Can governments make predictions to enable the delivery of social services and projects? Can organisations foresee potential risk events? With the correct early warning signals, the answer to both questions is YES.
A well-designed Enterprise Risk Management (ERM) framework system provides information that allows management to understand whether key strategic objectives are being met, and to adjust strategies and tactics to take advantage of shifts in the environment that might be exploited for the benefit of the organisation and its stakeholders.
Boards have become increasingly aware of their responsibilities related to effective oversight of managementâ€™s execution of enterprise-wide risk management processes. This is due, in part, to significant external pressures that have developed recently thrusting risk management and its oversight to the forefront of many board agendas and action plans. Forward looking governments and organisations now embrace ERM as an enterprise-wide approach to risk oversight.
The idea behind ERM is to provide reasonable assurance regarding the achievement of entity objectives. It boils down to being proactive, that is, pre-empting unfavorable situation(s) from occurring.
As time goes by, the range of uncertainty begins to increase, threatening the successful execution of those strategies. The early warning indicators used to measure the possible changes to a risk are known as Key Risk Indicators (KRIâ€™s). By monitoring changes in the levels of risk exposure, they are critical predictors of unfavorable events that can adversely impact organisations and prevent crises.
KRIâ€™s append themselves to the risk that has been identified, analysed and prioritised. They should be measurable. Such early warning signals tell us more about how the risk can change, how fast it can change and when it might peak or trough. Developing KRIâ€™s require a lot of data and time, but offer rich rewards in terms of helping to predict risk.
The hardest thing about key risk indicators in a business environment is to get them right â€“ this is the â€œKEYâ€ part of it. Thatâ€™s why the most important risks to the goal or objective must be picked before setting out what key risk indicators are for that risk.
Mapping key risks to core strategic initiatives puts management in a position to begin identifying the most critical metrics that can serve as leading key risk indicators to help oversee the execution of core strategic initiatives. Such mapping reduces the likelihood that management becomes distracted by other information that may be less relevant to the achievement of enterprise objectives.
Safeguarding an organization from operational, reputational and other risks, necessitates periodic and regular reviews of these KRIâ€™s. All of this is possible through an in-depth understanding of risks which will enable proper identification, establish appropriate risk indicators, and monitor performance consistently.
Developing effective KRIâ€™s mandates a thorough understanding of organisational objectives and risk-related events that might affect the achievement of those objectives.
While most organisations monitor KRIâ€™s that have developed over time, it is essential for these to be regularly evaluated for efficiency and continuously monitored to highlight potential risks. Over time, they must be augmented with new KRIâ€™s to meet the dynamic circumstances as newer risks emerge and the older KRIâ€™s become insufficient.
An effective method for developing KRIâ€™s begins by analysing a risk event that has affected the organisation in the past (or present) and then working backwards to pinpoint intermediate and root cause events that led to the ultimate loss or lost opportunity. The goal is to develop key risk indicators that provide valuable leading indications that risks may be emerging. The closer the KRI is to the ultimate root cause of the risk event, the more likely the KRI will provide management time to proactively take action to respond to the risk event.
As an illustration, letâ€™s assume that management of a company is concerned about the risk that outstanding loans may not be repaid. In this example, a possible loan default would represent the risk event that is of concern. In developing effective KRIs to help management monitor the risk of default, they may look backwards to identify potential intermediate events. For example, this might involve decreases in sales in recent months. Additionally, shortages of cash or increases in the need for short-term borrowings or draws under existing lines-of-credit may provide early warning signs that a breach may be looming in the near term. KRIâ€™s that help monitor these intermediate events put management in a better position to implement potential mitigation strategies, such as earlier discussions with key lenders before an actual covenant breach has occurred. In addition, these key risk indicators may highlight potential opportunities to increase sales or improve operations that management may wish to capture.
Using government as an example, if the deteriorating internal security due to long term economic downtime is the risk event, the KRIâ€™s to help monitor this trend could include – employment outlook for federal government agencies and government supportive businesses; forecasts related to unemployment; rising food price index; and consumer spending trends in the economy to mention few.
Designing and setting up KRIâ€™s is critical to a successful ERM process. While the potential advantages of creating an effective set of KRIâ€™s has been highlighted, it is equally important to set the design elements and protocols for their proper communication and flow within the sphere of corporate governance, all within a framework.
There is more and more movement towards sound and robust KRI systems particularly in the financial services sector driven by regulation. Going beyond regulation for all sectors and investing on sound KRI systems will bring great rewards and confidence in an age when threats are becoming more apparent, regular and severe. Once the KRI system is working for the threats, then the biggest rewards come in using the same systems for opportunities. Itâ€™s worth the time and money, after all, we use KRIâ€™s intuitively in our everyday living process.
â€¢ Mbonu, FERP, CIRM(UK), HCIB, MsRM (Stern), studied Engineering, is an experienced Banker and Enterprise Risk Management professional. Earned a post graduate degree in Risk Management from New York University Stern School of Business, and is a member of the Institute of Risk Management -UK. Can be reached on 09092092046 (SMS Only); email: firstname.lastname@example.org