Technological developments in diverse areas lead to expanding the capabilities of companies. It started with calculators and now to computers, the internet, smartphones, cloud-sourcing, Virtual Reality, Augmented Reality, and AI. On the other hand, companies face more rigid requirements as scandals and accidents in big businesses increase. Companies now have to take into consideration issues such as compliance, corporate governance, CSR, J-SOX (Japanese legislature on the internal control of a company), internal control, ESG, Enterprise Risk Management (ERM), etc. Without companies’ efforts to adapt to such changes in the environment -even though they are not always directly related to the main businesses-, the continuance of their businesses is at risk of large accidents and scandals.
However, without the company’s own foresight, the implementation of new systems as stakeholders demand makes the company’s activities only complex. Complexity increases the company’s perfunctory procedures. More time needs to be spent on a number of meetings and tasks on your PC. Increase in fruitless works decreases workers’ motivation. As if fighting in heavy armour, the company might be able to avoid receiving serious injuries, but it cannot fight properly because of its weight. In other words, such a heavy system might protect the company from huge accidents and scandals, but also discourage the growth of it. This will be the opposite of the purpose of the ERM.
Indeed, many organizations that implement ERM have faced issues such as:
The employees play only a passive role in risk management,
Unable to see the effect, or the effect is disproportionate to the cost of risk management,
Risk management activity misfits with the corporate operation,
Risk analysis after 2nd year does not bring up new risks,
Serious accidents continue to happen,
Grave risks remain still untreated, and
Members of secretariats cannot figure out what their goal should be.
The preceding issues typically occur in companies that changed their original work procedures to fit into the pre-packaged ERM tools. It isn’t hard to imagine companies that implemented ERM hastily with little explanation of why they need ERM to their staff, wrongly believing it can be easily managed after the staff got familiar with the ERM. As such perfunctory works increase, unproductive tasks increase, damaging the quality of the main business. Workers grow discontent and increase their distrust of the company. Hence, in developing ERM, a company’s efforts must be made to improve its organizations to be more energetic and resilient in the long run, rather than plainly implementing a cursory ERM system.
What is Enterprise Risk Management (ERM) which makes your company more energetic and resilient?
Newton Consulting, as a professional risk management consulting company, has helped many clients to implement ERM based on the idea that risk management should be able to encourage companies to be more energetic and resilient.
In an energetic company, we expect to see “honesty, lively communications, fast PDCAs, and less perfunctory activities”- key factors which seem to lack in organizations with headline scandals or serious accidents. Same would probably go for large enterprises suffering “Big Company Disease” where there are too many meetings, longer approval processes which lead to delays in important decision making.
Resiliency means the abilities of companies to flexibly respond to unexpected events. In general, companies try to avoid such events and promote risk management to recognize risks and minimize them. It is however impossible to prevent all unexpected events. This is why resiliency should also play a key role in the ERM.
【Figure: The purposes of Enterprise Risk Management (ERM) that Newton Consulting proposes】
How to Realize Enterprise Risk Management (ERM) Which Makes Your Company More Energetic and Resilient
There are three key points to realize ERM that improves your company's energy and resilience:
Develop a proper ERM framework that helps you to grasp the big picture and formulate manageable risk management processes
Maximize Utilization of an ERM database
Choose the Best Tools and Adopt a Proper ERM Implementation Policy
Develop a proper ERM framework that helps you to grasp the big picture and formulate manageable risk management processes
An appropriate framework will play a crucial role to ensure that the company’s ERM covers basic elements and leads to formulating a manageable risk management processes. COSO-ERM and ISO 31000, which are international risk management guidelines, can be one of the answers.
Newton Consulting developed an original ERM framework adopting those guidelines. We have utilized it in our company as well as in many of our clients. Below is the framework that shows all the essential components and their relationships. We call it “Newton ERM Framework” hereafter.
Newton ERM Framework consists of not only a general risk management process including risk identification, analysis, evaluation, and treatment of risks but also the company’s common groundwork and ERM culture.
Culture determines how employees react. As long as employees operate ERM, a proper culture is crucial to effectively implement ERM. However good the system may be, it would collapse if those who share it don’t appreciate the concept of it. What if members of a company aren’t willing to report newly-found risks to the managers or they lie about it? Risk management simply doesn’t work in such a culture.
【Figure: Newton ERM Framework】
With Newton ERM Framework, a company is able to formulate a manageable multiple risk management processes, avoid a lack of necessary elements, and visualize what its weak points are. For example, the diagram below shows the fundamental elements of ERM in 7 blocks, and the company can identify its issues and improve the system by assessing the performance in each block.
【Figure: Newton ERM Framework sorted into 7 blocks】
Leaders’ Commitment and Governance
Proper communication from the top management, the participation of leaders in important meetings, and the definition of board members’ responsibility pertaining to risk management.
Risk Communication Skill
Inclusion of key persons and departments for serious discussions about risk management.
Inspection and Training Skill
The practicalness and frequency of inspection and exercise on risk management activities.
Incident Management Skill
The ability to deal with incidents and prevention measures.
Visualization Skill
Visualization of risk management activities and a company’s present position and issues.
Ability to make activities Attractive
Promotion of risk management activities to enhance the commitment of members of organizations.
【The Background of Making Newton ERM Framework】
The Newton ERM framework is based on Newton Consulting’s know-how as well as internationally well-known guidelines. Newton Consulting's know-how comes from our experience of supporting nearly 2,000 clients. Major guidelines incorporated into our ERM framework are ISO 31000 and COSO-ERM.
【Figure: The foundation of Newton Consulting’s ERM】
Maximize Utilization of an ERM database
A database with risks and risk measures help an organization to improve the effectiveness and efficiency of its risk management activities.
Newton Consulting has such a database built based upon our consulting experience. With this database, we can help clients to check the comprehensiveness of the risks they identified and the validity of the risk measures they chose to implement.
By utilizing the database, we can effectively evaluate Risk Management activities in the clients’ company.
【Figure: A part of Newton Risk Database】
【For Your Reference: Characteristics of Companies Believing their Risk Management Systems Function Effectively】
Newton Consulting researched the difference between companies regarding their risk management as effective and not effective. Below is a part of its result:
《5 Common Factors among Companies who find their Risk Management Systems to be Effective》
Top management makes a strong commitment
Risk management key roles are assigned to those with proper authority and responsibilities
Risk management activities involve top management as well as those who actually need to handle risks
The risk management structure is implemented aligned with their own culture
Sufficient efforts are made to sustain the risk management to the future
Choose the Best Tools and Adopt a Proper ERM Implementation Policy
Extra care should be taken when using prepackaged ERM tools, to avoid a situation where risk management activities end up supporting the tools rather than the tools supporting the activities. One of the elements companies should consider when choosing the right tool, is whether the tool will enhance the company’s internal communication. It would be ideal if the tool can help companies to encourage managers and/or staff to discuss risks across multiple divisions/departments.
【Figure: Some examples of the Newton risk assessment tools】
There is another critical point to avoid the trap mentioned above. That is to make a consent with those who will be key persons managing risks about ERM policy before its implementation. The policy, here, stipulates what companies will value and prioritize in ERM. “We value practical activities over thick formal documents” or “we start small, make improvements through PDCA cycle gradually to achieve ideal activities” are examples of an implementation policy of ERM.
One way of clarifying a company's stance to make such a policy is to conduct a top-management interview. It is because how much risk they are willing or unwilling to take is ultimately dependent on them.
Newton Consulting also has a consulting policy to support our clients to implement their ERM as follows:
【Newton ERM consulting policy】
Newton ERM consulting policy above is to solve problems in the company at its root, rather than just taking temporary measures. After our consultation, we expect the client to operate ERM all by themselves, run fast PDCAs, and make ERM activities beneficial for the management of the company. In other words, we improve the organization from inside rather than from outside. Based on this policy, Newton Consulting proposes to do the following activities:
In order to avoid failing ERM, Newton Consulting recommends companies to keep those points in mind.
Conclusion
It is essential for an organization to be equipped with the ERM to overcome future hardships. Not only does improper ERM make it impossible to meet legal requirements, but also it could be a burden of your company, which may lead to serious accidents. How companies implement ERM makes a significant difference in competitiveness.
It is on you reading this article to make the risk management activities alive. Newton Consulting is waiting for your inquiry and ready to assist you anytime.
Contact Us
We welcome all inquiries and comments regarding Newton Consulting Ltd and our business activities and services.
Please use the Online Enquiry Form or below specified methods to contact us.
Newton Consulting acquired certification for ISO27001 and made self declaration of conformity to ISO9001.
This website uses cookies for improved user experience, web site operation and anaylsis. By accepting or continuing to browse this website without disabling the cookie, you agree to our privacy policy (currently Japanese only).
