Closed-loop risk management
The concept underpinning enterprise risk management (ERM), namely a portfolio view of risk, has been around a long time. Today, many companies have done a great deal of work to assess enterprise risks. But traditionally these assessments have been fragmented and resulted in compartmentalising risks into “silos”. Much less has been done to embed an effective ERM framework into an organisation, from the executive through the managerial levels to operations.
To help companies better manage enterprise risks, Risktec has partnered with Strategic Thought Group plc, the provider of Active Risk Manager (ARM) – the leading ERM solution available today with thousands of users in 12 industry sectors. Risktec’s contribution focuses on implementing ARM in a way that helps an organisation take full benefit of the ability to aggregate risks and measure and improve risk performance.
CLOSED-LOOP RISK MANAGEMENT
ARM provides the functionality required to implement a broad range of risk, governance and compliance standards, including COSO (ERM & Controls), PmBok, HIPAA, CMMI, RMM, CMI, COBIT, SarbOx, HSC, The Orange Book, EFQM and Basel II. ARM actually goes further in that it can also be configured to allow businesses to apply their own ERM process.
The vision that guides ARM is Closed-Loop Risk Management (CLRM) [Ref. 1]. “Closed-loop” refers to the ability of the operational layer of a business to provide information on losses and near misses, enabling managers to report on how effective the risk management process has actually been, thereby demonstrating visible return on investment and “closing the loop” in the sense of a systematic process.
The cooperation between executives, management and operations, and the feedback of information from operations through to management and then to the board, also “closes the loop” in the practical sense of communication. Figure 1 illustrates these concepts.
Figure 1 – Closed-Loop Risk Management
USER INTERACTION
A single ERM solution for all potential users of an organisation needs to offer multiple methods of user interaction with the system to meet the specific needs of each area of responsibility (see Table 1).
ARM provides a different user interface for each user group. Extensive flexibility enables the product to meet the needs of the entire organisation.
FUNCTIONALITY AND TECHNOLOGY
ARM has an unparalleled level of functionality, supported by an ongoing development programme. The system provides deep functionality in each of the specialist risk types (e.g. insurance, project, corporate, H&S, financial, operational). The technology platform provides a secure web enabled solution that ensures universal staff access and significantly reduces technical barriers to deployment of a large-scale enterprise application.
BENEFITS
CLRM not only reduces costs (as well as the cost of risk management) across the business, but also enables a business to measure how effectively risk prevention and mitigation plans have reduced losses. Table 2 summarises the benefits.
CHALLENGES AND SOLUTIONS
The two biggest challenges facing the practical implementation of ERM include the ability to measure and compare different types of risk in a consistent way and the need to encourage enthusiastic ownership of these risks at all levels of the organisation.
A technological solution such as ARM provides the tools to help catalyse action: “what gets measured gets managed”.
A carefully managed roll-out programme, involving training in risk management by specialists such as Risktec, is critical to successful software implementation: the importance of culture and change management cannot be under-estimated.
References
Ref 1 – Strategic Thought: Closed-Loop Risk Management, 2006
This article first appeared in RISKworld Issue 10.