Major flooding issues this past spring and summer in multiple communities throughout the region, in addition to the “oil boom” in western ND and eastern Montana, shed light on why a strong enterprise risk management (ERM) framework for a municipality can be very beneficial.
What is “ERM”?
ERM, in short order, puts into operation, the prioritization of a city’s risks from multiple different areas. Most cities, as well as private industry, manage risks in silos. They look at risks separately for each department, functional group, utility, etc. and do not fully integrate these silos together to get a full picture of the entities risk management. In an ERM framework, cities risks are identified outside of the typical silo structure and instead are determined whether they fall into a category of the following types of risks:
- Operational
- Strategic
- Reputational
- Legal
- Credit
- Market
- Pricing
- Liquidity
By looking at a cities risk management portfolio from this perspective it allows city leaders to identify and manage cross-enterprise risks that may otherwise not be recognized and adequately addressed. It allows city leaders to enhance risk response decisions and align strategy with operational policy. It is designed to identify potential events that, if they were to happen, would affect the city and how they fall within city leaders “risk appetite.” The ultimate goal is a framework that aids in the entities ability to achieve goals in the following four areas:
- Strategy – support entities overall strategic goals
- Operations – support entities overall operations
- Compliance – support entities compliance and awareness of applicable laws and regulations
- Reporting – Useful and reliable financial and non-financial reporting
In a disaster such as these major floods that have impacted our local communities, linking ERM to disaster planning and business continuity can be very beneficial. When managing a disaster, combining the efforts of multiple municipal departments can be a daunting task. An ERM framework can link a city’s disaster recovery and business continuity processes together to better address catastrophe’s and help the city make sound operational, strategic, and financial decisions. All cities face uncertainty, and management must determine how much uncertainty to accept. ERM allows the opportunity to build value by associating risk and opportunity and reducing operational surprises and losses.
Where to Begin?
The ERM framework utilized by AE2S Nexus is performed in six Phases that are spread over the desired timeframe of the enterprise. The timeframe could be anywhere from six months to two years. That decision is determined based upon the needs of the enterprise and the time available to dedicate to the process. The Phases are as follows:
- Phase 1: Identification of Key Functional Areas and Establish Objectives
- Phase 2: Identification and Assessment of Inherent Risks
- Phase 3: Identification and Evaluation of Risk Mitigation Strategies
- Phase 4: Determine Residual Risks and Gaps
- Phase 5: Provide Recommendations and Remediation Plan
- Phase 6: Ongoing Monitoring and Feedback
Implementation of an ERM platform can be done gradually and cost-effectively. It is not meant to be a “threatening” idea. It’s best to think of ERM as an on-going process that can always be changed and addressed periodically. Every level of an enterprise is affected by ERM so it isn’t a process that happens overnight.