By PETER WERE
Forecasting business performance used to be
straightforward. Over the years, by the end of the first quarter,
managers usually had a fairly reliable sense of how the business was
shaping up and whether targets would be met, missed or exceeded.
Confidence in quarterly and annual predictions was so high
that coming in above or below by even the smallest amount was considered
a surprise and set off moves in stock prices.
But things have changed over time. Internal and
external influences, some of which are “hidden” to managers make
prediction and planning difficult for most managers. This calls for what
is referred to as enterprise risk management (ERM).
Enterprise risk management is an enigma. Many
managers say they do it, yet many corporate executives do not understand
what it is. The reality is companies think they are implementing ERM,
but they really aren’t.
What we see in practice often demonstrates a very
limiting view of ERM, from maintaining a list of risks — enterprise list
management — to summarising risk responses, leaving many corporate
leaders underwhelmed with its value contributed in view of the speed of
business and ever-changing economic environment.
In its immature state, ERM adds limited value
because it often leaves management with a list of risks and very little
insight as to what to do next.
In its various forms, ERM may increase risk
awareness with management, the board of directors and others, but it
will not be effective in driving decisions because it typically isn’t
integrated with the enterprise’s decision-making processes.
As a result, risk is often an afterthought to strategy and risk management is an appendage to performance management.
The Committee of Sponsoring Organisations points
out that ERM, among other things, is an ongoing process and applied in
strategy setting across the enterprise (pervasive).
It is designed to identify potential events that,
if they occur, will affect — positively and negatively — the entity and
to manage risk within its risk appetite and also provide reasonable
assurance regarding the achievement of business objectives.
The modern business managers and directors have no
option but to take a fresh look at risk management and also ensure that
enterprise risk management is part and parcel of strategy and operations
because of a number of reasons including the following:
First, the time when negative consequences are
realised may come sooner than expected when the fundamentals of the
business completely change.
Former managers of postal services in Kenya must
have appreciated the impact of technology in business — mobile phone
calls and money transfers impacting negatively on services which were
priority the domain of postal services.
Risk management is about securing “early mover”
positioning in the marketplace. Management of strategic uncertainties
requires an understanding of the key assumptions underlying the strategy
and monitoring changes in the business environment to ensure that these
assumptions remain valid over time.
It is not what business managers know that matters,
it is what they don’t know that makes the difference. The question
should be: Is our approach to assessing risk and identifying emerging
risks bringing out what we don’t know?
Second, most businesses are boundary-less. A strategic
perspective applied to operational risks suggests the need for an
end-to-end extended enterprise view of the value chain, requiring
consideration of upstream and downstream relationships.
What happens if any critical component of this chain were
lost for an indeterminate period of time, for example, operations of a
single supplier getting interrupted?
Sooner or later, there will be a crisis that will
test your company. Even the most effective risk management cannot
prevent this exposure.
Yet companies spend a lot of time guessing at
probabilities and ignoring the speed of impact, the persistence of
impact over time and the organisation’s response readiness.
Firms must realise that risk taking happens within
an organisational context, and the appropriate risk systems, processes,
and cultures must be built.
Mr Were is a financial adviser at Anchorage Ltd, a financial and business advisory firm. Email: odindiwere@anchorage.co.ke.
No comments :
Post a Comment