What Is Risk Management About?
We know that financial institutions' risk management processes failed miserably in the near meltdown. Certainly effective risk management is critical to financial firms, but it's also important more broadly, as every company must deal with risk. It's well known that being in business is about accepting risk—what's essential is to know what the risks are and how to manage them to achieve business goals.
While many executives and directors have some knowledge of risk management and what's called enterprise risk management, I've seen firsthand that many continue to struggle in understanding exactly what they are, why they're needed, and how they work. In this chapter, we seek to provide clarity and insight into the whats, whys, and hows, with a particular focus on enterprise risk management.
Why bother with enterprise risk management? Well, among other things, ERM can help companies—at both the strategic and tactical levels—enhance risk-response decisions, reduce operational surprises (and related losses), identify and seize opportunities, and enhance deployment of capital. It's used by companies in deciding, for example, whether to invest in new product development, exploit new markets, or open new sales channels. It helps executives make strategic decisions, like whether to expand brick-and-mortar retail outlets or enhance Internet capabilities, or whether to migrate to enhance legacy systems or advance to a new technology platform. And ...