Today I want to talk to a little bit about Enterprise Risk Management, but not just Enterprise Risk Management, also Operations Risk Management and Credit Risk Management, or more to the point, the differences between these three.
Generally, people get these confused. Risks overlay, and they’re interconnected and so people start to lose sight of what each of these particular fields is. Enterprise Risk Management, one would think is all risk management because it’s the enterprise that you have to manage the risks for and the answer is no, it’s not.
Enterprise Risk Management is managing those risks which put the enterprise in jeopardy of failure. Not all risks that you face would put the enterprise in danger of collapse. That’s where we look at the other risk types like credit risk which of course deals with the liquidity and the credit worthiness of our counterparties and our clients.
That’s one area that may involve enterprise risk management if the potential loss is big enough to create the failure for the enterprise, but not always. The other one, operations risk management is dealing with those risks that are on an operational level, not all operational risks will lead to the collapse of your enterprise.
So for instance, if you have a banana peel in the central office, and someone slip on the banana peel and break their leg when they fall down, that’s not going to create the collapse of your enterprise, not going to create bankruptcy, it’s not going to create a huge enough loss that you will probably even feel it.
That’s where insurance of course comes in, a different topic entirely, but that type of risk should be managed on an operational risk management level locally by the department, by the office, to the silo of where that particular risk occurs. And enterprise risk is one that leads to the total collapse of the enterprise.
So, if we are looking at on an operational level things such as regulation, areas such as your entire building collapsing, your entire factory going out of business because of a physical hurricane or tsunami doing away with it. Those things will affect the survivability and sustainability of the organization, and that’s enterprise risk management. So, operations risk management we handle on the local level unless it’s going to impact the entire organization or the enterprise in an extreme adverse way.
Credit risk management is best handled by those people who understand credit risk best. The portfolio managers and the credit officers except where those potential losses could create a loss for the organization.
If we look at the sub-prime financial crisis which created the recession of 2007 and 2008, that would be a corporate governance issue, that would be a policy issue and as such that might be an enterprise risk management issue as well. But the individual loans that make up the sub-prime are not, those are a credit risk.
Enterprise risk management (ERM) are those risks which if they occur could lead to losses that affect the entire enterprise in a drastic and adverse way. Credit risk which affects individual portfolio and best left to those credit risk managers that are experts in that. And then of course the third operations risk management which unless again it affects the entire enterprise in major adverse way, is best left to the operations risk managers at the department, division or silo level.