Solomon & Hoover CPAs, PLLC Blog - Financial Guidance to Help Your Business Succeed

Solomon & Hoover CPAs, PLLC Blog

Financial Guidance to Help Your Business Succeed

ERM: An easy way to get risk under control

Posted by admin On August 13th

ERM: An easy way to get risk under control


Perhaps, after a couple of rough years, your company is finally back on solid financial footing. Or maybe you recently resolved a potentially ruinous lawsuit. Your business’s future looks bright again — then cyber criminals hack into your network and steal all of your customer data.

You’ll never be able to prevent every risk from becoming reality, but you can — and should — take steps to manage potential perils. Among the most popular approaches is enterprise risk management (ERM).

How it’s different

Unlike traditional risk management techniques, which often are informal and “siloed” (meaning that each department focuses on minimizing its own risks), ERM is an integrated, companywide process. ERM assumes that all risks are related — that, for example, lax controls in your accounting department may enable fraud in receiving and, in turn, raise your business’s overall expenses.

ERM isn’t about eliminating every risk. It helps you clarify your company’s appetite and capacity for specific risks so you can develop a cohesive philosophy and plan for how they should be handled. In other words, ERM enables you to find an acceptable level of risk that allows you to promote your company’s strategic objectives.

Let’s say you run a pharmaceuticals company that has a new asthma drug. Many possible perils lie in wait as you conduct drug trials, seek FDA approval, establish reliable supply lines and try to avoid liability claims and intellectual property theft. Unfortunately, if you want to get your drug to market, you can’t avoid such scenarios. You need to minimize the risks inherent in a new product rollout and limit potential damage.

Making your list

ERM implementation starts at the top of your organization. Owners and executives must understand the need for ERM so they can sell it to their subordinates.

Once you have management buy-in, assemble a list with input from every division and department. Start with risks that endanger companies of all sizes and sectors, such as those involving finances, IT, natural or manmade disasters, regulatory compliance, and supplier and customer relationships. Then move on to company- or sector-specific risks.

Once your risk list is robust, rank items based on likelihood and impact. Then analyze worst-case scenarios for each one. If the list seems overwhelming, assign each risk to an “owner” who will be responsible for analyzing and monitoring it.

Enterprisewide view

Ultimately, you must come up with ways to manage your biggest threats. Do this by building on current risk management practices, such as audits, insurance coverage and internal controls. You can gradually incorporate an enterprisewide view of risk to make these activities into a true ERM process.

ERM software can help. If employees understand the software application and use it regularly, ERM will become part of their jobs. For you, frequent monitoring of important metrics is an integral part of keeping up with ERM. Many software packages come with “digital dashboards” that keep critical risk-related information instantly accessible on your computer’s desktop.

Incremental approach

You don’t have to implement every component of an ERM program at once. An incremental approach that begins with relatively simple processes and builds the program over time is easy to adopt and can be very effective.

Leave a Reply