Transcript

rm_1_session2_vid03_erm

SPEAKER 1:

Enterprise risk management is really all about managing all of the risk within your organisational enterprise. It's about policies and procedures. It's about people, training, tools, and systems, and everything that joins together as a whole for an organisation. It's almost- in my head, it's almost like the governance wrapper that sits around all of the good risk management work that you're doing.

SPEAKER 2:

And it's about making sure that if you're sitting in one particular part of the company, we don't just think about the risks that relate to that part, but how do we look across what we would call silos and make sure we look at the whole picture? So if you're sitting in finance, for instance, then there may be certain risks relating to finance. But how do they relate to, for instance, when we're looking at the supply chain and people who are managing external suppliers?

And is it the fact that the finance team may be trying to keep the costs down, but the supplier teams are trying to make sure we've got good, quality products coming in? So enterprise risk management is about getting the right balance across the different parts of the company and getting the right solutions and the strongest solutions so that the company can be as strong and resilient as possible.

SPEAKER 3:

I've worked in many companies where the finance team won't speak to the human resources team, and the human resources team won't speak to the engineering team, and so on and so forth. And that information is kept within the confines of one part of the business or one function within the business.

I think enterprise risk management does well break some of those barriers, break some of those boundaries, shares that information, and makes sure that it's clear and available to the right people when they need it so they can make the best possible decisions to take the organisation forward.

SPEAKER 4:

Enterprise risk management, for me, is the umbrella that supports the management of the operational risks here, and dependent on the risk type- the management of the strategic risks here, and then starts to put linkages between the two. Now, it's not easy because, as I said, you've got to be able to try and compare like for like, and you've got to have a very good understanding of, well, if something happens down here, how might it affect this thing up there?

But that's really what enterprise risk management should be trying to achieve. It should be trying to get that line of sight across the whole business. And it's to do- and it is line of sight, is to do that early warning. Because if we can find something down here that's indicative of something potentially of a bigger thing that can affect a strategic objective, it's when it's going wrong down here at the control level, the operational level, that's the best place to be able to find it and sort it and do something with it, because it's the easiest place to deal with. What you don't want is it to be in the press. You've just fallen off the edge of a cliff. The CEO is just about to be hung. You really don't want thattohappen.