In this volatile, turbulent and high risk economy the practice of Risk management plays a vital role in the corporate sector. Almost all publicly listed organizations have implemented Enterprise Risk Management practice (ERM) that has developed increased quality, effectiveness, and transparency.
The system intensive, high transaction, and automated environment makes it extremely important to put in place good Risk Management policies and procedures to ensure business continuity. If your organization has yet to put in place a formal ERM plan, here are a few points to guide you through.
1. Board members and key business executives of your organization should be engaged from the very first day. It is important to note that it is the board members, and the CEO and CFO who are personally responsible for the exposure to the risk. This will ensure executive support for your initiative, and yet serve as an educational session for these stakeholders as well.
2. Meet with the senior leaders and other direct members and build an internal list of key threats and risks. Senior corporate leaders will have some ideas into the threats because of their daily engagements and business activities.
3. List and Categorize all threats that you have learnt from your meetings. Threats normally categorized as Low, Medium, High, and Extreme. Any threat that would render your business as inoperative (or irrecoverable) should be considered Extreme. While identifying threats keep in mind that the threats do not have to me natural or confined to the location of your business. The threats can be very artificial or even unintentional as well. For instance a key employee resigns and joins a competitor, accidental deletion of financial data, or interruption of supplies from a vendor due to their financial crisis.
4. Quantify the likelihood of the threat or risk to materialize. In a professional environment or large-scale projects this is a science in it self. However for the a small implementation you can simplify this step. You can consider the following probabilities – highly unlikely, unlikely, likely, highly likely as possibilities of the threat of risk or threat to materialize.
5. Prioritize your Risk Mitigation or Management Strategy. If you have any risk or threat on your list which is categorized as Extreme and Highly Likely to materialize then this place for you to initiate your work from. Prioritize your resources and attention in this manner. Addressing risks and threats that are higher on the list first and working your way down.