Enterprise risk management also allows you to become more strategic and
proactive about how your business operates. By using technology to track,
monitor, and even model key risk indicators directly against business perfor-
mance, you can begin to implement change across the enterprise to increase
efficiency and improve business processes. This can lead not only to cost
savings and an improved bottom line, but also to a higher degree of perfor-
mance within your business, and a higher level of competitiveness within
your industry.
In Chapter 1, we talked a bit about compliance and how you can make sure
that you’re following all the laws that apply to businesses. By complying with
laws, you avoid fines and ensure that your business processes and policies
are effectively implemented. Profits increase because fraud is eliminated, or
at least detected and remedied quickly. In a sense, compliance — the C in
GRC — is nonnegotiable: You have to make sure that you do the things that
you have to in order to comply with regulations that govern your business.
The R in GRC, for Risk, is more strategic and its potential impact on the bottom
line is greater as well. With effective risk management, you can both help
protectvalue — your brand name, your quarterly earnings, your sales — and
createvalue, evaluating the impact of risk on strategy execution as well as
finding new opportunities and evaluating them from a risk-intelligent per-
spective. How you manage risk can literally revolutionize the way you run
your business. The R in GRC is sometimes seen as optional, after all, we have
to comply, and we have to govern well in order to comply. Not everyone real-
izes that managing risk is every bit as important. As we discuss in this chap-
ter, risk management is far from optional. In today’s environment, evaluating
everything from a risk-intelligent perspective can help you win against the
competition and protect your brand at a time when news travels around the
world at the speed of light. And because risk management takes into account
what could go wrong, your risk-adjusted strategy has a much greater chance
of being executed effectively.
Defining Risk ...................................................................................................
Riskis typically defined as the potential for loss caused by an event that can
adversely affect the achievement of a company’s objectives. That’s true
enough, but it’s only part of the story. Risk awareness can also inform strat-
egy, helping companies select the opportunities to pursue that are most
likely to succeed and that offer the most bang for the buck. That’s why we
say that risk can both help you protect value — protect what you’ve got —
and create value — help you figure out the best way for your business to go
in the future.
40 Part I: Governance, Risk, and Compliance Demystified
