- Language selection.
- Log in to Wiley Online Library;
- What is Strategic Management, and Why is it Important?!
- Coach: Lessons on the Game of Life: Lessons on Baseball and Life!
- Sous le soleil de Burgas (Les voyages érotiques dAlexandre Barridon t. 12) (French Edition)?
- Guide to Integrated Risk Management.
Enterprise Risk Management (ERM)
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
How ERM Can Support Strategy and Performance
Upcoming SlideShare. Like this presentation? Why not share!
Embed Size px. Start on. Show related SlideShares at end. WordPress Shortcode. Aronson LLC Follow. Published in: Technology. The key outputs of the initiative are compliance with applicable laws, regulations, and company policies, integrity in communications, and rigorous processes in terms of performance measurement, communication, and knowledge sharing. The Controllership Initiative helps broaden the ability of Finance and Operations to collaborate in understanding the risks involved in the business as well as the potential opportunities that may arise.
The GE annual business planning process has three phases:.
The Growth Playbook helps management understand key trends in the market, including risks and opportunities of specific business decisions, and incorporate those as part of is overall strategy planning for the next three to four years. Linking governance to strategy requires governance principles to be diffused across and organization and to be enacted through daily operations. The finance organization can play a pivotal role as an access point to a shared language of measurement that draws on accurate financial accounting and reporting to:.
Opportunities and threats are not qualitatively different in nature, since both involve uncertainty, which has the potential to affect project objectives.
Research and Markets: Emerging Risks: A Strategic Management Guide
As a result, both can be handled by the same process, although some modifications may be required to the standard risk management approach in order to deal effectively with opportunities Hillson, There is broad agreement on the elements of an effective risk process, although the scope and names of various phases may differ. The risk management process is not complex, and is simply a commonsense and structured approach to dealing with uncertainty, ensuring that proper account is taken of every foreseeable risk.
The aim is to allow proactive management in advance, rather than waiting for risks to mature leading to situations requiring a reactive crisis response. Next responses are developed to address or treat identified risks, and agreed responses are then implemented, after which the process concludes with a feedback and review loop to update the risk assessment.
However, one phase of the risk management process appears to be more important than the others in ensuring that risk is dealt with appropriately. Risk identification and analysis phases, including both qualitative and quantitative, merely describe and analyze the risks to which the project is exposed.
You are here:
It is the Risk Response Planning phase where strategies are determined and actions are developed, the implementation of which will have a direct effect on risk exposure. If it is accepted that the definition of risk includes both threats and opportunities, and that the risk management process must deal equally effectively with both, then the question arises whether the Risk Response Planning phase as currently practiced meets this requirement.
Most risk management guidelines recognize at least four types of strategy in responding to identified risks. Hillson a, b defines risk response strategy types as:. The intention is to provide a strategic framework of response types, allowing a suitable response strategy to be selected for each identified risk, which can then be developed into actions for dealing with the risk proactively. It is clear however that if the risk management process is to encompass management of opportunities, then the traditional approach to risk response planning is inadequate, since it is mainly targeted at threats.
Clearly no project manager would wish to avoid an opportunity, neither is it usually considered appropriate to transfer a potential benefit to a third party. Mitigating an opportunity to make it smaller is also the wrong approach, and passively to accept that an opportunity might happen seems unwise. Given that the Risk Response Planning phase has the most direct influence over risk exposure, one might expect this phase to be the part of the risk management process, which most clearly targets both opportunities as well as threats.
However some modification is required to the standard risk response strategies to make them suitable for handling opportunities. Despite this attempt to guide practitioners toward strategies for responding to identified opportunities, few details are given for the recommended approaches, and they represent neither an internally consistent set of response types nor a complete range of options. The descriptions of each opportunity response type in BS are minimal and overlapping, viz. The British Standards Institution is to be commended for at least attempting to offer explicit strategies for managing identified opportunities.
However their recommended approaches lack consistency and completeness, and a more structured set of strategies is required. Since project managers and risk practitioners are used to the four common risk response strategies for threats of avoid, transfer, mitigate and accept, it seems sensible to build on these as a foundation for developing strategies appropriate for responding to identified opportunities. This can be done by seeking to understand and generalize the underlying principle behind each threat strategy, then extending this to develop the positive equivalent approach for dealing with opportunities.
The principle is illustrated in Exhibit 1, and detailed in the paragraphs below.
The upside equivalent is to exploit identified opportunities—removing the uncertainty by seeking to make the opportunity definitely happen. This can be mirrored by sharing opportunities—passing ownership to a third party best able to manage the opportunity and maximize the chance of it happening. Opportunities included in the baseline can similarly be ignored —adopting a reactive approach without taking explicit actions. It is generally accepted that strategies for dealing with threats should be considered in the order avoid-transfer-mitigate-accept.
This means that for each risk threat , one should first ask whether it can be avoided, then look for possible transfers, thirdly consider mitigation, and only as a last resort accept the residual risks left over. Factors in deciding which response strategy is most appropriate include the type and nature of the risk, its manageability, the potential severity of impact, availability of resources to implement the chosen response, and cost-effectiveness. In the same way, opportunity response strategies should be considered in the order exploit-share-enhance-ignore. The aim of this risk response strategy is to eliminate the uncertainty associated with a particular upside risk.
An opportunity-risk is defined as an uncertainty that if it occurs would have a positive effect on achievement of project objectives. The exploit response seeks to eliminate the uncertainty by making the opportunity definitely happen.
In the same way that risk avoidance for threats can be achieved either directly or indirectly see Hillson a, b , there are also direct and indirect approaches for exploiting opportunities. Direct responses include making positive decisions to include an opportunity in the project scope or baseline, removing the uncertainty over whether or not it might be achieved by ensuring that the potential opportunity is definitely locked into the project, rather than leaving it to chance.
Indirect exploitation responses involve doing the project in a different way in order to allow the opportunity to be achieved while still meeting the project objectives, for example by changing the selected methodology or technology. Where avoidance goes round a threat so that it cannot affect the project, exploitation stands in the way of the opportunity to make sure that it is not missed, in effect making it unavoidable. One common objective of the Risk Response Planning phase is to ensure that ownership of the risk response is allocated to the person or party best able to manage the risk effectively.
For a threat, transferring it passes to a third party both liability should the threat occur and responsibility for its management. Similarly, sharing an opportunity involves allocating ownership to a third party who is best able to handle it, both in terms of maximizing the probability of occurrence, and in increasing potential benefits should the opportunity occur. In the same way that those to whom threats are transferred are liable for the negative impact should the threat occur, those who are asked to manage an opportunity should share in its potential benefits.