ACADEMIA Letters

Risk Management and Enterprise Risk Management

Sonjai Kumar

Introduction
This article discusses the differences between the risk management and enterprise risk man-
agement. Though the concept of risk management is very old, almost as old as beginning of
human existence but the concept of ERM is new around two decades old. The importance
of enterprise risk management increased over the period of time due various crisis and emer-
gence risk based capital in banking and insurance industry. The article discuss the various
factors necessary for success of enterprise risk management.

What is risk?
Risk is always about the “Future” and future is unknown therefore uncertainties are there
about the future. Risk in the simplest form may be defined as “effect on future uncertainties
on the objectives”. The uncertainty about the future may leads to the adverse outcome. So
uncertainties about the future may deter achieving the objective. It is important to note that if
there is a no objective, there is a no risk, also if there is a no future, there is a no risk. So in
order to have risk both the conditions of future and objective must be satisfied with the event
to be classified as risk.
From a statistical point of view, the objective is an expected value or mean and risk is the
actual deviation or dispersion from the mean value. Higher the dispersion around the mean,
higher is the risk. The dispersion is represented by the standard deviation.

Academia Letters, July 2021 ©2021 by the author — Open Access — Distributed under CC BY 4.0

Corresponding Author: Sonjai Kumar, sonjai.kumar-efpm@fiib.edu.in

Citation: Kumar, S. (2021). Risk Management and Enterprise Risk Management. Academia Letters, Article
2234. https://doi.org/10.20935/AL2234.

1
What is Risk Management?
Risk management is a process through which risks are identified, its likelihood and impacts
are measured, its mitigation actions are planned and risks are monitored regularly and reported
to the Senior Management.
Risk management is a tool and not specific to any sector; so this can be applied in any
sector. Traditionally, risk management are applied more in financial sector such as insurance
and banking. However, its application over the years have increased in many areas such as
energy sector, construction sector, environment etc.

Benefits of Risk Management

Risk Management helps reducing earning volatility
A study was made to investigate the effect of risk management on earnings volatility on shares
of banks listed in Tehran Stock Exchange. All 20 listed banks in Tehran Stock Exchange were
studied over the period 2009-2015. It was found that Risk management has a significant effect
on the reducing volatility of earnings of accepted banks in Tehran Stock Exchange.

Risk Management Adds value to Shareholders

It has been found that those companies that follow risk management typically add around 20%
to 30% more shareholders value.

1. This happens because investment return and pricing happens that reflect underlying
risks

2. In such cases capital earn risk adjusted return

3. In such cases, assessment of business and individual happens in conjunction with risks
that affect the objectives.

One study was made between 1990 and 1995 where ratio of market value to book value was
studied for those companies who were doing the hedging activities. It was found that more
attractive companies were rewarded with an average increase of 20% in market value

Fewer Surprises
By keeping eye on the future and regularly identifying the risks and its mitigation action, there
are high chances that there will be fewer surprises at the end of the year.

Academia Letters, July 2021 ©2021 by the author — Open Access — Distributed under CC BY 4.0

Corresponding Author: Sonjai Kumar, sonjai.kumar-efpm@fiib.edu.in

Citation: Kumar, S. (2021). Risk Management and Enterprise Risk Management. Academia Letters, Article
2234. https://doi.org/10.20935/AL2234.

2
Better decision making
Risk management help in better decision making as all future scenarios are explored before
taking the decision.

Maximize capital utilization and profit

In the academic world it has been proved that risk management helps in maximizing the profit
and optimizing the capital requirement.
The fundamental principle of risk management is value addition to the organization, through
reducing the volatility of the outcome.

Difference between Risk Management and Enterprise Risk Man-

agement (ERM)
Risk management and Enterprise Risk Management (ERM) are not same. Risk management
on the one hand is the process of risk identification and risk mitigation, ERM on the other hand
is a risk management architecture that binds the risk management across the organization. It
can be said that ERM is enabler of Companywide risk management.
As the name suggest, ‘Enterprise” means companywide risk management, a risk manage-
ment which starts at the top of the hierarchy at Board level and goes to the last employee in
the supply chain of the Company.
Risk management on the other hand is a fragmented approach followed in silos by few de-
partments. Silo risk management does not work because risks are highly correlated and cannot
be managed independently. Correlated risk refers to the simultaneous occurrence of many
losses from a single event. For example, Natural disasters such as earthquakes, foods, and.
hurricanes produce highly correlated losses: many homes in the affected area are damaged
and destroyed by a single event
There is also higher cost of management of independent risk as the benefit of diversifica-
tion of risks will not happen. For example, liquidity risk may arise due to the crystallization
of credit risk. If both the risks are managed independently, it will be very expensive; however,
if just the credit risk is managed, liquidity risk may not result.
In ERM, risk management is not done, once in a while; it is a daily part of the working
culture. In every activity that all employees are doing is to think like a front line risk manager,
what if thinking should be part of everyday culture. In ERM, risk management is not just the
work of risk function, but everyone take the ownership of the risk management.

Academia Letters, July 2021 ©2021 by the author — Open Access — Distributed under CC BY 4.0

Corresponding Author: Sonjai Kumar, sonjai.kumar-efpm@fiib.edu.in

Citation: Kumar, S. (2021). Risk Management and Enterprise Risk Management. Academia Letters, Article
2234. https://doi.org/10.20935/AL2234.

3
 So there is a great value in enterprise risk management as against silo risk management.

Accountability at Top
Under ERM, the Board at the top of hierarchy have overall responsibility of providing over-
sight by developing policies and procedures around risk that are consistent with the organiza-
tion’s strategy and risk appetite. Board also ensure that the policies approved and risk appetite
set are followed and reported back to the Board on regular interval.

• One of the key causes of 2008 economic crisis is attributed to failure of the different
Boards to execute proper risk assessment plan.

• Some of the questions raised in post 2008 economic crisis analysis were

– On Composition of the Board/Age of the members

– Relevant experience and qualification independent directors
– Infrequent meetings
– Remuneration structure not based on performance

• For ERM to be successful, Board is to play a key role in executing the ownership of all
risk management policies, oversight, action plan etc

• Without proper Board’s involvement, ERM cannot be successful

• This will based upon what should be the overall Governance structure?

Role of the Hierarchy

Hierarchical structure plays a very important role in the success of enterprise risk management

• Tone from the top at CEO level makes a lots of difference, it has been found where the
tone from the top is strong, and the Company has performed well on ERM front. A
tone from the top set right pitch and culture for embedding risk management within the
organization. Such tone from top should be a regular feature rather than one of thing.

• In a Company with good risk management embedding, a separate Risk Management

Function is required Headed by CRO to implement the risk management policies ap-
proved by the Board across the Company. The job of the risk management function is
to provide oversight risk management and help develop the risk culture.

Academia Letters, July 2021 ©2021 by the author — Open Access — Distributed under CC BY 4.0

Corresponding Author: Sonjai Kumar, sonjai.kumar-efpm@fiib.edu.in

Citation: Kumar, S. (2021). Risk Management and Enterprise Risk Management. Academia Letters, Article
2234. https://doi.org/10.20935/AL2234.

4
 • Role of CRO is implementation of risk management policies across the Company ap-
proved by the Board. The CRO is responsible for all risk management strategies and
operations, as well as supervising the organization’s risk mitigation and identification
procedures.

• The role of CRO is becoming very important at a global level as they provide inde-
pendent review and challenge of all the risks within the organization. A CRO need to
have futuristic vision to challenge the business plan, products that are priced and dis-
tributed, challenge the strategy of the Company that what are embedded risks within
the Company strategy.

• A good CRO should have following skills

– Keeping up to and well read, aware about daily events and developing risks
– Good understanding of the industry and business
– Understanding the needs of the business
– Critical thinking and consulting skills
– Good communication skills
– Technical skills
– Ability to influence,

Corporate Governance
Corporate governance is the combination of rules, processes or laws by which businesses are
operated, regulated or controlled. The term encompasses the internal and external factors that
affect the interests of a company’s stakeholders, including shareholders, customers, suppliers,
government regulators and management.
Corporate governance is a very important in the success of risk management; if the corpo-
rate governance is not strong, then risk management cannot succeed because the holes within
the corporate governance will dilute the impact of risk management or it will not let risk
management apply properly within the organization.
A typical best practice in Corporate Governance are

1. Communication with stakeholders

2. Independence of board

Academia Letters, July 2021 ©2021 by the author — Open Access — Distributed under CC BY 4.0

Corresponding Author: Sonjai Kumar, sonjai.kumar-efpm@fiib.edu.in

Citation: Kumar, S. (2021). Risk Management and Enterprise Risk Management. Academia Letters, Article
2234. https://doi.org/10.20935/AL2234.

5
 3. Board performance

4. Board Compensation arrangement

Conclusion
ERM is a binding glue that combines the risk management in a one force across the Company
and some of the factors for its success are role of the Board, tone from top, risk governance,
risk culture, etc.

Academia Letters, July 2021 ©2021 by the author — Open Access — Distributed under CC BY 4.0

Corresponding Author: Sonjai Kumar, sonjai.kumar-efpm@fiib.edu.in

Citation: Kumar, S. (2021). Risk Management and Enterprise Risk Management. Academia Letters, Article
2234. https://doi.org/10.20935/AL2234.