Risk Management Blog - ClearRisk

Exploring Enterprise Risk Management and Organizational Culture: Part One

Posted by Craig Rowe on Tue, Jan 26, 2010 @ 06:01 AM

Tom Cooper is currently an Assistant Professor at Memorial University in the area of strategic management. As a member of the ClearRisk Board of Advisors, Tom’s research and blogging focuses primarily on the interplay between strategy, risk and compliance as well as their effects on corporate responsibility. This week Tom is shifting from his discussion of strategic risk to enterprise risk management and organizational culture.

As we all know, the concept of risk management is gaining prominence in both the corporate and academic arenas. This series of blogs explores the importance of how a risk culture achieves effective risk management practices. Focusing on how organization risk cultures develop, we need to consider the personal and organizational influences on risk culture.

With roots in the financial sector, risk management has embraced a more encompassing perspective to include the internal and external factors that may affect an organization’s ability to achieve its objectives. As we know, with ERM and other approaches to integrated risk management, there is a comprehensive and integrated framework for managing organization-wide risk to maximize value.

In 2004, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), developed the Enterprise Risk Management – Integrated Framework to assist organizations in managing risks. While building upon its earlier internal control framework, the ERM framework provided organizations with an encompassing approach to recognizing and managing risks. According to COSO,

“Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives” (COSO, 2004, p. 2).

Effective implementation of ERM or any integrated risk management system requires a holistic method to risk identification, management, and mitigation. To achieve this, COSO argues that businesses must create an appropriate risk management culture in all levels of its operations. There are different definitions of risk culture and in many situations, risk culture translates specifically into a health and safety culture. However we believe that risk culture refers to an organization’s corporate culture and its view of strategic enterprise-wide risks.

It is important that organizations consider the importance of how a risk culture achieves effective risk management. Understanding how organizational risk cultures develop, and more specifically, what are the personal and organizational influences on risk culture is important for managing all categories of risk.

More from Tom:

ERM Resources from ClearRisk:

Sources:

Committee of Sponsoring Organizations of the Treadway Commission (COSO). Enterprise Risk Management – Integrated Framework (Executive Summary). Retrieved January 25th, 2010 from http://www.coso.org/Publications/ERM/COSO_ERM_ExecutiveSummary.pdf

Photo via user sbrotschul at Flickr Creative Commons

Topics: risk management and organizational culture, enterprise risk management, organizational culture