Chapter 4: Enterprise Risk Management

Traditional Risk Management  

• Risks evaluated in a "silo" approach. (all evaluated individually as if they are completely separated from one another) 

• Loss exposures are usually insurable, pure risks: 

  • Personal risks 

  • Liability risks 

  • Property risks (direct loss) 

  • Net income risks (indirect loss) 

Evolution of Traditional Risk Management 

• In 1990s, many companies began expanding their risk management programs to include speculative financial risks. 

• Some organizations have now gone further in their risk management programs to consider all risks faced by the organization. 

Enterprise Risk Management (ERM) (program that looks all the risk; understanding that they are related and can offset one another; the risks may be beneficial to the organization as well) 

• A strategic business discipline that supports the achievement of an organization's business objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an integrated risk portfolio. 

ERM Program (risk is important to everyone) 

• Considers all risks an organization faces across the entire enterprise 

• Holistic/interconnected view of risk. 

• Typically headed by Chief Risk Officer (CRO) and used in large organizations. 

• Creates a "risk culture" within the organization in which everyone is responsible for identifying and managing risk. 

Types of Risk within ERM 

1. Hazard Risk  

2. Operational Risk 

3. Financial Risk 

4. Strategic Risk 

Hazard Risk (pure risk; no chance of gain) 

• Traditional risk management types of risks – property, liability, etc. (pure risk). 

• What risk management (RM) techniques are used to treat hazard risks? 

  • Insurance 

  • Noninsurance 

  • Retention 

  • Loss prevention/reduction 

Note - "hazard risk" within ERM is not the same as "hazard" as discussed within Chapter 1. 

Operational Risk (more day-to-day focused) 

• Risks arising from day-to-day business operations: 

  • Supply Chain (you can have multiple suppliers in case one goes out of business or have insurance to hold the company accountable if you don’t receive your products) 

  • Manufacturing Defects (something that doesn’t operate as intended or made like you wanted, the company could recall or have badge numbers on the product to identify which is defected) 

  • Customer Service (companies can train the employees properly; hiring the right people) 

  • Cybersecurity (leak data; you can have firewalls or an IT team to prevent leaks and viruses) 

  • Employment Practices (how we go about training or selecting someone; you could do background check, an interview, etc.) 

• What RM techniques might you employ? 

Financial Risk (speculative risk; opportunities for gain) 

• Risks arising from changing conditions within financial markets:  

  • Commodity prices (raw materials that can be bought or sold; ex: oil prices can spike or lower; you can buy a lot of the materials while the price is lower) 

  • Interest rates 

  • Foreign exchange rates (international; consider dollar amounts in other places) 

• What RM techniques might you employ? 

Strategic Risk (looking much broader and long term; ex: the business' mission; location is included in strategic risk) 

• Uncertainty regarding an organization's goals and objectives, and the organization's strengths, weaknesses, opportunities, and threats (SWOT). (SWOT can be helpful in identifying risk)