ENTERPRISE RISK MANAGEMENT
by David L. Richards
Traditional approaches to risk management were based on a silo technique in which one risk was managed at a time without acknowledging the interrelationship of risks. Although this narrow, silo approach to risk was helpful in managing more measurable risks, such as insurable and financial risks which may be relatively easy to measure and manage when substantial historical data is available, It was not well-suited for or even aimed at managing operational and strategy risks which were unique to the firm with little or no data available. Moreover, the traditional approach primarily focused only the negative side of risk, i.e. on protecting from hazards, it did not encompass or weigh the potentially positive implications of certain risks. In the context of many firms, this traditional silo-based approach often still means today that there is relatively little comprehensive management of the firm’s entire risk portfolio such that the firm’s billings and receipts, client retention and development strategies, training and legal malpractice strategy, employment discrimination and broader worker liability strategies, and other risk sectors were handled largely independently. In many firms, risk management is still evolving from reactionary and rudimentary to proactive and comprehensive.
More recently, due in considerable measure to the wide-scale and largely unanticipated impact of the 2008 financial crisis, many firms have been moving toward a more robust and holistic approach to examine and respond to the full complement of risks, both positive and negative, through a new Enterprise Risk Management (ERM) strategy. Although ERM began to take form in the late 1990’s, it was not until the wake of the recent global financial crisis that many firms came to recognize that their outdated compartmentalized approach and their historical experience in assessing risk exposures left them ill-prepared to respond to unusual and rapid changes in the market and broader economy. Thereafter, many firms turned away from the myopic, traditional risk management approach and moved toward ERM, which relies upon enterprise-level assessment, quantification, financing, and managing of risk, and careful analysis regarding the interrelation between various risks within the firm’s portfolio.
Sources:
Beasley, M.S., Hancock, B. V., and Branson, B.C. (for COSO) (2009). Strengthening Enterprise Risk Management for Strategic Advantage. Retrieved June 5, 2015 from http://www.coso.org/documents/COSO_09_board_position_final102309PRINTandWEBFINAL_000.pdf.
Bharathy, G., and McShane, M. (2014). Applying a systems model to enterprise risk management. Engineering Management Journal, 26(4), 38-46.
Djapic, M., Lukic, L., and Popovic, P. (2013). Technical product risk assessment integration into the Enterprise risk management. Tehnicki Vjesnik, 20(4), 721-730.
Goldberg, J. (2008). The Evolution of Law Firm Risk. Risk Management, (8). 48.
Grace, M., Phillips, R., Leverty, J., and Shimpi, P. (2015). The value of investing in enterprise risk management. Journal of Risk and Insurance, 82(2), 289-316.