The entire organisation is well prepared and able to perform with confidence and agility in the face of unpredictable events and shifting economic conditions. Emerging technologies, surprising moves from competitors, market uncertainties, natural disasters, even potential internal scandals, are managed timely and effectively. From the board of directors and C-suite executives to frontline employees, people understand the risks the company must deal with and apply that understanding to make decisions. Employees are updated regularly on fresh insights and shifting business conditions that affect operations. They must work collaboratively and are asked for solutions to missteps, not blamed or punished for them. Management, starting with the board, consistently demonstrate through their own actions and behaviours, the importance of risk awareness, management and collaboration.

This is what a sustainable risk management process looks like. We use the word ‘process’ intentionally because successful sustainable risk management (SRM), as opposed to the garden-variety, and far more common enterprise risk management (ERM), is not a project or a program with a defined beginning and end. SRM is an integrated attitude and set of policies, procedures and measured outcomes that are embedded deeply and thoroughly enough in a company to become second nature. For many companies, the ability to sustain risk management can require a profound holistic cultural shift across the enterprise. And that is why SRM is so valuable.

The fate of ERM

ERM is hardly a new concept. For years, federal agencies, insurance companies and debt ratings services have required companies to show that they include risk management in their goals and decision-making processes. Many companies have responded by establishing risk management officers and departments that report regularly to management. These reports are used, to widely varying degrees, to help reach operational and strategic decisions and objectives.

Apr-Jun 2015 Issue

Crowe Horwath LLP