Risk management is critical for every enterprise, but the reality is, many organizations don’t get serious about managing the risks they face soon enough. Having a formalized enterprise risk management, or ERM, program not only helps organizations better weather crises; it also can transform an organization’s culture, improve performance, and create value.
But if there’s one common misstep we see most organizations make, it’s taking a decentralized or siloed approach to managing enterprise risk rather than a holistic view. Too often, organizations manage risk by department. The IT department understands and monitors IT risks, while the finance and HR departments understand and manage finance and HR risks, respectively. Each functional area may have a sense for how its risks impact the broader organization, but leaders don’t fully see how the dots connect. It’s a myopic view that prevents organizations from understanding important relationships between and among risks across the enterprise.
Taking a siloed approach to risk management is understandable. Most of us tend toward operating within our comfort zone. We have a scope of responsibility, with busy days focused on deliverables to complete and metrics to achieve. The individual who works in accounting, for example, knows how to close the books and generate financial reporting but may have less insight to share about how the numbers impact other parts of the company in direct, meaningful ways.
But failing to integrate ERM into all activities across your organization creates risks all its own. When individual siloes don’t adequately detect and manage risk events in collaboration with other parts of the enterprise, the impacts are exacerbated. Take the organization whose sales team makes commitments to customers that have implications for labor and resource planning, as well as their financial disclosures. If managed collaboratively between business units, this could represent a positive risk-taking development. However, if not actively managed, risks that manifest within these processes can have far-reaching downstream implications, from incomplete or inaccurate financial disclosures, to labor and supply chain constraints, to damaged customer relationships and reputation.
A holistic approach to ERM means focusing on managing risk in several coordinated ways:
- Integrating risk considerations with business strategy and performance.
- Developing ERM capabilities and applying consistent, reliable ERM practices.
- Managing risk continually to strategy and business objectives.
- Fostering a risk-conscious culture.
- Linking to value.
Aligning ERM with business strategy is critical, and a holistic approach begins with your strategic plan and objectives. Identifying the risks inherent in where your organization wants to go helps leaders define — and organize — its risk universe. This gives you a straightforward way to understand, prioritize, mitigate, and monitor the risks your organization faces.
The simple truth is, all organizations face risk as they work to generate value. Managing risk relative to your strategic plan provides a structured, deliberate approach to protect your goals and vision. A holistic approach, along with an established framework, enable candid, actionable conversations about the risks that could threaten and disrupt the organization’s plans.
Taking a holistic approach also strengthens collaboration enterprisewide. Key risk owners work together to manage risk beyond their individual areas for the organization as a whole, which reduces fiefdom and unhealthy competition. Ultimately, a holistic approach supports purposeful, methodical continuous improvement from a risk management perspective.
Over time, addressing ERM holistically creates a risk-aware culture. The more you manage risks in a structured, coordinated way, the more the process becomes ingrained in your organization. And that helps leaders understand the full gamut of what can go wrong — and what can go right. Adopting a risk-aware mindset not only protects against downside risk; it also supports decision-making that can lead to upside risk — new markets, innovative new products, and additional services. Ultimately, it helps you as a leader to steward the enterprise as it realizes its vision and creates value for your stakeholders.