Enterprise Risk Profiling
Historically, large organisations managed risk in organisational silos. Market, credit and operational risks were treated and addressed seperately. Risk monitoring was carried out by individual risk functions that measure and report their specific risks in different methodologies and formats. When activities were undertaken bottom-up, each specialist group came to an internalised understanding of what is important to the organisation. Consequently, senior management and the board received pieces of the puzzle, but not within a unified framework.
Such a fragmented approach simply doesn't work, because some risks are highly interdependent and cannot be segmented and managed by entirely independent units. Another difficulty is that when the risk assessment of the environmental group competes with the risk assessment of the new project and/or HazOp group for resources a very difficult situation can arise.
This requires an enterprise view of how identified risk issues should be characterised and the way in which resources are applied when there are competing risk agendas and limited capital available.
An enterprise risk framework (ERM) establishes an organisational confidence for risk decision making by normalising the value systems of the competing businesses and risk issues. It enables significant issues to be communicated and escalated (or relegated) to the appropriate level of organisational responsibility for action. The framework sits over the silos and is contextually described by the diagram below.
One of the most common approaches for developing an ERM framework is to use a risk matrix approach. Consequence and likelihood values are defined to reflect the Board's value system.
Historically, large organisations managed risk in organisational silos. Market, credit and operational risks were treated and addressed seperately. Risk monitoring was carried out by individual risk functions that measure and report their specific risks in different methodologies and formats. When activities were undertaken bottom-up, each specialist group came to an internalised understanding of what is important to the organisation. Consequently, senior management and the board received pieces of the puzzle, but not within a unified framework.
Such a fragmented approach simply doesn't work, because some risks are highly interdependent and cannot be segmented and managed by entirely independent units. Another difficulty is that when the risk assessment of the environmental group competes with the risk assessment of the new project and/or HazOp group for resources a very difficult situation can arise.
This requires an enterprise view of how identified risk issues should be characterised and the way in which resources are applied when there are competing risk agendas and limited capital available.
An enterprise risk framework (ERM) establishes an organisational confidence for risk decision making by normalising the value systems of the competing businesses and risk issues. It enables significant issues to be communicated and escalated (or relegated) to the appropriate level of organisational responsibility for action. The framework sits over the silos and is contextually described by the diagram below.
One of the most common approaches for developing an ERM framework is to use a risk matrix approach. Consequence and likelihood values are defined to reflect the Board's value system.