In addition to standard risk management processes such as credit, foreign exchange and market risk, CFOs are increasingly being asked to report on ways to minimize risk in a wide variety of other areas including- new product investments, acquisitions, HR, brands, market share, customer acceptance and satisfaction and product liability- in fact all operational and strategic processes across the enterprise. This is causing a rethink on the systems required to monitor such broad-based risks.
A string of corporate disasters such as Enron, Worldcom, Ford and GM has transformed the status of risk management to a central role. Up until five years ago risk management was handled by actuaries and internal auditors. Now the discipline incorporates high-level corporate risk officers reporting directly either to the CEO or a board level risk management committee.
This trend is encapsulated by the emerging discipline of ERM- ‘enterprise risk management’- a set of broad-based management processes that integrates all risk areas from- insurance financial derivatives, foreign exchange and trade to credit, market, political, brand and image risks, to corporate governance, regulatory and legal issues and now escalating environmental impacts.
ERM aims to achieve systematic reduction in all risk outcomes facing enterprises today, but with the goal of creating balance between realizing opportunities and minimizing adverse impacts.
The quality of an organisation’s information technology architecture plays a pivotal role in this area both by both processing and integrating the data needed to manage risk and by ensuring that the company’s risk policy and planning is rigorously implemented.
However to date, the challenges in managing risk on an enterprise wide basis have proved daunting. According to a recent Deloitte Global Risk Management Survey, less than a quarter of businesses surveyed were able to integrate risk across any of the major functional dimensions- risk type, business unit or geographical area.
There is also the tendency for financial and manufacturing institutions to focus primarily on areas of traditional risk where data analysis and statistical techniques have been developed. This is a natural response, but in an environment where new and potentially lethal risks can emerge suddenly triggered for example by major catastrophes such as bird flu or a surge in the oil price impacting large vehicle sales, as in the case of Ford, it is important to look at the bigger picture and seek to anticipate and avoid those submerged risks that can abruptly sink even the largest enterprise.
Managing such potential risks in the future enterprise environment will require new architectures and information system safeguards to constantly and automatically monitor the quality of decision outcomes; in other words implementing a sophisticated Deep Decision Risk Audit Framework.
Even when when risk and audit plans are implemented, the associated critical decision processes that need to be activated, are either not integrated into the control architecture or the outcomes are ignored because of lack of substantive risk cost estimates.
Risk outcomes are inevitably associated with all decision-making processes and the quality of those decisions largely determine the survival and productivity of the enterprise. A deeper decision assessment process ensures that the risks associated with critical decisions, including those governing potentially catastrophic outcomes, are better anticipated, highlighted and quantified. This allows intervention before, not after critical thresholds are breached and before serious and chaotic escalation occurs as with the recent global financial meltdown.