After 2000, enterprises worldwide operate in an environment where forces may creating more and more uncertainties and risks, because the wide using of internet, the creation of new technologies, the globalization and the deregulation in countries. Thus, how to manage the risk and what is the best strategy for risk management became a big issue in the whole world. For many companies, enterprise wide risk management is now playing an important role in management level. This essay will analyze the enterprise wide risk management (EWRM), by answering the following questions: 1. What is EWRM, and how it can be implemented in the enterprise; 2. How does governance and compliance related to the EWRM, and how do they inculcate into corporate culture; 3. By the affecting of global financial crisis (GFC), is EWRM play well; 4. What are the threats and what responses could be offered; and 5. The cost on inaction.
1. What is EWRM, and how it can be implemented in the enterprise?
By introducing the risk management approaches, the basic concept should be known is what is the risk for business or company. The business risk is the stage of coverage to uncertainties that company should understand and need to manage effectively to achieve its objectives and create value. For instance, if the company does not know their business risk, they may hard to identify and implement their management strategy; furthermore, company would fail to operate successfully. In fact, in the real world, some companies may not clearly know their real potential risks, and of course, no one can foresee the future market. Therefore, the risk management now defined more than just focus on the financial perspective, it is about the running business effectively, the understanding the fundamental risks for business, and take opportunities to minimize the risk.
As the development of risk management system, entities realize that traditional risk management system had its way, and will not suitable for today’s complex situation. The integrated risk management (IRM) is a wide defined opinion for new risk management system, which addresses risks across a variety of levels in the organization, including strategy and procedure, and covering both opportunity and threat. IRM identifies the risk at strategic level, which could have a considerable effect on the whole organization, and enabling these to be managed proactively. Today, companies are faced with many different types of risk, such as market risk, credit risk, and operational risk etc. IRM would define these risks in an enterprise wide view.
As implement IRM, EWRM exits, which has been defined as ‘a systematic and integrated approach to the management of the total risks that a company faces’. It is a structured and closely controlled approach that aligns business strategy, process, people, technology and knowledge for the purpose of evaluating and managing the uncertainties an enterprise faces as it creates value. Its objective is to build and improve the qualifications of the enterprise to identify and manage risk. Recent survey shows that all recognize that well-governed companies in emerging market with a sound EWRM system can demand an additional share premium between 10% and 20%. Therefore, more and more companies shift their risk management strategy to EWRM, which allow companies to look risk historically and how it can be managed as a whole throughout the entire business.
As the new risk management standard ISO 31000: 2009 issued after global financial crisis (GFC), it requires the company to have a framework, such as EWRM, that integrates the process for managing risks into organizational governance, strategy and planning, management and policies. Moreover, it defines the process for EWRM, which can be divided into three stages: establishing the context, risk assessment and risk treatment. In the first stage, enterprise should articulate its business objectives,...