Enterprise Risk Management programs can help manage the risk that comes with owning and operating your business. Business risk is always present, but too much risk could leave you vulnerable and lead to a failed business. Too little risk? Your business could overlook important opportunities for growth.
How can you find the right balance? One way to manage your company’s “risk profile” is to implement a formal enterprise risk management (ERM) program.
Optimization, not elimination
Most businesses have internal controls to prevent fraud, maintain compliance and reduce errors. But an ERM program goes much further. It’s a top-down framework that starts at the C-suite and addresses risk at every level of the organization. An effective ERM program helps you and your leadership team not only identify major threats, but also devise feasible strategic, operational, reporting and compliance objectives.
Traditional risk management techniques, which are often informal and ad hoc, use a “siloed” approach. In other words, each department focuses on minimizing its own risks. The efficacy of this approach is limited at best, for a couple reasons. First, it fails to address how risks may arise in the way departments interact — or don’t interact — with each other. Second, it often wrongly assumes that the goal of risk management is to eliminate risk. In truth, the proper goal of risk management is to optimize risk; that is, develop strategic objectives and operate the business under acceptable levels of inevitable risk.
An ERM program takes an integrated approach. It recognizes that many risks are enterprise-wide and interrelated. For example, say a business identifies a new vendor offering substantially reduced prices on key materials. From the accounting department’s perspective, the deal may seem like a no-brainer. But an analysis under an ERM program could reveal that the vendor is situated in a high-risk area for natural disasters or civil unrest. Or the ERM analysis might show that the vendor is a bad match technologically or has poor cybersecurity.
Good starting point
Naturally, every company’s framework for an ERM program will differ depending on factors such as its size and structure. But one tool that’s proven helpful to many businesses is the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) Enterprise Risk Management — Integrated Framework, which was originally published in 2004.
COSO is a joint initiative of five private sector organizations that develop frameworks and guidance on ERM, internal controls and fraud deterrence. The five organizations are the American Accounting Association, the American Institute of Certified Public Accountants, Financial Executives International, the Institute of Internal Auditors and the Institute of Management Accountants.
The original COSO framework covers four categories of objectives: strategic, operations, reporting and compliance. It also sets forth eight key components: 1) internal environment, 2) objective setting, 3) event identification, 4) risk assessment, 5) risk response, 6) control activities, 7) information and communication, and 8) monitoring. Note that, in 2017, COSO published an updated complementary publication entitled Enterprise Risk Management — Integrating with Strategy and Performance.
Are you tired of putting out fires or having to rethink major strategic decisions because they’re just a little bit off the mark? If so, a formal ERM program may be the solution you’re looking for. Contact your Rudler, PSC advisor at 859-331-1717 to help you build the perfect framework for your business.
RUDLER, PSC CPAs and Business Advisors
This week's Rudler Review is presented by Jon Peul, Staff Accountant and Janna Fitzwater, CPA.
If you would like to discuss your particular situation, contact Jon and Janna at 859-331-1717.
As part of Rudler, PSC's commitment to true proactive client partnerships, we have encouraged our professionals to specialize in their areas of interest, providing clients with specialized knowledge and strategic relationships. Be sure to receive future Rudler Reviews for advice from our experts, sign up today !