Enterprise Risk Management should not be looked at as a compliance tool. In fact, ERM is more of a value-added discipline and culture shift which should be considered as an organisational asset. Elevating the Board of Directors to embrace ERM will ensure that the decision-making process will be well-informed and based on the right level of data and information.
As a business owner or director, you may not always be aware of the real extent of your organisation’s exposure to risk. Many a time, this is also because you may not be fully aware or attuned to what risks your organisation is in reality facing. At RSM Malta, we can advise and support you in establishing the right framework and underlying governance structure, including risk appetite and tolerance levels, providing ERM solutions that are tailored to your business needs.
Does your Board have Room for ERM?
According to COSO, “Enterprise Risk Management is a process, effected by an entity’s board of directors, management and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity, manage risk to be within its risk appetite and to provide reasonable assurance regarding the achievement of entity objectives.”
What is ERM?
Without going into its roots, Risk Management has been around since after World War II. However, whilst risk management focuses on mitigating and addressing risks at the level of the business unit in a siloed approach, Enterprise Risk Management (ERM) which is a more recent development takes a holistic approach that involves Board and Executive management decision-making to identify and address those risks that when combined at enterprise level could impact the organisation’s strategic goals and objectives.
ERM – Limitations of traditional risk management
One frequently comes across the terms Enterprise Risk Management (ERM) and Risk Management being interchangeably used by many stakeholders out there. However, it is important to note that it is also interchangeably wrong. In fact, that there are some practical examples to appropriately bring out the difference between the two, amplifying the importance of having a proper ERM framework in place within the organisation which will be discussed hereunder.
Does your board have the right “make-up”?
When organisations are thinking of appointing individuals onto their Board, what characteristics are traditionally being taken into consideration? Under the umbrella of knowledge, one would tend to look for individuals with a deep knowledge in one or more of the following areas, namely finance, legal, marketing, planning, and industry specific expertise. But how many members of the board are knowledgeable and aware of risk and the management of risk?