Enterprise Management–Risk or OpportunityPosted: July 22, 2013
Recently, there have been several new studies and articles released on Risk Management. COSO published a paper on using its ERM framework to help with Sustainability reporting which can be found at http://www.coso.org/. KPMG released a study on ERM capabilities which can be found here.
The more I’ve read the more I come to the conclusion that Enterprise Risk Management is in incorrectly named. It seems that the more we look at it ERM is really something else. The purpose of business is to take risk. If Investors and owners didn’t want to take risk they would simply leave their money in the bank earning a paltry half percent these days. Instead they decide to put their money at risk in the hopes the risks the business takes will result in a greater return.
So if a business’ purpose in life is to take risk, why do we spend so much time taking about managing risk? Part of it comes from the conflicting requirements a business faces. Certainly they have to take risk in order to try to make a profit, but there are risks a business wants to avoid. Financial reporting risk is one many CPAs are familiar with, but there are others such as regulatory compliance risk and certain legal risks that are also to be avoided or minimized. The problem is when that “minimize the risk” mindset sinks into the regular business decision making process.
I think the whole ERM process is unfortunately bringing that minimize or eliminate risk mindset to the rest of the business. Maybe this is because ERM efforts are often lead by Financial or compliance professionals that bring that negative view of risk from their discipline. Or maybe it’s just that word ‘risk.’ What if we called it Enterprise Opportunity Management? That certainly gives it a different connotation and makes you think differently about what the process should be. So, here is to looking for those EOM studies and how to articles.