Traditional risk management is performed in functional siloes by individuals knowledgeable in their particular functional area (e.g, financial reporting, credit risk, IT risk, physical security risk, personnel risk, liquidity risk, etc.). However, such independent approaches to risk management result in potential duplication, fragmentation, and overlap. Treatment of risks in one area and unknowingly create new risks in other areas. Perhaps even more important, they can result in application of inconsistent risk appetites that sub-optimizes the potential return on investment (ROI) of funds used to reduce risk, but allowing some parts of the organization to be overly risk averse, while others virtually ignore risk.
Enterprise Risk Management (ERM) seeks to build upon (not replace) functional risk management by ensuring consistency (i.e., policies adopted across the organization contributing to common practices and risk appetite), completeness (e.g., identifying gaps in the "white space" of the organization, but avoiding overlap and duplication of efforts), and strategic alignment (ensuring strategic goals and objectives drive identification and treatment of risk, prioritizing such treatment based on ROI to the enterprise).
Qualifications: I am co-author of "Managing Risk and Performance" (Wiley, 2014) and have been a leader in public sector ERM since 2007. I am a frequent conference speaker on this topic, and have worked closely with a $17B financial services organization over the past 2 years to implement ERM.
Reviews For This Service