Today, Enterprise
Risk Management (ERM) is much broader
than losses, insurance and claims.
It is targeted at managing any factor that
represents a threat to a company attaining
its strategic objectives. The ultimate desired
outcome is to reduce the variability in
the organization’s process execution and
thus produce more predictable financial
and operational results.
An ERM initiative enabled by improved
management system execution will increase
risk mitigation effectiveness, reduce process
variability, and help ensure that a company’s
strategic objectives can be accomplished.
Companies that have deployed a mature
list of management system elements will yield greater returns and accomplish more
of their objectives by integrating those management
systems with a common set of risk
mitigation processes and tools.
The key to successful execution of an
ERM continuous improvement initiative
is to establish a common platform for mitigating
the risk exposures that are discovered
from both reactive (incident-based)
and proactive (assessment-based) work
processes. By integrating information from
these typically disparate processes, leaders
have greater awareness of and improved
responsiveness to resolving the
management system weaknesses that expose
their enterprise to risk of operational
failure, compliance issues and the other
costly consequences of un-mitigated risks.
Typically, operational management systems
cross multiple disciplines. In most
cases, these management systems have been established and implemented as stand
alone programs. Often companies are in a
position of maintaining and executing several
management systems using redundant
operational, administrative and technical
resources.
Improving System Execution
In order to more effectively execute on
their continuous improvement goals, companies
need a single risk management
backbone to integrate these various management
systems and provide the framework
to execute consistently. A central best
practice includes the use of advanced risk
matrices to enable quantification and prioritization
of exposures as well as mappings
to one enterprise-wide Integrated
Management System to drive continuous
improvement of risk control activities on a
corporate-wide scale.
ERM Business Value
Although a business may not initially integrate
all of its processes, an important benefit
lies in the “option” to do so at the
company’s discretion when the organization
is culturally ready for the next step. Many
ERM initiatives start with fully integrating
the Incident Management (including “near
miss”) processes on a global scale, then
progress to include more proactive programs
as their ERM processes and culture mature
across the enterprise.
Tactical Value
By integrating proactive and reactive
processes into a common, single framework,
the costs are lowered by decreasing the development,
purchase, and maintenance of
the separate systems that are redundantly located
in the many business units throughout
the organization.
Strategic Value
However, the most important and substantial
business value is derived through the
analytics and decision making that is enabled
through a single focused framework for resolving risk exposures – and specifically by
“assuring” that resource allocations are targeting
the resolution of the highest exposures
at all times. The outcome of an ERM
continuous improvement initiative is a consolidated
register of risk exposures spawned
from the breadth of a company’s reactive (incidents)
and proactive (assessments, audits,
inspections, observations, etc.) processes.
By integrating all sources of identified
management system weaknesses with a
centralized “stage-gate” workflow tool for
assuring resolution of the highest-exposure
weaknesses, the strength of management
system execution constantly increases.
This enables the opportunity for continuous
improvement across each management
system element throughout the enterprise.
Typically, there are many different programs
and systems in an enterprise that
manage the operational activities. An “ERM
Backbone” that integrates to other operational
systems – to form a focused ENTERPRISE-
WIDE solution for improving risk
mitigation processes and management system
execution.
The primary purpose of this software application
is to enable Enterprise Risk Management
through the execution of a single
integrated management system to yield improvements
in an organization’s overall risk
mitigation. In most businesses, this application
integrates with or replaces multiple
software applications that have various operational
purposes, becoming the “ERM
Backbone” to form a focused initiative to
strengthen risk mitigation performance.
The key to the successful execution of
an ERM continuous improvement initiative
lies in the organization’s ability to establish
a common platform for mitigating
risk exposures discovered from both reactive
(incident-based) and proactive (assessment-
based) work processes and the
selection of a software solution that will
enable these processes.
FSM
