The economic crisis has undoubtedly exposed myriad unique challenges facing risk managers in today's corporate enterprise. Risk professionals not only need to remain current with their traditional risk management practices, but they also must acquire an understanding of various organizational functions.
This knowledge has become a key component of effective and comprehensive risk management.
Consider the complex financial instruments and practices that led many financial firms to fail during the subprime mortgage meltdown.
What might have happened, had risk managers at some of those financial firms possessed a good working knowledge of those instruments and practices? And what if they had used that insight to develop new risk models to measure the organization's risk exposures across various functions, including mortgage lending? Could the collapse of some financial institutions have been prevented?
Effectively managing corporate risk today requires the adoption of enterprise risk management--a holistic, dynamic and operations-oriented strategy that encompasses broad areas of responsibility across the entire organization.
As companies become more complex and powerful in our global economy, risk managers must remain vigilant of the ever-changing environment--not only within the organization but also in the world surrounding it.
Moreover, ERM demands an understanding of the organization's core business and operations--including finance, compliance, security and business continuity.
ERM addresses more than traditional risk management by widening the focus to broader organizational areas. These include global supply chain, global logistics, regulation and compliance, product and facility safety, business continuity planning and management, security, litigation, governance and human capital.
An extended approach allows the risk management function to become more fully engaged in the operational side of the business. This is critical for global organizations in light of the potentially serious risks posed by lean manufacturing, cross-border dealings, and widespread systems of infrastructure, law and regulation.
ERM offers risk managers the ability to manage risk across the enterprise and improve the amalgamation of financial risk management and operational risk management. Not only does this create options to identify, evaluate, mitigate, finance and transfer risk, but it also contributes to the optimization of risk-related decision-making and alignment of the ERM strategy with the organization's overall risk tolerance and goals.
Benchmarking an organization's cost of risk and quantifying potential added value or lost opportunity are key objectives for today's risk management function. If the organization does not understand the drivers of its total cost of risk, however, the value of the ERM program, likewise, is not understood.
For instance, if an organization measures its cost of risk simply as the cost of goods and services it directly applies to traditional risk management concerns, it seriously underestimates the contributions that could be made by the risk management function.
Indeed, evaluating the true cost of mitigating organizational risk requires a more refined approach--one that will enable a company to derive a great deal more value from its overall risk management effort.
When implementing an ERM strategy, companies should augment the use of traditional risk data with advanced operational-risk analytics and scoring. This allows an organization to quantify its true cost of risk more accurately.
The use of analytics also helps establish a more consistent basis of risk-adjusted cost for decision support and offers a unified organizational cost of risk, benchmarking and planning.
Under the ERM approach, risk managers are able to look at the organization's overall structure as a chain of operations and procedures for products and services. This puts a great deal of attention on supply chain risk and related exposures--often directly reflected in the firm's market valuation.
Managing and mitigating supply chain risk through a comprehensive ERM program is an important component for a successful business. Doing so not only protects the company's most valuable assets but also establishes a unified, high-performance risk-mitigation model.
In fact, for most organizations, one of the most effective and practical ways to implement ERM is by expanding the application of risk management to assess and mitigate risk for as many supply chain operations as possible.
The current global economic landscape challenges risk managers to stay ahead of the dynamic changes taking place both inside and outside the organization. Doing so requires a successful ERM program that applies risk management practices to all mission-critical points of the enterprise's operational network.
Working alongside senior management and other key personnel, risk managers must teach and promote the use of proper risk-based decision-making techniques. This allows everyone from C-level executives to various supervisors and department heads to make more informed decisions when weighing the priorities of cost-effectiveness versus enterprisewide risk exposures.
Involving key personnel in the overall ERM process also helps risk managers become more deeply involved with the supply chain.
For example, risk managers can more easily risk-score geographic locations for various owners, suppliers, distributors or customers for natural disaster loss potential, or they can use advanced risk models to improve risk-adjusted decision making.
They also can employ gap analysis, value prioritization and allocation, and a variety of other advanced risk analytic tools.
Furthermore, risk managers can use quantifiable risks associated with traditional and evolving business supply chains to enhance risk-based scenario planning and analysis.
Using scoring and risk-adjusted costs throughout an organization's supply chain benefits the overall ERM program by establishing an easily identifiable metric that can be applied to various complex decisions.
The process supports sound corporate governance and compliance by providing risk-based decision-making in core areas. It also allows companies to assess their exposures across time periods, geographies and operations.
Managing the risks and uncertainties of today's turbulent economic climate requires the current corporate enterprise to adopt a holistic risk management strategy.
To help meet these unique challenges, organizations should consider the important contributions the ERM function can offer, when empowered with advanced analytics and risk-scoring tools to continually manage the dynamic changes occurring both inside and outside the enterprise.
Mark Anquillare is chief financial officer of Verisk Analytics, the parent company of ISO, in Jersey City, N.J.