Search This Blog

Sunday, December 12, 2010

Enterprise Risk Management

Enterprise risks are those that disrupt normal business operations and threaten its continuity. These risks can emanate from within or outside the organization and can assume varied forms and intensity. Some examples of enterprise risks are:
  1. Changes in regulatory and statutory environment
  2. Changes in business conditions
  3. Changes in products and technologies
  4. Changes in customer demand
  5. Controversies related to regulatory and statutory violations
  6. Controversies related to misconduct by executive level employees
  7. Mass exodus of talent
  8. Poor quality of products and services which impacts the customer demand and hence the revenues
  9. Breaches related to confidential business data especially those that put customers and suppliers at risk
  10. Loss of customers and market territories
Business organizations need to define and deploy an enterprise risk management framework for taking care of above risks. An effective enterprise risk management is composed of following activities:
  • Proactively establish preventive mechanisms and controls to reduce the likelihood of risks impacting business operations and continuity and in case risks materialize then mitigate or lessen their impact
  • Aggressively implement plans to address risks when they occur to ensure minimal impact on business operations and continuity
The various industry-recognized models and standards (like ISO 9001, ISO 27001, CMMI, SOX 404, etc.) provide the building blocks for establishing an enterprise risk management system in the organization. They basically ensure preventive mechanisms and controls are established so that the likelihood of risks impacting business operations and continuity is reduced and in case risks do materialize then their impact is mitigated or lessened.

The need of the hour is to take an integrated approach while deploying industry-recognized models and standards (like ISO 9001, ISO 27001, CMMI, SOX 404, etc.). These deployments should be viewed as essential elements of enterprise risk management system which ultimately ensure that normal business operations don't get disrupted and the very continuity of business is not threatened in any way.

Popular Posts

Blog Archive