Enterprise risk management: from mitigation to optimization.
| Author | Burbridge, Chuck |
| Position | Forum - Government |
Having worked for a combined 35 years in and around the finance offices of major Midwest state and local governments both as clients and advisors, we can appreciate the skepticism with which finance officers must approach enterprise risk management. Yet beyond the hype and hyperbole, ERM embodies a quiet evolution in the ongoing effort to improve government performance--an evolution in scope, focus, and purpose.
Governments have employed a myriad of techniques and tools to improve their performance, including activity-based costing, performance budgeting, business process redesign, enterprise resource planning, customer relationship management, and e-commerce to name just a few. In many cases, however, the potential benefits of such efforts have proven elusive. Too often, these initiatives fail to deliver because of their own implementation issues. They may also fall short of their goals because they are viewed as standalone projects and not as an integral part of an ongoing management framework.
Although definitions of ERM vary widely by industry and among organizations, ERM is quite simply a top-down approach that aligns strategy, processes, people, technology, and knowledge to manage and optimize the risks of highest importance to the organization. It moves beyond the tradition of risk mitigation toward risk optimization, which involves determining an organization's risk appetite and capacity, seizing opportunities within those parameters, and capitalizing on the rewards thereof. As a result, risk management is beginning to be perceived as a new means of strategic management that links strategy to day-to-day risks. (1)
From Assessment to Management
Risk management has steadily evolved from simple internal control reviews to risk-based control reviews to comprehensive business risk assessments to enterprise-wide business risk assessments. Many organizations have embraced the concept of risk as a means of prioritizing management actions, identifying and measuring financial risks, business risks, process risks, and other types of risk. Traditionally, an outside entity assessed organizational risks and rendered a judgment thereon. ERM turns this notion inside our by embedding risk management in the organization as a key operating process. It transforms risk management from a tool used to focus attention into a process used to manage performance.
Integrated Service Delivery
ERM addresses the complete cycle of risk management by integrating...
To continue reading
Request your trialCOPYRIGHT GALE, Cengage Learning. All rights reserved.
