The COSO Framework for Internal Control
February 12, 2025
It is rightly said that organizations are individual’s first home as one spends the maximum time here. Employees must treat their fellow workers as a part of one big family and must work together to achieve the goals of the organization. Conflicts must be avoided at the workplace to ensure that the employees give their […]
In the contemporary business environment, organizations fight the battle of competition by building their adaptive capabilities and preparedness for coping against the pressures of change. In the present scenario, top management give a lot of importance to change management process and the need for being flexible as well as adaptable for tackling the growing environmental […]
These days, the importance of Human Resource Management can not be neglected especially when companies are operating in such a volatile and unstable environment. The department plays a vital role in risk management. Needless to say, handling people is one of the most difficult tasks in the world and human resource department of any company […]
Confidence and attitude play an essential role in public speaking. One needs to be confident in front of his/her audience to create an everlasting impression. Remember, your audience would not take you seriously unless and until you believe in yourself. Nervousness only indicates either you are lying or not sure of what you intend to […]
A single brain sometimes cannot take decisions alone. One needs the assistance and guidance of others as well to accomplish the tasks within the desired time frame. In a team, every member contributes to his level best to achieve the assigned targets. The team members must be compatible with each other to avoid unnecessary conflicts […]
Enterprise risk management (ERM) is a buzzword that has been doing rounds in the risk management field for the past few years. It is often used by managers in a context that implies that it is wider in scope than the traditional risk management function.
However, the number of risk management professionals who do not clearly know and understand the differences between traditional risk management and enterprise risk management is astounding. It is for this reason that this article will enumerate the major differences between the two approaches.
Traditional risk management mostly deals with risks where the exposure can be transferred to other parties in the form of an insurance contract. In some cases, where insurance contracts are not available, derivatives and structured finance products are used in order to meet this objective. However, enterprise risk management (ERM) is wider in scope. Here, the organization tries to deal with risks that are not insurable.
For instance, if there is an accident in the workplace and some employees suffer physical harm, then the financial loss arising from the harm can be covered by insurance. However, the accident also causes a loss to the reputation of the organization. This harm is not easy to quantify and hence cannot be insured.
The enterprise risk management (ERM) considers risks that would not be admissible in a traditional environment viz. damage to the company’s social media presence, damage caused by vendor disruptions, damage caused by incorrect mergers and acquisitions, etc.
Traditional risk management is only focused on one aspect of risks. This aspect is known as the probable impact. The probable impact is a product of the probability of a risk occurring along with the financial impact of the risk.
The enterprise risk management (ERM) framework is more holistic in nature. Instead of just trying to minimize the probable impact, it looks deeper to see how the risk affects the strategic goals of the organization. Some of the common questions asked by practitioners of enterprise risk management (ERM) are as follows:
Basically, enterprise risk management (ERM) helps look at risks from a broader perspective. Loss prevention is not the only key metric and other dimensions such as timing, information, and preparedness are also evaluated.
In a traditional risk management environment, the risk is managed in a decentralized fashion. This generally means that every department discovers its own risks and makes a plan to mitigate them. These approaches may be right at the department level. However, when aggregated at the company level, these risks can often be inconsistent, contradictory, conflicting, and outright inefficient.
Risk management literature is full of cases wherein managers have inadvertently created risks in other parts of the organization while trying to minimize their own risk. Also, in many cases, resources are wasted when departments act in a silo.
A centralized risk management department is known to be more efficient and consumes much fewer resources. Another issue is that sometimes risks span different departments. In such cases, there is conflict regarding the ownership of these risks.
It is for this reason that enterprise risk management (ERM) takes a more centralized approach towards risk management. Here, decisions related to risk management are taken at the enterprise level. The purpose is not to work in the best interests of any department but of the organization as a whole.
Traditional risk management is often reactive in nature. This means that it is either reacting to an event that has taken place in the present or preventing an event that has taken place in the past. Traditional risk management relies on empirical data. However, a lot of risks are the result of newer technologies. Hence, they cannot be understood while looking in a rearview mirror.
New-age technologies create newer unseen risks and market shifts. This is whether the concept of enterprise risk management (ERM) comes into place. The emphasis is on trying to find out how the future will play out while keeping the current context in mind.
The traditional risk management process is more or less standardized. Over the years, several frameworks and models have been developed. Implementing these frameworks is a fairly standard and common process and can be easily implemented. These processes cover most of the standard risks which an organization faces.
However, there are some non-standard risks being faced by organizations as well. This is why a more customized approach is necessary for enterprise risk management (ERM). The customized approach is not focused on compliances like the traditional approach. Instead, it is a more creative function that uses creativity as well as statistical skills in order to predict the possible risks.
The bottom line is that enterprise risk management (ERM) is a wider and more advanced version as compared to traditional risk management. The differences between them are significant. With the passage of time, more and more organizations are migrating towards the use of enterprise risk management (ERM).
Your email address will not be published. Required fields are marked *