The Upside to Enterprise Risk Management
Large manufacturing and distribution companies have been using enterprise risk management for many years. Only recently, however, have smaller manufacturers and distributors begun considering ERM to reap its many rewards.
ERM involves identifying, assessing, quantifying and addressing all types of risks across the company – operational, human, financial, market and strategic – in order to improve the organization’s performance.
How It Works
The Committee of Sponsoring Organizations (COSO) is the generally recognized authority on ERM, having developed its well-known “integrated framework” over a decade ago. This framework identifies eight components in the ERM process and aligns them with an organization’s strategic, operations, reporting and compliance objectives.
In larger companies, the board of directors typically oversees the ERM initiative. In smaller companies, however, a management-led cross-functional team could accomplish the initiative based on a modified, scaled-down COSO framework. Depending on how your company decides to engage, a realistic action plan might include:
Identifying risks. What could go wrong? The idea here is to dig into every facet of your business and identify potential problems.
For example, consider your supply chain. Your primary parts supplier could go bankrupt or be put out of business by a flood or fire. In the human resources category, a risk might be the ability to replace skilled workers because skilled replacements may not be available. Or, consider the risk of a public relations blow to your reputation if a product fails or is deemed unhealthy by a regulator such as the FDA.
Each area of your business must brainstorm its risks – from common problems to worst-case scenarios – in order to move on to the next step in ERM.
Analyzing risks. How likely is it that these risks will actually occur? And how devastating would they be? Ranking each risk in terms of likelihood and severity of impact helps identify what’s worth the time and effort to address.
For example, how likely is it that a key product will become commoditized over the next few years? If your patent is about to expire, it might be very likely. If the product is based on new technology, you might have a window of a few years before the competition catches up.
Mitigating risks. Here’s the part of the process where you actually get to do something – or at least plan what you would do. In this stage, the goal is to create a mitigation plan for each risk identified.
Can you prevent the risk all together? Insure against it or absorb it? Does it make sense to incur costs to mitigate the risk?
For example, many manufacturing facilities have safety programs to address risks proactively, because the benefits of the risk management program outweigh the costs. But what about product liability risks? Is there a plan in place to ensure that the quality of your parts supply or inputs meets your specifications? Right or wrong, you might be held liable for poor quality products made by your suppliers.
Monitoring and repeating the process. Once you’ve implemented your ERM risk mitigation plan, it’s important to monitor the initiative to see how it’s working. Maybe new risks have popped up, or perhaps some have dissipated thanks to improved technology, market or environmental changes. Repeat the process periodically and ensure that your plan stays current and effective.
ERM is a big undertaking, but optimizing the performance of your company may be well worth the effort. Have a Barnes Dennig team member reach out to you to discuss how your company might benefit from ERM.