IERP® No Comments

Creating Value out of Enterprise Risk Management

At our Tea Talk session on 12th September, IERP® faculty member Zaffarin Zanal gave a featured talk on Creating Value out of ERM. Zaff started off by stating that—to strong murmurs of agreement across the room of risk practitioners—implementing ERM is hard.  The typical difficulty with implementing ERM is that while risk professionals understand the value for ERM, the top management (as well as the rest of the organization) might not readily see its value. Zaff noted that when something has perceived value, psychologically there is a ‘pull factor’ to it. It doesn’t require much forceful selling (the ‘push  factor’).

He shared that from the results of a 2017 ERM Benchmark Survey which showed that whilst enterprise risk management is a ‘popular’ framework being implemented in organizations, management and line managers are still quite resistant to it. The challenge lies in establishing that pull factor when risk management is so often seen as tedious, bureaucratic, and expensive. To treat this particular ‘acceptance risk’, it is important to understand the potential causes. Read more

IERP® No Comments

Towards an Objective-Centric Approach to Risk Management

With Enterprise Risk Management becoming increasingly institutionalized, global best practices are continually under revision as international standards-setting bodies such as ISO or COSO seek to improve on ERM methods and guidelines. A core development in recent years has been the recognition that an objective-centric approach to ERM yields greater outcomes compared to the traditional taxonomy approach. At the same time, the constant evolution of ERM practices means that there is often a gap where organizations are slow to correct outdated methodologies – due to the complexity and resources required to change existing processes, structures, and culture.

Conventional risk management is based on taxonomies, which create an often inductive process for risk assessment. Risk is identified and aggregated into a static and ‘stable’ set of categories, then prioritized according to likelihood and impact. The limitation to this approach is that risk is not stable. While taxonomies allow for a certain level of customization across different business units, their success and efficiency is predicated on the use of a standard and somewhat rigid set of categories and shared language – ultimately ineffective for large corporations facing wide-ranging risk complexities. Read more