2. Why ERM?

Question 1

What are the characteristics of a silo-managed org?

Answer 1

• Variety of definitions and classifications being used
• Diff documents used to record risks in diff dept
• No centralised record of risks faced by whole org
• No appreciation of total risk after allowing for interactions
• No stated risk appetite
• Same risk being managed differently in diff depts
• No account of diversifying effects when deciding how to manage risks
• Diff tools for assessing and measuring risk
• No senior staff member with responsibility for considering risk as whole
• Lack of reporting to board on risk due to inability to do this in structured way
• Risk not being considered when making strategic business decisions.

Question 2

Why might silo approach still be used?

Answer 2

• If RM has never been considered holistic, likely it will have been carried out on an ad-hoc basis, as and when necessary…
• … may have led to diff approaches being taken by diff departments
• Many of operations are divided along departmental lines e.g. staffing, budgeting etc. So silo rm fits this way
• Managers in some departments may be unwilling to cede control of their RM to a central risk function …
• … and see this as a loss of responsibility
• If acquisition or merger, diff parts of business may not have integrated well and past RM prevailed

Question 3

What are some potential sources to implement ERM?

Answer 3

• Past management failures
• “near-miss: within org
• High profile disaster in similar orgs
• Criticism or demands from regulators and auditors
• Other stakeholder concerns