Major flooding issues last spring and summer in multiple communities throughout the region, in addition to the oil boom in western North Dakota and eastern Montana, shed light on why a strong Enterprise Risk Management (ERM) framework for a municipality can be very beneficial. However, it doesn’t take a natural disaster or rapid regional growth to realize value from ERM.
What is “ERM”?
ERM, in short, is the comprehensive prioritization of a city’s risks from multiple different areas. Many cities, as well as private industry, manage risks in individual silos. They look at risks separately for each department, functional group, utility, et cetera, and do not fully integrate these silos together to get a full picture of the entity’s risk management. In an ERM framework, a city’s risks are identified outside of the typical silo structure, and are determined by whether or not they fall into one of the following risk categories:
Looking at a city’s risk management portfolio from this perspective allows city leaders to identify and manage cross-enterprise risks that may not be recognized or adequately addressed. Enterprise Risk Management allows city leaders to enhance risk response decisions and align strategy with operational policy. It is designed to identify how potential events would affect a city, and how they rank within city leaders’ “risk appetites.” The ultimate objective is a framework that helps achieve goals in the following four areas:
- Compliance and awareness of applicable laws and regulations
- Useful and reliable financial and non-financial reporting
Linking ERM to disaster planning and business continuity can be very beneficial in situations such as the recent major floods that impacted our local communities. When managing a disaster, combining the efforts of multiple municipal departments can be a daunting task. An ERM framework can link a city’s disaster recovery and business continuity processes together to better address catastrophes and help the city make sound operational, strategic, and financial decisions. All cities face uncertainty, and management must determine how much uncertainty to accept. ERM provides the opportunity to build value by identifying and quantifying risk, reducing operational surprises, and minimizing losses. ERM will also provide increased confidence in decision making during critical situations.
Where to Begin?
The ERM framework utilized by AE2S Nexus is performed in six phases that are evaluated over the desired time frame of the enterprise. The time frame could be anywhere from six months to two years. That decision is determined based upon the needs of the enterprise and the time available to dedicate to the process. The phases are as follows:
- Phase 1: Identify Key Functional Areas and Establish Objectives
- Phase 2: Identify and Assess Inherent Risks
- Phase 3: Identify and Evaluate Risk Mitigation Strategies
- Phase 4: Determine Residual Risks and Gaps
- Phase 5: Provide Recommendations and Remediation Plan
- Phase 6: Monitor Performance and Solicit Feedback
Implementation of an ERM platform can be done gradually and cost-effectively. It is best to think of ERM as an ongoing process that can be reevaluated and adjusted periodically. Every level of an enterprise could benefit from ERM, so while it may take time to implement, ERM is well worth the investment.