Risks facing companies can come from anywhere—currency-fluctuation risk related to the U.K.’s decision to leave the European Union is a recent example—which is why enhancing enterprise risk management (ERM) efforts is a popular topic among boards and the C-suite.
Here are five benefits of an integrated ERM program from the proposed framework released by the Committee of Sponsoring Organizations of the Treadway Commission (COSO):
Increase the range of opportunities. By considering all possibilities—both positive and negative aspects of risk—management can identify new opportunities and challenges associated with current opportunities. “Take the extra five minutes as you make a decision,” COSO Chair Bob Hirth said. “Ask, ‘What have we missed here? What have we left out? Is there some unintended consequence?’ As you have that discussion, you end up confirming your decision, or you say, ‘Wow, I didn’t realize we could look at it that way.’ This richer discussion gets you more possible opportunities.”
Identify and manage risk entitywide. Risks can affect many parts of an organization. Sometimes, a risk can emanate from one part of the business but have an effect on another part. As a result, management identifies and manages these entitywide risks to sustain and improve performance. The framework document cites the example of a bank that developed a system in response to trading risks it faced. The system combined internal transaction and market information with external information to provide an aggregate view of risks and allow the bank to quantify relative risks.
Reduce negative surprises and increase gains. ERM allows organizations to improve their ability to identify risks and establish appropriate responses, reducing surprises and related financial loss, and allowing them to profit from advantageous developments. “If you have richer discussions about alternatives and unintended consequences, bad things aren’t just going to stop, but over time, you will be less surprised,” Hirth said. For example, a manufacturing company setting delivery schedules realized that not all delays in highway traffic can be avoided, but it developed alternate routes and protocols to alert clients about potential delays.
Reduce performance variability. The challenge for some entities has less to do with surprises and more to do with variability in performance. For example, a public transportation system can aim for better on-time performance, but having buses and trains go from running 10 minutes late to 10 minutes early is too wide a swing in performance. Hirth said that having an integrated ERM program means doing a better job of judging performance on more than one target.
Improve resource deployment. Having a wealth of information on risk allows businesses to assess overall resource needs and enhance resource allocation. For example, a thorough risk assessment of a gas distribution company’s infrastructure enabled the organization to decide what parts were so old that they needed replacing and what parts could function a few more years with repairs. Having a greater focus on resources makes those resources—time, money, and people—more efficient, Hirth said.
COSO released its proposed framework on enterprise risk management in mid-June, and public comment is open until Sept. 30. Specifics of the framework update, Enterprise Risk Management: Aligning Risk With Strategy and Performance, could change as a result of feedback from stakeholders. COSO is a committee of five sponsoring organizations, including the AICPA. Comments on the exposure draft can be made by visiting coso.org.
—Neil Amato (firstname.lastname@example.org) is a JofA senior editor.