Rethinking the Building Blocks of the Enterprise Risk Management Model

Abstract

Enterprise risk management (ERM) in business includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives. This paper argues, that Enterprise risk management being the process of aligning competitive strategy with the mechanisms that identify, aggregate, mitigate, avoid and transfer risk, is a goal of reducing losses while seizing opportunities in the marketplace. It is a disciplined approach to better manage the effects of uncertainty of an organization’s capital and earnings. In theory, according to the authors, ERM guides managers as they coordinate the multitude of tasks in order to identify the potential risks encountered by individual employees, business units, geographic divisions and corporate leadership. The resulting portfolio of risk sets the stage for planning the avoidance, transfer and mitigation of potential risks so the uncertainty of achieving the expected outcome is reduced. Furthermore, the paper highlights that with ERM, effectiveness is predicated on a process orientation, proper tools and high-quality information from operating units and individuals. In this regard, the letter ‘E’ in the acronym ERM could just as easily stand for employee. Therefore, the importance of employee is important in ethics and legal compliance, where successful management depends as much on how leadership and culture influences employee behaviour as on quantifiable controls and procedures. The above point will ground the first part of the paper.The authors argued that the ethical health of an organization culture has gained importance due to high-profile business failures where material weakness was found in the control environment. This issue will be addressed in the second part of the paper. The details pertaining control environments with strong cultures of compliance are known to be conducive to the minimization of risk (a positive control environment), while those with a culture of non-compliance do little to reduce risk (a negative control environment). This paper explained in this same second part that an integral component of ERM is to holistically manage ethics and compliance risk to help shape and foster a strong ethical corporate culture. This paper examines in the third part the five integrated process steps in building a lawful ethical culture, define, prevent, detect, respond and evaluate, providing practical suggestions and real-world examples. The paper concludes by discussing the bottom-line benefits of ethics and compliance management and how to market these benefits inside the organization in order to create support for ethics and compliance initiatives.