Monday, January 4, 2010

Universal "Risk" Care

I recently wrote an article discussing how Internal Audit Department is leveraged in the Enterprise Risk Management (ERM) Process. (http://www.webcpa.com/news/Staying-Power-ERM-Internal-Auditing-52502-1.html) While I was excited to get the word out, many of my "non-financial" friends had no idea what I was talking about. So, for my first blog, I want to dedicate some time to help explain the Enterprise Risk Management.

This is my version of ERM for Dummies.

There's been lots of talk about in the media about universal health care or health reform. The concept can possibly be translated in ERM. You can say ERM is the "universal health care for a company." So, I call it "universal risk care". ERM is a process to help gauge the pulse of a company--how is the company doing and how to manage the risks its facing? Is the company doing well? aka -- does the company have a common cold, a flu, or worse-yet is it terminal?

We go see our primary care doctor (a specialist) for an annual checkup, talk about symptoms of our current illness, talk about preventative care, etc. Well for companies, these health checks are risk identifications--what are the symptoms of the company that may cause the company to suffer. As we identify these symptoms, we can then identify how to treat these symptoms, determine the impact and how long will they last, and what to do to prevent these symptoms from recurring.

It is important to get advice from a specialist. We tend to try to self diagnose ourselves and failed to cure our symptoms. Or yet, misdiagnose entirely. Our symptoms may recur or even get worse. So my question is 'Why waste your time self diagnosing and not be effective?" Companies should look to a specialist to provide an independent and objective assessment and knowledge. Additionally, companies should not overlook their annual checkup.

As consumers, we select our health coverage based on a number of criteria--cost, benefits, coverage, etc. Analyzing our situation and how much we want to spend on insurance, we have come up with a tolerance to covering our symptoms. Our risk tolerance is based on the amount of premium we want to spend on coverage. So when we go in for a doctors appt,we understand that we will pay a co-pay and/or pay a % of those items that may not be covered. ERM provides for that same transparency, as companies identify their risks (symptoms), they are aware of how to response and how best to treat the symptoms and how much financial loss they may occur.

This is a very simplistic way to view ERM. Keep in mind: ERM has many facets and there is not a one size fits all.