A series of events and reports acted as agents of change to corporate environments recently. The Cadbury Report defined a new approach to corporate governance of financial matters in company code. The Turnbull Review added features to company code for comprehensive risk management (RM). The 2008 financial crash showed many organizations were insensitive to several forms of risk they were exposed to and that this lack of comprehensive or enterprise risk management (ERM) exacerbated the situation.
These agents of change were catalysts to the emergence of ERM as requisite board-level accountability and responsibility. ERM is a strategic discipline to support the achievement of an organization's objectives, addressing the full spectrum of risks and managing the combined impact of those risks as an interrelated risk portfolio. ERM evolves RM to encompass all areas of organizational exposure to risk, prioritize and manage exposures as an interrelated risk portfolio rather than individual silos, and view risk as a competitive advantage.
Recent observations show a need for higher levels of ERM maturity. Key are:
• Managing risks in today's environment isn't getting easier.
• Demands for greater management focus on risks are increasing.
• RM practices in most organizations remain relatively immature.
• Organizations have some elements of risk management processes.
Companies recognize ERM as a critical management issue in the financial sector, evidenced by the prominence assigned to ERM within organizations and the resources devoted to building ERM capabilities using a basic framework from international standards, e.g., RM standard ISO 31000.
Asset management (AM) is key within ERM. Both need to operate in harmony to perform dynamic optimal trade-offs among asset performance, cost and risk. In building integrated business frameworks for both ERM and AM, other standards (Availability, Reliability & Maintainability standard ISO 50126 and Whole Life Costing standard ISO 15663) must be used. To understand the dynamics of risk, we have to know what we can expect from our assets in terms of their availability, reliability and maintainability, and at what reasoned cost versus where those same assets are within their overall lifecycle profile.
Previously, risk reporting reported the top few risks, rather than understanding the overall risk position of an organization. Risk population effects can be missed by this approach; i.e., many moderate risks outweigh the few individual large risks. An alternative approach is to evaluate the overall value at risk (VAR) and its trend over time for a more complete picture of how an organization is exposed to risk. Ranking types of risks as VAR can help the board and senior managers focus efforts on risk types that can have a bigger overall impact on their organization. Business optimization is needed to efficiently operate the configuration of an information management system (ISO 20000), and its data model is a major contributor to the success of the framework and its ongoing optimization.
Having an information system for mining data to support the optimization process is critical, as is ensuring its data quality (ISO 8000) and defining the data fields for asset lifecycle data (ISO 15926) are also contributors to the business need for the organization. An ERM system with AM underpinnings seeks to:
• Improve predictability of overall company performance via better risk management, forecasting and reporting.
• Improve real-time understanding of balance sheet risks.
• Improve corporate governance, including increased transparency on risks for stakeholders (board of directors, investors, creditors, regulators, rating agencies, etc.).
Conclusions
ERM augments AM (ISO 55000) as a key underpinning to ERM for industries that operate physical assets for income, such as petrochemicals, refining, manufacturing, water and wastewater, power generation and distribution. There is a strong, compelling case for ERM to be fully integrated with AM to increase certainty that organizations achieve optimal trade-offs. Of prime concern is a lack of deep understanding of key underpinnings. Without the foundations of AM, ERM will be largely top-down and isn't sufficiently granular to determine what needs to happen at the asset level.
For more information or to request a copy of the complete paper, contact Geake by email at peter.geake@jacobs.com.