How to adequately evaluate what DOESN’T happen within an organisation? [PART 1]

Silver Bullet Risk - BLOG - ERM - Enterprise risk management - ROI Vision

The role of ROI in managing organisational risks

When something happens within an organisation, it is easy to quickly evaluate the effect of said event and determine the responsible department or person. It is more complicated, however, to do the opposite: if nothing earth-shattering happens within an organisation, it is almost impossible to prove that a responsible, conscientious risk manager (RM) is to thank for this. What is more, the management usually takes the credit. (Truth be told, this is not so far-fetched either, since it was the management who brought a good RM on board!)

According to the above, we can conclude that the key issue in risk management is to be able to prove that the system is working. The role of a good RM is to help an organisation attain its objectives by reducing the possibility of derogation or by preventively reducing the consequences of potential derogations of the company on its way to attain its objectives. This means that the RM is playing an extremely important role in his workplace, making him the scapegoat for most of the issues, but receiving little praise for the preventive measures undertaken.

However, the RM’s duty is to help the organisation. His contribution or the value of the entire ERM process can therefore only be measured if we know the company objectives, thus measuring how the ERM system functions in relation to the objectives set.

Here are a couple of questions to help with that:

Compliance: Are we complying with our own directives and policies in our risk management system?
Maturity: How does our risk management system compare to best practices and to our competitors?
Added value: Does our system contribute to achieving the objectives and results of the organisation and, if so, to what extent?

You might be surprised to hear that usually, the hardest part of measuring the effectiveness of a risk management system is to prove that it is contributing added value to the company. In other words: you’ll be able to answer the first two of the above questions relatively quickly and confirm whether you are complying with the standards you commit to in your company, and if your risk management culture or maturity is improving. However, it is a little harder to comply if the management requires proof that the risk management investment is actually paying off in the form of better results. Harder, yes, but not impossible!

We measure the achievement of business objectives through key performance indicators (KPIs) and performance criteria. In other words: when we manage risks in an efficient manner, we are also familiar with all uncertainties that can affect our business objectives, which makes us better equipped for managing all the risks that appear. This also means that the key performance indicators need to be improved on in order to measure the effectiveness of the ERM system!

Silver Bullet Risk - BLOG - ERM - Enterprise risk management - ROI Vision

The benefits of an ERM system are two-fold:

Limiting surprises
Adding value

Of course, we must also realise that the ERM process is not a magic trick. In spite of a well-established system, bad and unpredictable things will keep on happening in companies. However, the system will help you to be better prepared when they do, react faster and in an organised manner, and have all the resources ready to pull the right strings, thus significantly improving the decision-making process within an organisation.

The ERM system also adds other benefits, becoming an indispensable part of business plans as management discussions regularly include risks and uncertainties.

Transparency: even though in many organisations, this value is not (yet) a priority, it represents an enormous advantage for owners and employees alike.
Discipline: when employees, business processes and departments familiarise themselves with risks and suitable measures, the robustness of the organisation increases, thus raising the level of the internal risk management culture.
Clearly defined objectives: For an ERM system to work well, the objectives of the organisation must be clearly defined for all interested parties, which is a task often not implemented in a suitable manner. Clearly defined common objectives and potential obstacles leading to them provide for significantly better results. An organisation must actively react to changes in the environment and the business processes, thus further decreasing the possibility of wrong decisions or missed business opportunities.
Simpler allocation of capital or allocation of funds: Comprehensive information, including risk-related data, allows for a simpler allocation of funds and an easier segmentation, regardless of whether we’re preparing the pricing policy for individual products, markets, clients, and competitors, or comparing risks and income.
Increased trademark reputation: A good ERM system allows us to protect the trademark and the reputation of a company or an organisation. It not “only” affects the value of shares but also contributes to the value of the entire organisation, which is the most important piece of information for the supervisory board and the owner.

Next time, we’ll tell you all about how to deal with each individual KPI!


For more information about risk management follow our LinkedIn & Twitter account. You can join the debate in Linkedin group ERM – ENTERPRISE RISK MANAGEMENT.