21 December 2024

Enterprise Risk Management : introduction and definitions

Enterprise Risk Management

  • Enterprise Risk Management requires a common language
    • A common language of risk is required throughout the organization if the contribution of risk management is to be maximized.
    • The use of a common language will also enable the organization to develop an agreed perception of risk.
    • Part of developing this common language and perception of risk is to agree a risk classification system or series of such systems.

Attitudes to risk

  • Different organizations will have different attitudes to risk.
    • Some organizations may be considered to be risk averse, whilst other organizations will be risk aggressive.
    • To some extent, the attitude of the organization to risk will depend on the sector and the nature and maturity of the marketplace within which it operates, as well as the attitude of the individual board members.
      • Risks cannot be considered outside the context that gave rise to the risks.
      • It may appear that an organization is being risk aggressive, when in fact, the board has decided that there is an opportunity that should not be missed.
        • However, the fact that the opportunity is high risk may not have been fully considered.
  • One of the major contributions from successful risk management is to ensure that strategic decisions that appear to be high risk are actually taken with all of the information available.
    • Improvement in the robustness of decision-making processes is one of the key benefits of risk management.
    • Other key factors that will determine the attitude of the organization to risk include the stage in the maturity cycle.
      • For an organization that is in the start-up phase, a more aggressive attitude to risk is required than for an organization that is enjoying growth or one that is a mature organization in a mature marketplace.
      • Where an organization is operating in a mature marketplace and is suffering from decline, the attitude to risk will be much more risk averse.
      • It is because the attitude to risk has to be different when an organization is a start-up operation compared with a mature organization, that it is often said that certain high-profi le businessmen are very good at entrepreneurial start-up, but are not as successful in running mature businesses.
    • Attitudes to Risk
      • Different attitudes to risk are required at different parts of the business maturity cycle.
      • Attitudes to risk :
        • risk-mitigating
        • risk-transferring
        • risk-avoiding
        • risk-accepting

Uncertainty acceptance

  • Level of uncertainty
    • When undertaking projects and implementing change, an organization has to accept a level of uncertainty.
      • Uncertainty or control risks are an inevitable part of undertaking a project.
      • A contingency fund to allow for the unexpected will need to be part of a project budget, as well as contingent time built into project schedules.
  • Control risk
    • When looking to develop appropriate responses to control risks, the organization must make necessary resources available to identify the controls, implement the controls and respond to the consequences of any control risk materializing.
    • Nature of control risks
      • The nature of control risks and the appropriate responses depend on the level of uncertainty and the nature of the risk.
      • Uncertainty represents a deviation from the required or expected outcome.
        • Requirement :
          • When an organization is undertaking a project, such as a process enhancement, the project has to be delivered on time, within budget and to specification.
          • Also, the enhancement has to deliver the benefits that were required.
        • Deviation
          • Deviation from the anticipated benefits of a project represents uncertainties that can only be accepted within a certain range.
  • Control management
    • Control management is the basis of the approach to risk management adopted by internal auditors and accountants.
      • Control management is concerned with reducing the uncertainty associated with significant risks and reducing the variability of outcomes.
    • There are dangers if the organization becomes too concerned with control management.
      • The organization should not become obsessed with control risks, because it is sometimes suggested that over-focus on internal control and control management suppresses the entrepreneurial effort.

Opportunity investment
– …

Opportunity risks

  • Some risks are taken deliberately by organizations in order to achieve their mission.
    • These risks are often marketplace or commercial risks that have been taken in the expectation of achieving a positive return.
    • These opportunity risks can otherwise be referred to as commercial, speculative or business risks.
    • Opportunity risks are the type of risk with potential to enhance (although they can also inhibit) the achievement of the mission of the organization.
    • These risks are the ones associated with taking advantage of business opportunities.

Organization appetite

  • All organizations have some appetite for seizing opportunities and are willing to invest in them.
    • There will always be a desire for the organization to have effi cient operations, effective processes and effi cacious strategy.
    • Opportunity risks are normally associated with the development of new or amended strategies, although opportunities can also arise from enhancing the effi ciency of operations and implementing change initiatives.
  • Appetite and level of investment
    • Every organization will need to decide what appetite it has for seizing new opportunities and the level of investment that is appropriate.
    • For example, an organization may realize that there is a requirement in the market for a new product that its expertise would allow it to develop and supply.
      • However, if the organization does not have the resources to develop the new product, then it may be unable to implement that strategy and it would be unwise for the organization to embark on such a potentially high-risk course of action.
      • It will be for the management of the company to decide whether they have an appetite for seizing the perceived opportunity.
        • Just because the organization has that appetite, it does not mean that it is the correct thing to do.
        • The board of the company should therefore be aware of the fact that, although they may have an appetite for seizing the opportunity, the organization might not have the risk capacity to support that course of action.

Opportunity management

  • Opportunity management is the approach that seeks to maximize the benefi ts of taking entrepreneurial risks.
    • Organizations will have an appetite for investing in opportunity risks.
    • There is a clear link between opportunity management and strategic planning.
    • The desire is to maximize the likelihood of a significant positive outcome from investments in business opportunities.
      Uncertainty in projects

PMI-RMP certification

Risk management serie

Risk management : introduction and definitions

Risk Management : risk management common language

PMI-RMP certification : 2022 exam

Created : 04/01/2022

Update : 08/01/2022

Leave a Reply

Your email address will not be published. Required fields are marked *