• SELECT SITE CURRENCY
Select a currency for use throughout the site
Risky Business II: Enterprise Risk Management As A Core Management Process
American Productivity & Quality Center, APQC, April 2009, Pages: 118
The organizations selected for deep, detailed study through structured data collection and site visits (referred to throughout the report as “best-practice organizations” or “study partners”) demonstrate innovative performance in one or more of the following study focus areas:
1. optimizing the ERM organizational structure;
2. identifying, implementing, and maintaining supporting ERM methodologies;
3. using ERM for effective decision making; and
4. using ERM for performance improvement.
The goal of this study was to examine organizations that excel in one or more aspects of the study scope and to aggregate the best practices from all the organizations studied. To achieve this goal, the APQC study team identified potential best-practice partners that demonstrated excellence and a history of success in the four scope areas. Project sponsors then selected the final list of partners from among the candidates.
With thought leadership from IBM Global Business Services, this report examines leading-edge ERM programs, describing how organizational leaders implemented ERM across business units and embedded ERM in core management processes to improve decision making. The included best practices and case studies offer valuable insights on developing strategic risk management processes and fostering a risk-conscientious culture.
- Best-practice organizations establish clear structures for ERM involving executive-level support.
- Senior leaders understand the impact of risk information.
- A holistic approach to risk management enables improved understanding of critical risks.
- Best-practice organizations use a variety of methodologies to identify, assess, aggregate, and report risks.
- Currently, the technology of choice for ERM among the partner organizations is Microsoft Office.
- A focus on risk management creates a culture of informed risk takers.
- Risk information must be effectively communicated across the enterprise in order to influence decision making.
- Effective risk management is evaluated as an organizational key performance indicator.
- Best-practice organizations use risk management as an individual performance indicator.
- Evaluation of ERM effectiveness is in the early stages of maturity.
4 Sponsor and Partner Organizations
A listing of the sponsor organizations in this study, as well as the best-practice (“partner”) organizations that were benchmarked for their efforts in enterprise risk management.
5 Executive Summary
A bird’s-eye view of the study presenting the study focus, the methodology used throughout the course of the study, key findings, and a profile of participants. The findings are explored in detail in the following sections.
11 Study Findings
An in-depth look at the findings of this study. The findings are supported by quantitative data and qualitative examples of practices employed by the partner organizations.
53 Partner Organization Case Studies
Background information on the partner organizations and their innovative practices in enterprise risk management.
In today’s global business environment, leaders of organizations must deal with a myriad of complex risks, many of which carry potentially substantial consequences. Stakeholders demand that these leaders employ methodologies to uncover the risks embedded in any given opportunity as well as the risks inherent in ongoing business operations. Many businesses are implementing enterprise risk management (ERM) as a program to improve the identification, assessment, and management of risks across internal silos.
Although ERM is a relatively young management discipline, this consortium benchmarking study has identified five organizations with advanced ERM programs. The report you are about to read describes how the leaders of these organizations implemented ERM across business units and embedded ERM in core management processes to improve decision making. Throughout the report, APQC offers valuable insights on developing strategic risk management processes and fostering a risk-conscientious culture. These two components are essential for establishing an effective ERM program and are emphasized in other leading evaluations, such as Enterprise Risk Management: Standard & Poor’s to Apply Enterprise Risk Analysis to Corporate Ratings (2008).
— William G. Shenkir, a special adviser on this consortium benchmarking study
Research indicates that strategy execution continues to challenge many companies where executives are faced with new and more potent risks. While working on APQC’s two ERM studies in 2006 and 2008, I have observed that the ERM body of knowledge and the application of strategic risk management frameworks are still maturing. There are, however, best-practice partner organizations illuminating the path for the rest of us, and I am extremely grateful to them. Our hope is that this study will help your organization improve its ability to identify, mitigate, manage, and report on ERM in a valued manner.
— Bob E. Paladino, a special adviser on this consortium benchmarking study
OVERVIEW OF FINDINGS:
The study team discovered 10 principal findings from studying the best-practice organizations. These findings have been organized into the following chapters, which map closely to the study scope. Each chapter explores key findings and supports them with brief examples from the study partners; additional details on the bestpractice organizations can be found in their respective case studies at the end of this report.
Chapter 1: Optimizing the ERM Organizational Structure
1. Best-practice organizations establish clear structures for ERM involving executive-level support.
2. Senior leaders understand the impact of risk information.
3. A holistic approach to risk management enables improved understanding of critical risks.
Chapter 2: ERM Support Tools and Methodologies
4. Best-practice organizations use a variety of methodologies to identify, assess, aggregate, and report risks.
5. Currently, the technology of choice for ERM among the partner organizations is Microsoft Office.
Chapter 3: Using ERM for Effective Decision Making
6. A focus on risk management creates a culture of informed risk takers.
7. Risk information must be effectively communicated across the enterprise in order to influence decision making.
Chapter 4: Using ERM for Performance Improvement
8. Effective risk management is evaluated as an organizational key performance indicator.
9. Best-practice organizations use risk management as an individual performance indicator.
10. Evaluation of ERM effectiveness is in the early stages of maturity.
Chapter 5: The “Essentials” of ERM
This chapter details lessons learned and critical success factors for effectively managing enterprise-wide risks.