Informal Versus Formal Enterprise Risk Management

Informal Versus Formal Enterprise Risk Management

November 16, 2018 Business Insurance and Risk Management, The Beacon Blog 0 Comments

The concept of enterprise risk management – in layman’s terms, thinking about challenges and opportunities as they impact your organization as a whole – may seem to be more suited to large businesses than the typical small to medium size enterprise. While it’s true that large organizations are in a better position to set up a formal enterprise risk management program with a risk assessment process, committees and a “chief risk officer”, according to consultant Carol Williams there is no “one size fits all” approach and some organizations do better by managing their risks informally.

In a recent article (https://www.erminsightsbycarol.com/practicing-erm-no-formal-program/) Williams states two things are necessary to practice effective enterprise risk management, or ERM for short. First, executives must think and discuss how risks – positive and negative – influence their decisions and planning. Second, there must be a culture of open communication.

Questions for officers and directors to consider in establishing a risk management process:

  • Does the board support management in achieving its strategic and business objectives?
  • What is the organization’s mindset related to risk?
  • How does the organization formulate business objectives? Does it consider risk in establishing these objectives?
  • Does the organization identify risks that can impact performance of its objectives?
  • How does the organization prioritize risk, identify risks, and select responses?

If your organization’s culture, actions and oversight is naturally conducive to informal ERM, developing a formal framework is not necessary and can actually be counter-productive.




About the Author

Harry Cylinder

Harry Cylinder, CPCU, ARM has spent nearly fifty years in the insurance industry, the majority of the time as a consultant. He has been employed by The Beacon Group of Companies since 2008, specializing in the review and analysis of property and casualty coverage forms. Mr. Cylinder has been reviewing policy forms as they have evolved over the past decades. In 2008 he published an article in the CPCU Journal which was the first description of cyber insurance coverage for a general insurance audience. Since that time he has regularly written on cyber and other topics for The Beacon Companies’ blog.