Just as you try to protect your assets at home, you need to protect your business assets with the same level of awareness and care. Enterprise Risk Management, at its simplest form, is “an ongoing process to protect all business assets while achieving the organization’s vision and mission.” That’s my simple, personal definition. I thought of making the analogy of your home because you live in one. You are aware of the ever present threats that surround you. For example, the threat of a house fire if you’re not careful in the kitchen, with the grill, smoking in the house, or an electrical fire due to a malfunctioning appliance, is a real, daily threat. Then there is the threat of a flood due to an issue with an appliance or a plugged toilet or sewer. There is also the threat of theft—an intruder coming into your home and stealing physical things—the old fashion way of stealing. And, of course, there is nowadays the constant threat of identity theft and hacking into your personal accounts. Everything that can happen to your personal life can also happen to your business.
My point is that when you treat your business with the same care and have the same awareness as you have with your personal assets, your perspective changes with ERM at work. Even when you are not the owner of the company, you can learn to treat it as if it is. The moment you do that, you start asking yourself several questions such as, “Who is actually looking out for this department or that area of the company?” or you start realizing that “My area can be affected by that other area if something happens to them.” Other thoughts could be, “Wow! I didn’t know how important that department is to the survival of the entire company.”
In your home, you establish precautions, train the kids who to call and what to do in case of an emergency, create some routines such as going around the house at night locking all the windows and doors. Similarly, in your business, you establish “mitigating factors” to mitigate and hopefully eliminate some risks and you establish policies and procedures to protect your company assets from risks.
There are many articles and information about Enterprise Risk Management these days. Instead of looking the other way or saying you’re tired of hearing about it, or thinking that it doesn’t apply to your area of business, I encourage you to embrace the concept. Embrace ERM. It’s not going away and it applies to your company, not just community banks and credit unions — for profit and nonprofits alike.
A way of embracing ERM is to learn about it and not be intimidated by the term. Every company has risks. Becoming educated and then ensuring everyone in the organization is “risk aware” will ensure your company’s success in years to come. If your organization does not currently have an ERM Program, I encourage you to seek outside expertise.