Enterprise Risk Profiling

Historically, large organisations managed risk in organisational silos. Market, credit and operational risks were treated and addressed separately. Risk monitoring was carried out by individual risk functions that measure and report their specific risks in different methodologies and formats. When activities were undertaken bottom-up, each specialist group came to an internalised understanding of what is important to the organisation. Consequently, senior management and the board received pieces of the puzzle, but not within a unified framework.

A view has emerged that such a fragmented approach simply doesn't work, because some risks are highly interdependent and cannot be segmented and managed by entirely independent units. Another difficulty is that when the risk assessment of the environmental group competes with the risk assessment of the new project and/or HazOp group for resources a very difficult situation can arise.

There needs to be an enterprise view of how identified risk issues should be characterised and the way in which resources are applied when there are competing risk agendas and limited capital available.

A high level business risk framework can normalise the value systems of the competing groups saving considerable time and much frustration. This sits over the silos and is contextually described by the diagram opposite.

One of the most common approaches for developing an ERM framework is to use a risk matrix approach by identifying consequence and likelihood criteria that reflect the Board's value system.