Understanding the Essentials of Enterprise Risk Management
Welcome to SMB Matters. I am Jennifer Wendel at TriNet, where I’m an expert in Enterprise Risk Management. This podcast series takes a close look at the latest news and trends on a variety of topics related to running a successful small and medium sized business.
Blockbuster. Polaroid. Netscape. What do these entities have in common? They’re all fan favorites of Millennials but faced the most dynamic existential threat we have seen since World War II, the internet.
McDonalds. Boeing. Blue Bell. What do they have in common? They are all entities whose Boards and/or Executives have been sued within the past 5 years due to failed risk oversight and, ultimately, reputational damage that will live in the memory banks of several investors and customers who suffered losses, ranging from millions of dollars to lives.
Signature Bank. Silicon Valley Bank. ChatGPT. What do these have in common? They all remind us to expect the unexpected.
Enterprise Risk Management, also referred to as ERM, is a discipline that focuses on identifying, assessing, and managing risks across an organization. It serves to provide organizations with a broad lens on risks that are deeply interdependent across people, processes, and systems. ERM considers operational, financial, legal, strategic, and technological factors and operates very much like “The Wellness Doctor” of the organization. Think of your organization as a human body.
It has a nerve system, circulatory system, digestive system, muscular system, amongst others. The strategy you set for your life determines your diet, activity, and overall wellness. External factors like air quality, water quality, and access to quality health care can also be critical to your health. In identifying, assessing and managing risks, ERM’s role is to say to its leaders, “there are potential threats and opportunities you might encounter to various systems in pursuit of your goals and objectives, so a targeted, proactive approach to managing all systems will optimize your performance”.
The early identity of ERM was not always as broad as it is today, however. “Risk management” has always been a part of business operations, but it was typically siloed within individual departments such as finance, insurance, and safety. These departments would manage risks specific to their areas of expertise, but there was limited coordination or integration across the organization. Many times, this is still the case for small to medium sized businesses.
It wasn’t until the late 1990s and early 2000s where we began to see several high-profile corporate scandals and failures, such as Enron and WorldCom, that highlighted the need for a more holistic approach to risk management. These events resulted in demands for greater transparency and accountability.
By the mid-2000s, organizations began to adopt formal frameworks that provided guidance on implementing ERM. Regulators also enforced the need for ERM through its requirement for a formal ERM program for U.S. financial institutions and for some government-sponsored enterprises.
Fast forward to 2008 and the global financial crisis further emphasized the importance of effective risk management with a stark diagnosis: The crisis exposed weaknesses in risk management practices, leading to a renewed focus on ERM within non-financial sectors.
Today, ERM continues to be a dynamic and evolving field. Advances in technology, increased data availability, and emerging risks such as cybersecurity and climate change are shaping the future of ERM, driving organizations to develop more robust and forward-looking risk management programs.
In a most recent survey conducted by the North Carolina State’s ERM Initiative , it was noted that approximately 25% of small and medium sized businesses have a formal ERM program. While not unconventional, this does not indicate that such businesses aren’t performing risk management activities. For all organizations, no matter the size, there is a great deal of opportunity that exists in considering risks as part of long-term strategies and avoiding operational surprises. Target is a great example of how risk can be rewarding for a threat that was once mutual to many small to medium sized enterprises.
I’m sure by now, we all have learned to keep a stock of toilet tissue after the pandemic related supply chain crisis sent us all scrambling for it, but Target figured out a way to keep its shelves stocked during the 2021 Christmas season.
Through the use of predictive analytics, Target began connecting the dots between customer purchasing trends and potential challenges it might face in meeting demand. The challenges they identified included manufacturing disruptions, trade restrictions, and labor shortages. As a result, they became proactive with their corporate health, honing in on the exact systems that could cripple one of their most profitable seasons of the year. They simply turned their risks into opportunity. They used responsible-sourcing, supply chain transparency and emphasized ethical conduct to prepare for the emerging risks that lied ahead. As a result, they far exceed their growth in sales for the 4th quarter of 2021.
While your companies may not have a formal ERM program, the goal of sharing the history of ERM and the examples provided is to shape your renewed focus on how risk is discussed within your organizations. It is intended to encourage you to become more aware of your organizational health and to adjust your diet as needed. My hope is that you revisit the potential for existential threats because, above all, we know that disruption is coming fast and your ability to provide strong risk oversight for your company has become more critical now than ever as the threat landscape expands and exposes more opportunity.
I would like to leave you with three questions to help you challenge your risk awareness and broad thinking of risk:
- Does your current company strategy address the most likely existential threats to be felt by your company within the next 3 years?.
- Where might there be risks to your company that are overlooked as opportunities? and
- What business partners might you leverage in better understanding the risks to your industry?
Thanks for listening to SMB Matters. If you enjoyed this show, please leave a review on Apple Podcasts, Spotify, or wherever you listen to your podcasts. And please share it with a colleague or make sure to subscribe to our newsletter at TriNet.com/Insights. Also, we’d love to hear from you so please feel free to drop us a line at SMBMatters@TriNet.com. SMB Matters by TriNet is committed to providing small and medium sized businesses with timely and relevant insights.
Legal Disclaimer:
This podcast is for educational purposes only. With decades of experience supporting small and medium-size businesses, TriNet has unique insight into HR best practices for businesses. TriNet does not provide legal, tax or accounting advice. The materials in this podcast and the options and opinions expressed herein may not apply to your company or scenario, so you should consult with your own advisors on how best to proceed. Reproduction in part or in whole is not permitted without express written authorization from TriNet.
