Recent Disasters Reveal the Importance of Risk Management at All Levels

As a result of our increasingly interconnected world, one negative event can set off a chain that reverberates throughout an entire organization. Reacting after such an event may be too late, according to Eugene Ha’s recent article where he pointed out the serious effect on the automobile industry after the industry’s supply chain was cut following the Japan earthquake and tsunami in March.

“As the leading approach to managing and optimizing risks, enterprise risk management (ERM) offers businesses the ability to align its risk ‘appetite’ and tolerance with its business strategy,” Ha wrote. “As a result, management can better manage risk ‘opportunistically’ — they can identify events that could have an adverse effect, determine whether the benefits outweigh the risks, and develop an action plan to manage them. In other words, proper risk management allows organizations to examine and evaluate opportunities and create value by taking risks carefully.”

Ha recommends the following four tips for those creating an ERM program at any level:

1. Start at the top. Begin with executive management and cascade down to the organization’s business units.

2. Develop a manageable “risk universe.” Management should conduct an enterprise risk assessment by identifying critical risks, including financial risks, legal and regulatory risks, operational risks and strategic risks, among others.

3. Create an action plan. Create an action plan that defines and prioritizes each risk. Then identify activities for effective risk management. Keep this effort as simple as possible.

4. Evaluate risk management activities. After evaluating existing processes, decide how much added capacity is needed to achieve risk management objectives. You can do this by performing a gap analysis of current and desired capabilities.

While creating your risk program, keep in mind that low-risk disaster scenarios should be included. According to an article by Neil Schoenherr, recent natural disasters around the world have focused attention on the methods and processes used by businesses to manage risk.

Unfortunately, low-probability disaster scenarios don’t get enough attention and are often overlooked by businesses, according to Stuart Greenbaum, management expert at Olin Business School, Washington University in St. Louis.

While speaking at a recent conference, Enterprise Risk Management and Corporate Governance for Insurance Firms in Lille, France, Greenbaum stressed the importance for businesses of all sizes to consider all potential disasters and risks inherent to their operations.

“Herein lies the behavioral side of ERM and the most basic motivation for formalizing the management of enterprise risk,” he said as quoted in the WUSTL Community article. “ERM is a process, and effective ERM is all about process integrity. Thus, we can think of ERM as protection against the inclination to ignore those risks that are most menacing and inchoate. ERM elevates vigilance and thereby reduces the probability of calamitous events. But, it does more, much more.”

Greenbaum recommends that businesses think of ERM not only as a process, but also as a frame of mind. “It is a collective assertion that the organization will bring its best talents to bear upon the challenge of avoiding surprises that threaten sustainability,” he said.

For more information about risk management, visit:

For more information about devoting more attention to low-probability disaster scenarios, visit: