Feature
PRACTICE
Written in stone? Risk managers should not treat an organisation’s strategy as though it were written in stone. Applying enterprise risk management to strategy is key to ensuring its success BY AL DECKER and DONNA GALER
W
hether an organisation has a formal strategic plan or simply a set of objectives, enterprise risk management (ERM) is a key element of ensuring its success. The strategic plan should outline the strategic thrusts or tactics that have been decided upon; the specific strategic projects in the plan period; and the financial and non-financial strategic goals and objectives. Once these elements are finalised, it is up those who are responsible for the ERM process to see that risks to these strategy elements are identified, sized, prioritised, and addressed in some way. The alternative ways of dealing with such risks is that they may be mitigated, transferred or accepted, or the strategy may be modified to avoid them. ERM is strategic activity that is meant to address all types of risk across all business functions and activities: strategic and operational, insurable and noninsurable, current and emerging. Both strategic and non-strategic risks can be significant. However, strategic risks tend to have characteristics which are particularly challenging. For example, they threaten the core mission or product of the organisation, and they are generally not temporary but constitute the on-going
30
ERM is strategic activity that is meant to address all types of risk across all business functions
Enterprise Risk
