All organizations, regardless of what they do, are faced with risk—not just external risk but many internal ones as well. Some are large and require active avoidance and mitigation plans. Others are small enough to be accepted without worry or distraction. Not all risks are necessarily bad. Positive risks can create new growth opportunities—if you are ready to seize them.
Enterprise Risk Management (ERM) is a relatively new integration of strategy, operations excellence, risk management and contingency planning that “deals with risks and opportunities affecting value creation or preservation.”[COSO] Rather than simply dwelling on the negative aspect of risk, ERM instead starts with a focus on the strategic objectives of your organization. From there it looks at—
- What internal and external factors can obstruct success (and how to plan for respond to these)
- What Opportunities can be exploited to advance your objectives (and how to take advantage of these)
- How to estimate and prioritize these (for optimal use of attention and resources)
- How to structure and position your organization to respond to risks and opportunities most effectively
- How to keep awareness of your environment (and your resulting plans) up to date
At Oulixeus, we have developed a proprietary ERM framework that supplements standard ERM frameworks (such as CAS, COSO) with STEER analysis, the SOAR model and lessons learned in our work in strategic planning, operations excellence, operational risk management and business continuity planning. We have found integration of the SOAR model particularly effective due to its use of median (vs. mean) values for forecasting and business modeling—especially for situations with binary outcomes, such as winning an account (or losing it), or gaining expansion financing (or being denied).
Just as importantly, we believe that simplicity is best. ERM (with it diversity or frameworks, taxonomies, probability models, regulatory assessment, response plans and more) can get quite complicated. By keeping risk management clear and simple, we can more easily involve the input and expertise of a broader number of people in your organization. As a result, our framework for risk management can be taught to teams in less than one day (and requires nothing more technical than Microsoft Excel). With an additional few days of work we can show you how to combine it with our Decision-based Governance Model to enable you to easily manage risk at the right levels of your organization.
We would be happy to show you how to do this. Take a look at our published work on risk and…