�Monitor key systems across business processes to ensure real-time iden-
tification and management of key risks. Raise alerts when key figures
reach preset thresholds (for example, a 5 percent increase in use of a
single-sourced material)
�Incorporate risk evaluation into corporate strategy and planning so busi-
ness units have visibility into key risks before it is too late
A risk management technology platform provides the foundation for stronger
collaboration and understanding across the enterprise. By having a common
set of risk content embedded in the technology solution, lines of business
managers can now manage risk by using a common system to classify risk.
Doing this drives more strategic integration across departments in managing
the interdependencies of risks. Each department is now working against
aligned risk management goals and objectives, which are enforced at the
underlying technology layer. Such a technology infrastructure can help a cor-
poration manage risk as it seeks to protect value (by monitoring and mitigat-
ing its risks) and create value (by marrying risk information to strategy).
Taking the Four Steps to Enterprise Risk Management ............................
Enterprise risk management means that risk management is not an isolated
activity: An enterprise-wide approach includes all risks and takes input from
across the enterprise. Enterprise risk management also means that risk is also
seen as a strategic opportunity, not just a tactical program to mitigate the
effect of loss events. Managing risks can be aligned with corporate strategy:
Rather than reviewing an endless list of risks and developing tactical remedia-
tion plans, risks can be proactively and strategically managed in light of what
the company is trying to achieve short-term and long-term.
With that framework in place, you’re ready to get down to the process for
enterprise risk management, which is comprised of four large steps:
�Risk planning:For each business activity, what are we trying to achieve,
what are the assumptions and constraints, and what risks do we want to
monitor?
�Risk identification and analysis:For each business activity, we identify
the risks. For each risk we look at the nature of the risk, its probability of
occurrence, and the quantitative and qualitative aspects of the risk.
�Risk response:Is there anything we can do to reduce, mitigate, or even
remove the risk? How much will this cost? What is the potential ROI of
taking this step? Who’s responsible for making sure that the response
happens?
Chapter 2: Risky Business: Turning Risks into Opportunities 53
