Putting enterprise risk management into practice
Written by Michael Feder
Reviewed by聽Kathryn Uhles, MIS, MSP,聽Dean, College of Business and IT
What is enterprise risk management?
Enterprise risk management (ERM) involves identifying and addressing potential risks a large company or organization might experience. It can include threats to everyday operations and roadblocks that could keep organizations from achieving their long-term objectives.
Because ERM focuses on the overall business or enterprise, it typically involves big-picture judgments. In other words, the strategies address the well-being of the entire organization, but decisions might be detrimental to a specific department within the company. For example, automating bookkeeping systems may reduce human error and eliminate the danger of financial reporting compliance failures. However, if hacked, this software could cause plenty of stress for the accounting department.
This example illustrates a trend in ERM. Professionals with a background in聽cybersecurity, IT or a related technological field are in demand, as they can reduce errors, minimize risk and help companies define and manage potential danger areas. Tech has become so ingrained in today鈥檚 corporations that it often becomes part of the risk-mitigation effort. With problems like data breaches, ransomware, and network or computer system issues that can cause work stoppages, IT risk management is often a primary focus of ERM plans.
Here鈥檚 a closer look at modern enterprise risk management, how it affects business operations and how specialists can help companies improve their ERM processes.聽
What makes enterprise risk management different from traditional risk management?
There are . Conventional risk management has a modular focus. It seeks to define risks for specific divisions or processes and then deal with each threat separately.
ERM brings a holistic risk management approach to the company or organization. This methodology requires decision-makers and stakeholders to consider all risks at once and assess how they affect one another as well as whether dangers will impact the company鈥檚 big-picture plans.
The ultimate goal of ERM is to manage the dangers that could affect the long-term growth and prosperity of the entire company 鈥 not just a specific department or business process. This allows a company to address both existing and potential risks proactively. Also, the emphasis on overall goals makes it easier to plan strategically so that problems, when they do arise, don鈥檛 negatively impact progress.
Finally, while conventional risk management strategies for corporations tend to integrate insurance coverage, . For example, ERM strategies can include plans for dealing with bad PR from a data breach or defective product. Though insurance can provide compensation for any damage claims, it does not cover damage to the company鈥檚 reputation, which could suffer significantly from negative press coverage.
Why is risk management important?
Risk management allows a company to plan for unexpected events and identify potential problems before they stop a project or process.
Problems are inevitable, especially in a large enterprise with many moving parts. These simultaneous operations depend on one another. For example, a manufacturing department can鈥檛 function at full capacity unless the logistics department can deliver the proper materials.
The sales department, in turn, can鈥檛 deliver products on time if the manufacturing is delayed. Meanwhile, the corporation will have to pay operational costs and employee wages even though everything has slowed or even stopped in these departments.
Enterprise risk management focuses on proactively dealing with these vital operational issues so they don鈥檛 cause a complete shutdown.
For example, one solution for the manufacturing supply shortage could be keeping a backstock of inventory. Or the company might consider working with multiple suppliers or trucking companies in case one can鈥檛 deliver on time.
ERM also helps companies deal with the unforeseen. Some disasters, such as the COVID-19 pandemic, are difficult to predict. Even companies that saw the virus coming had no way of knowing how severe it would be or how governments would respond.
In such cases, ERM requires a disaster recovery plan, which outlines steps to get operations back online and limit downtime. While problems like COVID-19 are rare, natural disasters like storms, earthquakes, fires and floods happen more frequently.聽
What factors are considered in enterprise risk management?
Enterprise risk management methodology involves identifying, assessing, tracking and addressing the dangers associated with running a corporation or organization. Often, this management involves evaluating risks that can come from different areas.
Unexpected and unpredictable dangers, such as natural disasters, are one important area of risk for organizations to consider.
Bad actors are another danger. Not only does ERM seek to mitigate risks that criminals pose, but it can also help address problematic internal activities, such as fraud by employees or executives.
Liability risks are also important for companies. These can include malpractice or faulty products or service, harm to workers on the job, and a failure to comply with relevant laws. Companies typically rely on insurance to deal with liability issues. However, ERM strategies can also include internal checks, quality controls and automated record-keeping and documentation that can help limit problems.聽
ERM can even address the risk of not taking action. For example, suppose auto companies decide to invest in electric car research and development. In that case, it could be a risk for one brand to ignore this possible trend and continue to focus on producing traditional fossil-fuel-powered cars. The risk is that they will fall behind their competitors and require years of product development to catch up.
The role of cybersecurity in risk management
Cybersecurity is a聽growing concern, and therefore has become a major focus of enterprise risk management professionals. Cybersecurity breaches can be expensive and significantly damage a company鈥檚 image. This is especially true of firms that maintain databases containing sensitive customer information.
The other risk factor with cyber operations is work stoppages due to poor network performance or ransomware attacks. With so many processes requiring a network connection and IT infrastructure, an issue with a company鈥檚 computer systems or servers can cause major damage 鈥 not just in terms of liability but in terms of the ability to continue operations.聽
Cybersecurity education at 爱污传媒
Whether you鈥檙e seeking to gain a basic understanding of cybersecurity or you鈥檙e a working professional looking to expand your skill set, 爱污传媒 offers online course collections and bachelor鈥檚 and master鈥檚 degrees in cybersecurity.
- :聽This course collection can help you prepare to sit for the EC-Council Certified Ethical Hacker (CEH) certification exam. Topics include the phases of ethical hacking, recognizing weaknesses and vulnerabilities of a system, social engineering, IoT threats, risk mitigation and more.
- :聽This course collection can help you prepare to sit for the EC-Council Certified Incident Handler (ECIH) certification exam. This specialist certification focuses on how to effectively handle security breaches once they have occurred.聽
- :聽This course collection can help you prepare to sit for the entry-level EC-Council Certified Network Defender (CND) certification exam. Courses focus on protecting a network from security breaches before they happen.
- Computer Hacking Forensics Investigator Course Collection:聽This course collection can help you prepare to sit for the EC-Council Computer Hacking Forensics Investigator (CHFI) certification exam.聽You鈥檒l learn about the latest technologies, tools and methodologies in digital forensics, including dark web, IoT, malware, the cloud and data forensics.
- Bachelor of Science in Cybersecurity:聽This online program teaches skills such as security policies, network security, cybersecurity and more.
- Master of Science in Cybersecurity:聽This online program explores such skills and topics as cybersecurity, security policies and network vulnerability in depth.
ABOUT THE AUTHOR
A graduate of Johns Hopkins University and its Writing Seminars program and winner of the Stephen A. Dixon Literary Prize, Michael Feder brings an eye for detail and a passion for research to every article he writes. His academic and professional background includes experience in marketing, content development, script writing and SEO. Today, he works as a multimedia specialist at 爱污传媒 where he covers a variety of topics ranging from healthcare to IT.
ABOUT THE REVIEWER
Currently Dean of the College of Business and Information Technology,聽Kathryn Uhles has served 爱污传媒 in a variety of roles since 2006. Prior to joining 爱污传媒, Kathryn taught fifth grade to underprivileged youth in 爱污传媒.
This article has been vetted by 爱污传媒's editorial advisory committee.聽
Read more about our editorial process.
Read more articles like this:聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽聽
