Desktop version

Home arrow Management


If we want to change our companies to be risk-based managed companies, ERM must be sold as an integral part of a triple package: value-based management, strategic management, and strategy execution, with ERM as an important link between these. Critical changes in the positioning of ERM as part of such a package are necessary to move from governance-driven phases to being change driven (or the integrated phase of risk management maturity).

The top 10 risks identified by our research show that, from a framework perspective, key risks are correlated with management and stakeholder expectations and perceptions. This confirms that the communication and consultation process is a critical part of the risk management process defined in ISO 31000, and it must be performed by highly skilled managers or other professionals with little tolerance for mistakes.

Experts and managers need to use consistent and easy-to-understand risk- related terminology across all stages of the risk management process to facilitate proper and efficient communication. The simpler, the better. People have problems with differentiating data from information, hence the problem of mixing risk information with threat data or opportunity data instead of considering information on both threat and opportunity. It is important for communication to express that risk is a relationship between potential causes and effects, and these two may never be totally separated. Risk management is a never-ending learning experience and reminds us to keep terminology and language consistent throughout, as to the principles, framework, and risk management process being integrated with strategy planning, execution, and value-based management and controls.

Exhibit 33.15 shows the results from our experience, business practice, and research. ERM in Poland is mainly driven by governance concerns, which apply to around 12 to 20 percent of 3,000 companies with over 250 employees. As for branches interested in holistic risk management (such as energy, gas and oil, construction, logistics, insurance, telecommunications, pharmaceuticals, chemicals, mining, public administration, aviation, and legal companies), this is a good basis for change. Because a public finance act and obligation include risk management as part of managerial supervision, risk awareness will be communicated to around 40 percent of the working population in Poland, as many people work in public administration. Taking into account the obstacles and challenges we have in Poland, there is much good news. It would be worth further research to observe how Poland progresses in relation to other countries. That would give us all, as an international community, the ability to observe how well ERM is progressing, worldwide or not. There is already some research in this area – for example, Aon's Risk Maturity Index.

We must be aware of the weaknesses of risk management in the context of human attitudes. The perception of top executives and boards is that risk still has negative connotations in many languages and cultures and it is a natural barrier. Not everyone is keen to talk about risk; people like to concentrate on successes and

Exhibit 33.15 ERM Maturity Level in Poland's Nonfinancial Industry

Stage 1

Stage 2

Stage 3

Stage 4


Risk specific Never-ending challenge


Risk specific




Risk specific




Risk specific



Change driven A few companies

Integrated A few companies on the way, POLRISK members, energy industry

Source: Authors' research.

opportunities. Also, managers may resist talking about risk in order not to be perceived as incompetent professionals. They assume that if they are professionally good at something, they should not be generating risks.

Medium-sized firms may need less integration of strategic management with risk management due to the lack of silos in those companies, as "the left hand knows what the right hand is doing." What they need is up-to-date and online information, reports on how the business is performing, and what is the margin level. They need a reasonable risk management tool kit and supervision of margins.

A strong risk management profession with a defined scope of knowledge is necessary to promote risk management. The natural reporting line for a risk manager within an organization structure should be to the CFO or higher, and be aligned with the value-based controlling and strategy department or unit. Those departments should be working in integrated ways so that proper capital and asset resource allocation is made toward identified risk levels and cost/benefit analysis with integrated risk treatment options across the company.

A strong risk management association is also necessary to promote best practices in risk management and the gathering community of risk management professionals. In 2013, POLRISK changed its mission to the creation of value from effective risk management integrated with strategic management and value-based management. The promotion of ERM as a concept is no longer sufficient; there must be demonstrated value creation for a company arising out of it. The ERM journey continues.

< Prev   CONTENTS   Next >