Systematic enterprise risk management is a never-ending process in a company that ensures that the risks are appropriately managed.
Risk management process is in its simplest form divided into 4 main phases:
While many ERM books make it sound complicated really is not.
First, we must identify the existence of a risk; evaluate how serious risk we are dealing with, doing something about it, and finally ensure that what we did helped.
Then over time we repeat the steps 2, 3 and 4 to ensure that situation hasn’t changed and that our mitigation efforts are still suitable.
All this being said, there are number of fine details in each of the steps that one should be carefully. And in our article series we’ll bring additional insights into each step.
-Create a collection of all the risks that the company faces → Risk register
-How to know which risk exists? Use out of the box thinking & imagination
-Avoid identifying difficulties as risk; avoiding double counting the same risks; start with the major risk and don’t think that large number of risks means that identification was done well
-“Deciding how serious risk is”
-Quantify in monetary units based on cash flow, profitability, and firm value impact
-Advanced: Take into account the interdependencies → risk aggregation
-Strategies to reduce risk: Assume; mitigate; hedge; transfer
-Cost benefit analysis: Does it pay off to mitigate risk (requires monetary risk quantification!!!)
-Assign risk owners and organize risk treatment tasks
-Track risk realization and near misses → Data
-Keep track and record underlying risk drivers, such as price fluctuations and interest rates (KRI – Key Risk Indicators)
-Control that risk treatment is functioning well
Contact our team if you want to manage risks systematically.
Finance professional with a wide range of experience from risk management, corporate finance and energy sector. In his work, he seeks appropriate solutions, strategies and tools, allowing our business partners to implement a more comprehensive and proactive approach to risk management in their organizations.