Enterprise risk management is not new, but it has been gaining traction in recent years. This has been driven, to a certain extent, by the fact that ERM is becoming something of a business requirement, as evidenced by Standard & Poor’s recent inclusion of an ERM program evaluation in its corporate management and governance rating criteria.
But amid ERM’s increasing popularity, many risk practitioners remain unsure about how to get started on such a program within their organizations. After all, setting out to manage risk across the entire company is far more complex than purchasing an insurance policy. In order to provide some guidance, veteran risk managers Al Decker and Donna Galer have written Enterprise Risk Management: Straight to the Point, a practical, step-by-step guide to ERM implementation.
The book is not your typical academic treatment of the subject. Rather, it is designed to inform experienced risk managers while also remaining accessible to business unit leaders who may not have any formal risk management training but will be critical to ERM success.
Decker and Galer provide a basic risk management foundation by first defining ERM and outlining its benefits. They then delve into the five-step ERM implementation process that includes identifying and prioritizing risks, developing mitigation plans, risk monitoring and reporting, and measuring results.
The book also provides a breakdown of how an ERM program might work within specific functional units. Sections devoted to finance, human resources, marketing, information technology and investor relations—as well as a detailed case study that neatly ties everything together—reinforce the lessons in a way that theory alone cannot.
By taking the time to relate ERM to real-world scenarios, the authors make it easier, even for those who are unfamiliar with risk management, to understand how enterprise risk management works in an organization and, perhaps most importantly, why it is all worth it in the first place.