The word "risk" comes from the same root as the Italian verb riscare, which means "to dare." In the quest for competitive advantage, businesses are nothing if not daring. Taking risks is essential. The more an organization can understand, predict and manage the dangers lurking in its path, the more it can turn daring behavior into the stuff of sustained success.
Beyond the insurance industry, the goal of most risk management efforts today is to control the variability of financial outcomes, such as profits and stock prices, while letting corporations pursue increasing levels of profitability and returns. In the financial services industry, intense interest in risk management began two decades ago with the devastating failures of Barings Bank and Long Term Capital Management. Interest has accelerated with the dot-com bubble burst and Enron and WorldCom fiascos. In each case, a major culprit was the lack of organizational control and transparency — in short, a risk management failure.
This article describes how to put together an enterprise risk management (ERM) strategy that factors in all the discrete parts of the problem. With regulatory compliance and increasingly sophisticated threats to business, organizations need the big picture that an architectural approach provides.
ERM: Get the Big Picture
There are many kinds of risk, and, as you'd expect, a lot of "silo-ization" when it comes to managing processes involved. "We had accounting granting access codes to people to look at these transactions, and then we had purchasing coming in and saying 'yep, this person can look at those transactions,'" says Jayne Gibbon, manager of Internal Audit, about the way things used to be at Kimberly-Clark Corp. "Nobody was looking at whether giving the same person access to both kinds of transaction codes would expose the company to fraud."