Enterprise risk management — correctly implemented — has an immediate practical benefit: to properly specify the root cause and so find solutions to chronic business problems.
That might sound surprising, as many conceive of ERM as a compliance exercise, with purported eventual benefits, such as reduced volatility and lowering the cost of capital. But value should be evident in the very first risk ID and assessment session, where a given project, or strategic or operational plan is scrutinized.
How does ERM help solve seemingly intractable business problems? Only if there is a very sharp, comprehensive and rigorous risk identification and assessment process. The trouble is that many embarking on risk ID use a conventional approach (limited to, say, hazard risk, or “exposure to assets”). Others use an ad hoc approach — merely an informal discussion of risk, with no method. What are taken to be risks by the group are often simply known trends and extant conditions. The result is a just bland rehash of familiar issues, and the risk ID document ends up sitting on a shelf.
What I call High Quality Risk Assessment meets the challenge of developing risk information that gives insight. The facilitator leads participants to identify the true uncertainties affecting our intended actions. These are the vital concerns that are floating in our subconscious, but, without methods, are never systematically captured and addressed. Using risk categories in a round table exercise, we can be comprehensive in the search.
I have experienced this time and again with clients. Once rigour is properly introduced into the risk ID exercise, difficulties in the business which had escaped definition and proper analysis finally come to light. Staff then gain confidence in their ability to manage the business at hand. They now see and understand risk that was previously undetected, and are freshly motivated to fix these conditions and move the organization forward.