One Easy Way to Enhance Your Strategic Planning
Identifying and responding to risk is a challenging job, since new threats are constantly emerging and old ones can change or unexpectedly reappear. When the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its comprehensive Enterprise Risk Management: Integrated Framework in 2004, it provided a valuable tool for dealing with organizational threats. In the ensuing years, organizational approaches to risk have advanced and matured, and the nature of risk has steadily evolved.
In response, COSO has released an updated framework to better address the current environment. The new document, Enterprise Risk Management: Integrating with Strategy and Performance, is focused on ensuring that enterprise risk management (ERM) is not simply an agenda item, but something that’s embedded in an organization’s strategic decision making. The new framework is intended to drive changes in setting and implementing organizational strategy in several ways.
- Positioning ERM as crucial to strategy setting. The framework, by its very name, emphasizes the importance of integrating risk with strategy to enhance performance. The framework notably describes the key aspects of this integration, starting with the importance of ensuring that a chosen strategy aligns with the organization’s mission, vision and core values. Organizations should then consider implications of the chosen strategy, as well as the risks related to whether or not the strategy delivers intended outcomes.
- Focusing on identifying potential opportunities through ERM. Organizations use ERM to mitigate risk—and in doing so they may also uncover new markets, customers, processes, vendors or lines of business. The new COSO framework considers the importance of uncovering opportunities to improve organizational strategy and performance. For example, a company looking into the risks that might threaten its goal of sustainable revenue growth, might identify changes in customer preferences that lead to the identification of new types of services not currently offered in the market place.
- Describing how ERM helps identify and manage entity-wide risks. Those working in one area of the organization may be unaware of a potential risk that originates in another part of the company. The framework’s entity-wide approach to risk identification and management is designed to address that problem. For example, client trading-related risks in one part of a financial services organization may be similar to a risk identified in the company’s own proprietary trading practices, thus creating a more significant risk to the organization.
- Showcasing how ERM can reduce performance variability. If an organization can anticipate risk, it will be in a better position to create an effective response that prevents business disruption and mitigates related losses. These actions are critical to achieving performance goals. The framework also notes, however, that variability in performance such as performing ahead of schedule or forecasts, can create equally disruptive challenges if not well managed. ERM can help manage this risk.
Discover the Framework’s Value
An ERM process that’s fully integrated into an organization’s strategy setting and day-to-day decision making will greatly improve both its near term performance and achievement of its longer term goals. Use of the updated framework is not required, but I would urge organizations to review the changes it proposes and consider the value they can offer.
Suzanne Christensen, CPA, Treasurer, Head of Investor Relations & Risk, Invesco Ltd. Suzanne leads the firm's enterprise risk management efforts and works to further identify, monitor and manage key risks within Invesco’s business.
Dominoes courtesy of Shutterstock.