The topic of Enterprise Risk Management can seem quite confusing, especially since there is a good deal of misinformation floating around. In “The Top 10 Enterprise Risk-Management Myths,” Gordon Burnes of NewsFactor.com discusses some of the most common myths of Enterprise Risk Management. The article is a good read for those interested in ERM, although we should point out that it is (like most information on ERM) still heavily IT/Financial focused. A couple of the myths speak directly to the premise behind MyRiskControl.com:
Myth Number 7: You Can Manage Risk Only from the Center
No one is likely to argue that strong, central risk management is a bad thing. Unfortunately, many organizations make the mistake of investing only in a centralized function because it’s too difficult to federate, and they don’t know how to push risk management to lower levels of responsibility in the organization. It’s a classic issue of consistency vs. quality of information.
But, accurate information lies at the business line level. Organizations must augment their centralized risk management efforts with localized, distributed data, and the only way to reliably and cost-effectively do that is to invest in automated technology solutions.
Along this line of thinking, he continues:
ERM needs to be deployed bottom-up so that business managers are the first-line managers of risk, embedding enterprise risk management within the day-to-day business processes of the firm. They must understand the risk/reward trade-offs involved in their own decision-making. Risk management should create a bias for action, surfacing problems as they arise and empowering the entire organization to be risk managers. (more…)