ENTERPRISE RISK MANAGEMENT

Risk management is a combination of organized systems, processes and procedures that identify, assess and mitigate risks in order to protect the organization, its strategies and objectives.

An actual efficient and effective system of Risk Management plays a significant role in reducing the exposure of potentially
unfavorable events.

The terms effectiveness and efficiency, often used indistinctly as synonyms, actually reflect two distinct concepts. Effectiveness indicates the ability to achieve the set goal, while efficiency evaluates the ability to do so using the minimum essential resources.

Within a corporate setting, Risk is managed through a wide range of formal and informal systems, which reflect corporate culture, the areas in which it operates and the external factors that influence them. (jurisdiction, laws, regulations and competitive forces).
Each organization adopts different Enterprise Risk Management models (ERM).

Our company is inspired by and shares the “Risk Management Standard” of F.E.R.M.A. (FEDERATION OF EUROPEAN RISK MANAGEMENT ASSOCIATIONS – https://delpup.files.wordpress.com/2007/08/standard-di-risk-management.pdf) and adopts the principles set out in the standards:

– ISO Guide 73:2009 Risk management – Vocabulary
– ISO 31000 Risk management — Principles and guidelines

THE RISK MANAGEMENT PROCESS

FIG.1 ISO 31000:2018
Risk management – Principles and guidelines

PRINCIPLES OF RISK MANAGEMENT

The primary aim of risk management is the creation and protection of corporate values, through improving performance, encouraging innovation and supporting the achievement of objectives.

The principles that contribute to this aim, if placed as the foundation of the risk management process, should allow the company to manage the effects of uncertainty. They prescribe how a risk management process should be in order to be effective and contribute to the definition of the entire strategy of the organization and its conscious development.

The ISO 31000: 2018 standard indicates 8 principles of Risk management that an organization should use to effectively manage its risks and achieve its objectives.

1. Integrated with the other activities of the organization, at the level of governance
2. Structured and comprehensive, with the ability to give consistent and comparable results
3. Customized based on the organization and its objectives
4. Inclusive, involving stakeholders, with the ability to count on awareness and a wider vision
5. Dynamic, timely, in order to agiley respond to changes in context and/or the organization
6. Based on the best qualitative information available, whether it’s historical data, current evidence or future forecasts
7. Comprehensive of human behavior and cultural factors, which influence the organization at every level
8. Constantly revised in terms of continual improvement

Source: ISO 31000:2018

RISK MANAGEMENT OBJECTIVES

The principles of Risk Management outline objectives to pursue:

manage uncertainty (both the upside, opportunity, downside, threats)
minimize waste and losses
manage capital effectively
exploit opportunities by understanding the associated risks

The positive aspect of risk is that risk-taking can offer opportunities that can help an organization achieve its strategies and goals.
This means taking risks to generate a positive result rather than protecting or maintaining what already exists avoiding serious adverse incidents.

Failure to effectively manage risk can expose an organization to adverse events, such as:

damage or loss of assets
injury to personnel
damage to reputation
reduction in earnings or turnover
limited investment gains
damage to property and estate

RISK AND REWARD

It is almost impossible to function without taking risks, and there can be no reward or progress without risk.

OPPORTUNITY = (RISKS + STRATEGY) = RISK MANAGEMENT