The business world is being disrupted by the combined effects of growing emerging economies, shifts in global demographics, ubiquity of technology and accountability regulation. Infosys believes that to compete in the flat world, businesses must shift their operational priorities.

« Governance, Risk & Compliance + | Main | The flat world rebound effect? »

Enterprise Risk Management- Where are we?

Few days back, I had the opportunity to attend one web-session on ERM where overall dialouge was based on the recent ERM - 2008 survey (click here for presentation). Organizations from different sectors had contributed to this survey. I was completely perplexed on some of the findings and could able to conclude why the corporate governace standards of many organizations are weak and fragile. If I look back at that one hour, there are three factors which seem to me the culprits behind the failure of ERM and subsequent governance debacle. I would call them as - Executive Block, Operational Block & Infrastructure Block.

1. Executive Block

In order to have a successful ERM lunch, sponsorship & accountability of board are the paramount factors. However, reality gives different story. Board / CXO level are yet to internalize the essence of good ERM practice and their accontability standard is abysmally low (refer slide 9). The apex body is yet to understand the business value a successful ERM program brings- that's sad and uncalled for. If this is how strategy maker digest ERM, then I can clearly see a governance standard san risk appetite- that's definitely alarming in a milieu when Governance-risk & Compliance (GRC) should go hand-in-hand. Therefore, 50 % responding firms could not see risk management reflecting in strategic planning process (slide 8).

2. Operational Block

CXO level decides the ERM starategy, however the onus lands in the lap of middle management, line managers and so called operational cops. Well, most of the firms lack the risk-based-compensation principle which is the driving baton for successful risk program implementation. This points to the aspect of risk culture (slide 13). Unless the operational structure is susceptible to the standards of risk-based value creation and the organizational culture not promulgating risk based reward program, ERM will loose its belt in the very first year. The layer which knows most about the impending risk is the busine line manager and if they back track on their commitment, ERM program will not stand its ground. To my surprise, more than 50 % organizations are not having proper risk reporting at organization level (refer slide 18) and more than 60% firms have difficulty aligning risk to organizational culture & behavior (refer slide 22). So, let's have these operational holes covered up.

3. Infrastructure Block

Another key factor behind successful ERM is the infrastructure which is supporting the processes. From risk identification, assessment, management till risk mitigation and reporting- all these processes in an organization need to be well coordinated and perversed to have successful implementation. But look at the reality - more than 50 to 60 % firms have yet to introduce technology to these processes (refer slide 10). We still have siloed structure to measure risk- that means not integrated and the ERM methodology & the technology infrastructure are not complementing each other, rather becoming road-block to each other. Infrastructure is even pathetic when getting an integrated view of organizational risk-called risk convergence (90% firms do not have infrastructure to get an integrated view-slide 10). So, even if we have siloed technology infra for individual process and nothing at integration level, then end goal of ERM gets subsided and enterprise will have a fractal measure of all risks (strategic/business, financial, operational & risk convergence) it's facing. That's not an acceptable scenario.

Then what should organization do to improve its ERM program? Very simple, analyze the above three blocks and alleviate their loopholes. That means-

  • Bring the board sponsorship and accountability to ERM. Risk identification, ERM methodology formulations are the sole responsibilities land on executives. They should also ensure ERM program encompasses all risks organization is facing. Also, board needs to promulgate risk-based-reward program and sound risk culture within each organizational entities.
  • Operational layer will have the responsiblity to manifest all risks identified to actionable tasks- from assessment till mitigation and reporting.
  • Technology has to be pervasive at all levels of ERM to ensure greater coordination, collaboration and fantastic analytics. Please remember the choice of ERM methodology and the technology should be done in tandem, not in siloed sphere. That definitely brings us to the discussion of ERM, governance and technology co-existence & inter-dependency.
  • Ultimate goal would be to understand all risks organization faces, bring them all to single infrastructure, measure, mitigate and report. The essence would be to canvas ERM in consonance with various business lines.
  • With above points in place, board will have better visibility to risk and the risk inputs can be utilized in strategic planning and greater value realization.

 

Posted by Suvendu Samantaray on June 11, 2008 10:56 PM |

TrackBack

TrackBack URL for this entry:
http://www.infosysblogs.com/apps/mt-tb.cgi/109

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.

Subscribe to this blog's feed

Follow us on

Blogger Profiles

Infosys on Twitter


Blog Roll

Recent Posts

Categories

Archives