Leveraging ERM to Practice Strategic Risk Management
Managing Principal, ermlNSIGHTS
Assistant Professor, St. Edward's University
Enterprise risk management (ERM) emerged more than 15 years ago as an all-encompassing alternative to the then traditional fragmented approach to risk management. This previous disjointed style is sometimes referred to as managing individual risks in stand-alone silos or stovepipes. Risk management practitioners started to flesh out and test the theory. Early practical applications took the form of integrated risk programs that combined selected hazard risks and financial risks.
As the ERM process was debated and matured, practitioners started to include operational risks within their portfolio. Risk registers emerged that organized the various identified risks into categories that now included hazard, financial, and operational risks. Hazard risk examples include fires, lawsuits, and strikes. Financial risk examples include commodity price volatility, inflation, and currency exchange rate fluctuations. Operational risk examples include process disruptions, compliance failures, and technology breakdowns.
ERM practitioners began encountering internal organizational push-back because the process was inappropriately seen as (1) reactionary and (2) an unnecessary expansion of audit and compliance. Peter Drucker once stated, "The purpose of business is to create and keep a customer." Recognizing the corporate imperative to grow the business, proponents of ERM postulated that they could indeed bring new utility to the process by aligning with, and supporting, corporate business goals, rather than just focusing on the downside of risk management. The methodology utilized to integrate ERM into alignment and support of overall business goals is to incorporate the ERM process into longer-range strategic planning and annual business plans. ERM practitioners added another new risk category to their portfolio: strategic risks. Strategic risk examples include social, technological, economic, environmental, and political situations that are much broader in scope and longer in impact. The expanded risk portfolio is far more vibrant because it inserts the ERM process into the growth side of the business. ERM moves from supporting only a defensive function to include a more balanced approach that supports growing the business.
The original vision of ERM as an all-encompassing alternative to traditional risk management expands if executive management utilizes the ERM process to support improved decision making to both protect and grow the business. Practicing strategic risk management requires risk-adjusted decision making. However, leveraging ERM to practice strategic risk management depends on executing on three different, but related, variables:
1. Executive managements' willingness to reexamine the purpose of ERM – away from purely control and compliance to a strategic function
2. Positioning and leveraging ERM within the organization to support longer- range strategic planning and annual operational business goals
3. Making risk-adjusted decisions and practicing strategic risk management by utilizing new tools and techniques to measure the value created or protected by adopting the ERM process
-  One of the first integrated risk programs to be labeled ERM was United Grain Growers. It combined selected hazard risks such as general liability and property with a selected economic risk (grain processing volume). (See Chapter 7 of this book.)
-  Torben Juul Andersen and Peter Winther Schroder, Strategic Risk Management Practice (New York: Cambridge University Press, 2010).
-  Peter F. Drucker, Goodreads.com.
-  A good discussion of strategic risk management can be reviewed at the Risk and Insurance Management Society (RIMS) website and others. For example, see rims.org/ resources/ERM/Pages/StrategicRiskManagement.aspx.