question is how much of a specific risk are we willing to take – to what extend can we tolerate a certain risk and what is our appetite for others? In order to take risks intelligently, the organization needs a framework to evaluate risks from the boardroom to the mail room, from data management, threats to brand equity and power outages. The way we do business today has totally changed the way we should identify and analyse risks:
- We no longer manufacture locally, in many cases we do not own the factory our goods are manufactured in.
- Our clients are across the globe; international, national and regional incidents can influence our market and clients.
- New technologies and better processes and change our competitiveness overnight.
Risk Management Framework Solution
In order to convert risks into potential value, one must be able to identify, analyse and manage your risks. Purple Window’s Enterprise Risk Management software designed to manage risks corporately across all business processes.
Purple Window’s Risk enables resilient organizations to objectively assess their exposure and appetite to risks, evaluate their organizational culture with regard to risk, performance and reward, and implement sustainable risk management practices. Effective management of risk helps you to manage and improve operational performance. Some of the key features include:
- Identify and assess risk to the achievement of your business objectives;
- Assess the effectiveness and efficiency of current risk responses against the full breadth of strategic, operational, financial and compliance risks;
- Reduce cost and improve effectiveness of governance, risk and compliance activities;
- Evaluate the effectiveness of your risk culture;
- Align risk strategy with performance; and
- Support development of risk transfer strategies
The following graphic illustrates the management life cycle of the Risk management Modules.
Globalisation is very real in the way an organization engage ERM from a framework, methodology and tool perspective.
The following graphic illustrates the risk management perspective:
Risk Management Benefits
The assessment process allow for total risk portfolio analysis and allow organization to evaluate one risk within context of another.
Risk Management has the following benefits from reports and dashboards and includes:
- Create visibility and enable the management of risks and issues;
- Improved visibility through the availability of a range of reports on-demand;
- Increased certainty and fewer surprises;
- More efficient use of resources with regards to cross divisional risk management;
- Better management at all levels through improved decision making;
- Reduced time waste and better value for money;
- Management of contingent and maintenance activities;
- High Visibility of Risks across multiple strategic objectives;
- More effective decision making and tracking;
- Budget and actual costs of risk mitigation;
- Periodic evaluation of risk treatment and treatment success;
- Integrated framework for risks analysis;
- Align risk strategy with business objectives;
Risk Management Business Continuity
Business Continuity Management (BCM) and disaster recovery are natural components of ERM. There are no real difference between business continuity risks and “other” risks. All the resources and plans that make up a business continuity plan are developed to address business interruption risk in an organization and should be part of a comprehensive mitigation plan for all the enterprise risks.
It is important to identify the risks an organization is exposed to. It is important to understand the criticality of each risk as well as how it relates to the organization’s strategy, divisions and processes. Risks are not only financial of nature, but can also be related to elements such as ethics, health, safety, security, technology, etc. Actively managing a portfolio of risks, how these influence the corporate strategy, how these influence our competitors as well as how these can be converted to our benefit and create value, are critical. ERM aims to deliver all these elements within a global economy.
A key component of the ERM is the tools that have been created - especially the methods, control mechanisms and evaluative criteria for assessing risk. The latter provides organisations with a unified understanding of each risk. All risks, as well as risks for business interruption are evaluated according to the same criteria. The result of the ERM assessment process is a risk index.
The following graphic illustrates the risk assessment:
By comparing the risk indices, a greater understanding is created of which business functions / areas (organizational units) are more important than others. Management can further understand how the risks of interrupting important business functions compare to other risks in the company like brand or market risk. This supports decisions concerning the allocation of limited resources in terms of risk treatments.