What is the difference between Risk Management and Enterprise Risk Management?

Risk is “the uncertainty about the world and uncertainty expressed by probabilities related to the observable quantities (Performance Measures)” (Aven 2003). Risks are classified as (Van Greuning & Brajovic 2003):

• Financial: credit, currency, market, capital etc.

• Business: legal, regulatory, country, etc.

• Operational: fraud, damage, information, products, etc.

• Event: political, contagion, etc.

According to Simmons (1999) there are some causes for financial losses such as expansion, cultural pressures, reduced controls, lack of communication of business values, learning systems and concentration on information. Today, banks, for example, have transformed a reactive RM into a strategic discipline, which adds value through the learning, risk analysis and solutions as part of the day-to-day business (Meulbroek 2002, Sharman 2002, Liebenberg & Hoyt 2003, Banham 2004).

In fact, the RM concept has evolved to ERM. ERM has been defined (Dickinson 2001) as “… a systematic and integrated approach to the management of the total risks that a company faces”. Brown (2001) identified the processes such as risk identification, measurement, monitoring, control and application. And, some of the failures in risk management suggest three  main causes (Marshall 1996): dysfunctional culture, unmanaged organizational knowledge and ineffective controls. On those causes is where Knowledge Management and Enterprise Risk Management can act.

  Some specific reasons were presented in the failure of some risk management structures showing the need of an integral view of risk across the organization, for example:

•          Expansion: American Express the growth affected the operations. Fast expansion, faster than the capacity. The knowledge support was minimum. (Simons,1999)

•          Culture: The Banker Trust expansion reduced the quality of the product presentation to the clients, the reason was: cultural pressures. There was a lack of information flow and the products were not well understood. The culture of avoiding bad news reduced the possibility of finding solutions to errors. (Simons,1999)

•          Controls: Barings Bank’s failure is related to the creation of early warning systems and the relation of a work environment of rewards and recognition creating business difficulties. A short term performance view and internal competition contributed to the bad results. (Simons,1999)

•          Understanding what is happening, the complexity increment, transaction creation, control lack, information management and cost as the only important factor to manage, reducing the capability to react in difficult and opportunity times. This complexity and the cost of knowledge show the need of managing the understanding and use of information rather than information itself (Sutcliffe and Weber, 2003).

•          Communications of business values in an understandable way which people can embrace. Possibly the identification of off-limits actions was not clear.

•          Stimulation of a learning system in order to review processes and to discuss the results and adequate diagnostic control systems