Overview
Traditionally, companies adapted a siloed approach to risk management. Responsibility for managing various types of risks was assigned to the business or functional unit with the greatest exposure.
Business risk was assigned to the operating units; insurable or transferable risk to the Corporate Risk Management Department; financial risks (market, interest rate, etc.) to Treasury; and compliance risk to Legal. Companies focused primarily on easily measurable risks. Ill-defined or ambiguous risks, such as strategic and operational risks, were often not coordinated or were overlooked. The risk management strategy for the individual risk was usually tacked onto existing business processes without a uniform approach or a common risk language.
Risks do not respect silos; instead, they often cross-pollinate and propagate. For example, an IT security breach quickly becomes a reputational risk in the form of "bad press" that in the wake of litigation turns into a legal risk and then through settlements with those wronged concludes as a financial risk. Risks that combine and cascade in this manner are seldom successfully dealt with by isolated risk managers. This resulted in Risk Management evolving to Enterprise Risk Management.
Enterprise risk management (ERM) is a disciplined and integrated approach that supports the alignment of strategy, process, people, and technology and allows corporations to identify, prioritize and effectively manage their critical risks. ERM entails the process of coordinated risk management that places a greater emphasis on cooperation among departments to manage an organization’s full range of risks as a whole from strategic – tactical –operational levels. The concept of ERM embodies the perspective that risk analysis cuts across the entire organization. By understanding all risks in an integrated framework, Transnet Freight Rail can execute proper strategies to successfully achieve their objectives and to meet their performance goals.
ERM includes the methods and processes used by organizations to effectively manage uncertainty, respond to risks and seize opportunities as they arise related to the achievement of their objectives. This is possible because ERM provides a framework for Risk Management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress. ERM Framework and Standards assist in defining a roadmap to the successful adoption of an ERM, which is designed to view risks across all areas of the business in order to identify strategic opportunities and reduce uncertainty.
TFR will strive to achieve the highest state of Risk Management i.e being a Risk Intelligent Organisation. This will be achieved by:
Establishing common risk methodologies, terminology, and metrics to ensure consistent risk management and reporting across the enterprise.
An inclusive risk scenario process designed to quickly assess risks and produce actionable cross-department risk mitigation plans.
Increasing adoption of a corporate-wide perspective on the part of risk managers while they maintain a thorough understanding of departmental agendas TFR will better manage its risks by adopting the principles of "Risk Intelligence," in which the goal of extraordinary growth is achieved through proactive risk taking, not managed risk avoidance.
The competitive benefits of Risk Intelligence include:
Improved ability to identify, assess, and act on risks by facilitating enterprise-wide collaborative risk management
Use of risk assessments to better inform strategic decision making
Reduced cost of risk management and burden on business operations
Renewed confidence and reassurance for stakeholders through more robust procedures for risk identification, analysis, and management.
In short, "the goal of an enterprise-wide risk management initiative is to create, protect, and enhance shareholder value by managing the uncertainties that could positively/negatively influence achieving the organisation's set objectives." ERM also creates value by developing, implementing and monitoring the right management strategies