MANAGEMENT:
APPROACHING ENTERPRISE RISK MANAGEMENT (ERM) FROM A DIFFERENT
ANGLE
IN TODAY’S FINANCIAL CLIMATE, IT IS INEVITABLE THAT PEOPLE, SYSTEMS AND PROCESSES WILL FAIL, AND
EXTERNAL EVENTS WILL OCCUR!
BUT THE FREQUENCY AND IMPACT OF THESE OPERATIONAL RISK ITEMS AND ITS EFFECT ON YOUR BUSINESS CAN
BE CONTROLLED AND KEPT AT APPROPRIATE LEVELS THROUGH A ‘BOTTOM-UP’ FEEDBACK CONCEPT – SELF-
ASSESSMENT/SELF-RISK MANAGEMENT.
INTRODUCTION
The theory of Self-Assessment or Self-Risk Management is not new. In actual fact, it was born
as far back as the early 80’s when many auditors began considering the need to expand
control evaluation beyond the scope of traditional audits. However, it was not until the advent
of Basel I in the late 80’s (seeing the need to enhance and extend the conventional audit
function under a wholly ERM structure) that this approach was re-born. Quite simply, Basel
regulators realized that the conventional audit approach did not adequately address a whole
new range of business risks created by numerous global economic and financial changes.
In the past, the traditional concept of risk controls created “orphans,” as the ownership of new
or undefined risks was continuously challenged. Thus, the financial group was deemed
responsible for controls, even though it was not accountable and the debate over ownership
naturally became especially intense when things went wrong. Management committees were
burdened in the constant need to know why controls had broken down, whether the
organization had a sound control framework model at the business unit level and whether risk
was being adequately managed.
Self-Assessments (SA) provide a decentralized approach, and are a better way of collecting
the comprehensive information that Management committees need to make informed
decisions. Moreover, SA’s do not create control orphans, as business units become
responsible for addressing their business risks overall, rather than adhere to risk control
mechanisms in an ad hoc fashion.
Organizations that encourage risk identification and ownership of controls at the business-unit
level enable the continuous – not static – monitoring of risk mitigation processes through the
early identification of emerging risk. And by identifying their own unit’s strengths and
weaknesses, the owners can assess the impact of certain risks synonymous with their
functions.
The most value-driven element of SA’s (which is also its prominent feature) is its ability to
identify potential future risk. Self Assessment adds a further dimension by looking to the
future and anticipating upcoming risks that may arise from growth, the launch of new
products, marketing strategies and even technology. SA looks to the future by forcing the
organization to prepare for contingencies.
For these reasons, it is important that organizations make their expectations clearly
understood and that the Enterprise Risk Management (ERM) structure is well defined. It is
also important to communicate to all stakeholders that this new definition of ERM puts a
greater emphasis on risk management in the hands of Business owners.
CONCLUSION
The role of Self Assessment/Self-Risk Management is significant as organizations continue to
adapt to the realities of the new economy. The need for this approach has not only changed
the profile of Business owners (units), which now see the need to understand the corporation’s
business and risk management issues, but also the need to adopt industry’s best practices.
And as more and more corporations continue to recognize these benefits; choosing to adopt
and implement it would unleash and maximize its ultimate benefit – enlightened Risk
Management.