What is the point of Enterprise Risk Management?

Another challenge with traditional risk management is that although most business leaders understand the concept of “risk-and-return”, most struggle to connect risk management to organisational level strategic planning. Risk management is often internally focused and granular – looking within the four walls of the organisation, with minimal focus on risks that may emerge from outside the business.

Over the last decade, some business leaders have recognised these potential shortcomings and have begun to embrace ERM as a way to further strengthen risk oversight. They realise it is simply too late to wait until a risk event occurs to act.

Simply put, ERM is a framework to effectively identify and manage risks and seize opportunities to achieve the organisation’s goals. It seeks to build a top-down, enterprise view– hence the name - by creating a basket of all the risks that may impact business viability, whether negatively or positively. The process broadly involves identifying risk events or situations relevant to the organisation's goals, assessing them by likelihood and magnitude of impact, determining an appropriate response strategy, and monitoring progress. Coordination is key, and the output from this process is integrated to provide a clear picture of risk for stakeholders and improve risk management for the organisation.

Given the goal of ERM, responsibility for setting the tone and implementation rests on senior management and boards. They have the best enterprise view and must take charge of understanding, managing, and monitoring the most significant risks the group faces. But again, as the name suggests, all functions must play their part. For example, the risk department is vital in evaluating risk management processes and advocating continued improvement. Other control functions can help in regular assessments and to develop an engagement plan at various levels that is continually updated.

By identifying and proactively addressing enterprise risks and opportunities, businesses protect and create value for their stakeholders, including owners, employees, customers, regulators, and society. This is especially crucial in today’s increasingly VUCA (volatile, uncertain, complex, and ambiguous) operating environment. The volume and complexity of organisational risk are growing at an unprecedented pace. The recent crisis caused for hundreds of companies worldwide by the WannaCry and Petya ransomware is just one example among many. At the same time, expectations for more effective risk oversight on management and business leaders have become much higher.

Because risk constantly emerges and evolves, it is important to understand ERM implementation is an ongoing process. Even though ERM has become more popular, some unfortunately view it as a project with a specific beginning and an end. While the initial launch of an ERM process might require aspects of project management, the benefits can only fully realised when management thinks of it as an active and alive process, with constant updates and improvements.

As a leading global agri-business operating in 47 product platforms across 70 countries, Olam is firmly committed to ERM as a complementary catalyst for our continued growth and viability, in buttressing our risk management capabilities. We hope more organisations will join in embracing ERM to generate long-term, sustainable value for stakeholders.