(Newswire.net — May 22, 2020) — When business units work in isolation and create silos, enterprises may find themselves in a risky situation. Most business units are only interested in the risk that is associated with what they do and may ignore the overarching risks to the larger business. Protecting your organization requires addressing not only team-level risk but also a holistic view of the broader business activities.
According to Keith Marchiano with Baltimore IT support company Kyocera Intelligence shares, when you consolidate the risk management at a higher level within your company, you’re creating an action plan that can be administered quickly and effectively — reducing the potential of damage to your operations and your company’s reputation.
What is Enterprise Risk Management?
Many companies perform an annual risk assessment but fall down in terms of expanding the conversation between teams. A true enterprise risk management strategy includes these elements:
- Delve into business goals and objectives to identify pertinent risks
- Create a framework for risk assessment that will encompass each team or department within the organization
- Communicate technology and other risks in terms of business impact
- Define operational support that includes accountable ownership of risk and support for risk management
- Follow a process-oriented approach to risk management technology
Whether your current risk conversations happen casually once a year or are detailed ongoing assessments, creating an enterprise-wide approach will help mitigate and identify risks.
5 Problems With Traditional Risk Management Strategies
Traditionally, organizations managed risks by placing responsibilities on an individual business leader to manage risks within their business unit. This traditional approach to risk management is often referred to as a silo or stove-pipe risk management strategy whereby each silo leader is responsible for managing or elevating risks within their silo. With the onset of COVID-19 more employees than ever are working remotely. Many business entities were thrust into the unknown world of telecommuting and e-commerce overnight without fully understanding any related risks to their business. A key question is, “Can a traditional approach to risk management effectively deal with the fall out of the risks associated with this pandemic?”
“The biggest problems with a pared-down, formulaic approach to ERM often don’t emerge until it’s too late,” says Matt Shinkman, Practice Vice President, Gartner. “Complicated flowcharts and in-depth policy manuals intended to guide escalation decisions during a crisis are often difficult and time-consuming to follow; they aren’t a substitute for an effective ERM function.”
Problem 1: Risks Falling Through The Cracks
You would think this traditional approach to risk management makes sense; however, it has limitations that leave a void where risks across business units overlap with no one taking full responsibility for identifying, assessing, and mitigating the risk. That means a risk could go undetected and not managed until such time it causes a catastrophic event.
Problem 2: Risks Affect Multiple Business Units Differently
Risks throughout an organization can affect business units in different ways, with leaders responsible for the risk within their silo failing to underestimate the overall impact of the risk across the organization. A seemingly innocuous risk in one business unit would have a significant cumulative impact on the entire organization particularly when it comes to running multiple operations around the country and across the globe. An identified finance risk could lead to reduced marketing budgets resulting in a loss of sales caused by reduced advertising.
Problem 3: Responding to Risks in Isolation Can Hurt Other Functions of an Organization
Taking a traditional approach to risk management, individual risk owners may not understand how an individual response to one risk impacts other functions within a business. For example, in response to growing concerns about cyber risks during COVID-19, the IT team might tighten IT security protocols which can lead to costly “workarounds” in other business units leading to ineffective and slow responses to customer inquiries.
Problem 4: Failing to Connect Risk to Strategy
Most businesses struggle to connect their efforts in risk management to strategic risks. Lower-level managers and leaders are often left out of the strategic decision-making process which means they have no buy-in or input in identifying, assessing, and managing strategic risks. When strategic risk management is conducted in isolation with other business risks, it means the potential for a whole level of risks going undetected.
Problem 5: Taking an Internal Lens to Risk Management
The focus of traditional risk management usually has an internal lens to identify and respond to risks. When management focuses on internal risks they fail to take into account risks external to the business operations that could affect future operations. For example, a change in technology or policy that could disrupt how products are used by consumers.
Embracing Enterprise Risk Management
Savvy business leaders have recognized the risks associated with taking a traditional risk management approach and embraced the concept of enterprise risk management (ERM). You could say ERM mitigates the shortfalls of using traditional risk management processes within an organization as it strengthens risk oversight especially now that more people are working remotely due to COVID-19. With a more agile “impacts-based” approach to crisis escalation procedures and by appointing a business leader with primary responsibility for ERM, companies are able to more appropriately manage risk across the organization.
To find out more about ERM software solutions and strategies, contact your local managed services providers. These teams are the experts when it comes to recommending and installing the right ERM systems to manage internal, external, and strategic risks in a more cohesive fashion.