Business leaders navigate a complex environment in which the pace of change is rapidly accelerating and this has put pressure on companies to focus on risk management. The risk environment is equally challenging. Organisations are juggling a multitude of risks and it is becoming extremely difficult for enterprises to identify and reduce the impact of risk on their organisations. While managing the failure of critical assets is the top pressure, executives should not forget the risks associated with non-compliance, environmental, financial, logistical and supplier issues.
As such, Enterprise Risk Management (ERM) and Enterprise Resilience have become hot topics. But what are they and are they the same concept?
Enterprise resilience and ERM are related concepts that are associated with risk, but they are different. Enterprise Risk Management is a process that organisations use to rigorously identify, assess, manage and monitor risks that may affect their operations and objectives.
Enterprise resilience, on the other hand, is a capability. It describes an organisation’s capacity to anticipate and react to change that could represent opportunities and threats. Resilience includes two important components: organisational capacity and the ability to adapt and grow from a disruptive experience.
BUILDING ENTERPRISE RESILIENCE THROUGH RISK MANAGEMENT
There are four stages to achieving enterprise which include:
- Stage 1 – prepare and plan for the risk event
- Stage 2 – absorb the consequences of the risk event
- Stage 3 – recover from the risk event
- Stage 4 – successfully adapt to the risk event
ERM is the mainstay of Stage 1 and assists with the other three stages as it cuts across organisational silos and considers internal and external risks, such as cyber-attacks and natural disasters. In this way, ERM allows management to identify risks and absorb the negative impact and assists with recovery by allowing organisations to assess and mitigate risks and plan for adverse events.
EFFECTIVE LEADERSHIP IS VITAL FOR RESILIENCE
A healthy corporate culture promotes long-term resilience. The opposite may also be true. If the board and senior leadership are too focused on containing incidents and minimising bad press to preserve reputation and share value, this may lead to inappropriate responses in crises, and to inappropriate strategies to prepare the company to bounce back better.
Your governance, your values and your stakeholder relationships all determine your resilience. So do your processes.
WHAT DOES GOOD GOVERNANCE LOOK LIKE?
Good governance comprises four essential elements:
Transparency – being clear and unambiguous about the company’s structure, operations and performance, both externally and internally; and, maintaining a genuine dialogue with and providing insights to stakeholders and the market.
Accountability – ensuring that there is clarity of decision-making within the company; with processes in place to ensure that the right people have the right authority to make effective and efficient decisions; with appropriate consequences delivered for failures to follow those processes.
Stewardship – developing and maintaining a company-wide recognition that the organisation is managed for the benefit of its shareholders, taking into account the interests of other stakeholders.
Integrity – developing and maintaining a corporate culture committed to ethical behaviour and compliance with the law.
TRAITS OF SUSTAINABLE ORGANISATIONS
Almost all organisations have faced adversity at some point in their history. Those that prosper over long periods of time display a remarkable ability to bounce back from adversity time and time again and to create value in changing circumstances.
Business turbulence and disruptions need to be addressed in the same manner as any other material business risk. Directors have a duty to ensure that the organisations which they govern are sustainable through disruptive events and create a culture in which business opportunities are chosen wisely.
A sustainable organisation is able to quickly adapt and align its strategy, operations, management systems, governance structure, and supply chain to meet the challenges of significantly changing environments. It is also able to create competitive advantage by maximising opportunities in an informed manner.
Sustainability is not only about being able to respond to a single crisis or setback but about continuously anticipating and adjusting to trends that can permanently alter the viability of a business. Traits of sustainable organisations include:
A culture of sustainability – a clear purpose and a core set of values which are more than just platitudes. Leaders of sustainable organisations strive to make the purpose and value a compelling reality at all levels of the organisations. The measure of success of a culture of sustainability is the degree to which the organisation’s people, from the board down, are active participants in understanding and addressing the opportunities and risks associated with the achievement of the organisation’s objectives.
A strong understanding of risks aligned to business strategy – all strategies and all opportunities worth pursuing involve risks that must be monitored and managed. Risk management is about both protecting value and creating value.
Accurate monitoring and detection with relevant reporting to management and the board – reporting mechanisms to raise alerts about risks may also be used to identify opportunities.
Reliable and sustainable processes and infrastructure which balance efficiency with flexibility – contingency and recovery planning and competitive advantage are founded on risk-based analysis and are embedded in operational plans encompassing people, processes, systems and data.
BUILD YOUR ENTERPRISE'S RESILIENCE AND IMPROVE PERFORMANCE
The ISO 31000:2018 Risk Management standard provides principles and generic guidelines on risk management. The framework seeks to replace the myriad of existing standards, methodologies and paradigms that differed between industries, subject matters, and regions. It assists organisations to gain better control and visibility into the risks within their operations.
Cross-functional involvement and collaboration are the keys to a successful risk management and risk mitigation program and these are focus areas in the latest version of the ISO 31000:2018 Risk Management standard.
In a risk environment that is growing more perilous and costly, boards and business owners need to help steer their enterprises toward resilience and value by embedding strategic risk capabilities throughout the organisation. But how do you achieve this? Learn more! Download our FREE guide on How to Achieve A Best-In-Class Risk Management System.
A BETTER SOLUTION FOR MANAGING ENTERPRISE RISKS
Risks ZA works with organisations in numerous ways to help you understand and manage your risks.
Don’t miss our ISO 31000:2018 Introduction to Risk Management Public Training Event which aims to deliver better solutions for managing complex risks and identifying competitive advantages in an ever-changing business environment.
Gain invaluable insights into Risk Management principles and be in a position to establish best-in-class Risk Management practices. Visit our Training Schedule page to view when the next course is running in your area!