Much of the fallout from the financial crisis of 2008 can be attributed to the lack of coordination and integration of risk management practices at individual firms as well as across entire industries. To be successful at managing risk going forward, companies must begin to examine how they are currently focusing their efforts and how they need to evolve their overall risk and control program.
The evolution path for most risk and control programs can be broken into four distinct stages – Developing, Implementing, Improving and Integrating (see figure below). As companies begin to take a more focused approach to managing risk, they usually begin by simply reacting to regulatory demands or recent negative events that have occurred. In this initial “Developing” stage, companies may create ad hoc task forces or assign individual teams to address the risks.
However, most companies begin to see the need for a more formal, enterprise-wide approach and enter the “Implementing” stage. Here, a risk champion is typically named, standards are created and the various teams begin to align and share information. Once the sharing of information begins, both horizontally and vertically through the company, inefficiencies and gaps become apparent.
Companies then move to the “Improving” stage in order to streamline processes and adopt best practices. Finally, once the program has matured into an efficient mechanism on its own, it should be fully integrated into the business itself – at all levels. It is this “Integrating” stage of evolution that is the holy grail of Enterprise Risk Management.
Where is your company on the evolution path? What obstacles are you facing as you look to progress from one stage to another? Wheelhouse Advisors can provide both unique insight and practical solutions to help you reach the desired level of maturity. To learn more, visit www.WheelhouseAdvisors.com.
Great blog John, with out the integration stage, organizations do not have a complete picture or profile of their risk exposure.
ReplyDelete