Taking an Integrated Approach to Risk

For many executives at midsized companies, risks are the stuff of nightmare: unforeseen bolts from the blue that can strike at anytime, anywhere.

How can you possibly defend your company against such dangers? The answer lies in seeing risk as part of a continuum that includes day-to-day operations, and integrating risk management into your management plan overall.

“Ultimately, the risk management process ought to tie to business management and performance management, because if it's isolated, I don't think it's going to be effective,” says James Lam, president, James Lam & Associates and author of Enterprise Risk Management: From Incentives to Controls. Lam suggests thinking of strategic, financial, or operational risk in terms of a bell curve. “In the middle of the curve is your expected performance. But there are risks that could drive the performance of the business either for better or for worse. You need to understand what those drivers are, how to measure them, and how to manage them.”

Answering four key questions

Rather than treating the tails of the curve—risk and opportunity—separately from its center, Lam recommends considering the entire spectrum as a whole. Similarly, since risk extends across the boundaries of functional silos (think of the impact of severe weather on operations, sales, and procurement, for instance), it makes sense to take an integrated approach.

“There are four basic questions that any business needs to ask when developing a risk-management program,” Lam says. “The first question is, who makes what decisions within the company? Who is the de facto chief risk officer? Is it the CFO, the CEO or someone else?”

The second question involves understanding the risks and being able to quantify them: What's the company’s exposure to energy prices?  To interest rates?

“The third question may be the most important,” Lam notes. “What risk-management strategies or decisions should we make? Implicit in this are questions such as: What’s the right level of insurance coverage? Should we hedge interest rate and foreign exchange risks? If things do go wrong, do we have the right skill sets?  Do we have sufficient liquidity to be able to absorb a risk event?”  And for risks you accept, how should you price your product or service to compensate for them?

The fourth question, Lam notes, is, “How do we monitor and report?” That means establishing metrics to measure and anticipate risk, and deciding how that information should be disseminated across the organization.

“Midsize businesses generally have owners or senior executives that have very good judgment and manage risks prudently, even if they don’t have a formal risk-management process,” Lam concludes. “What a more formal process would help them do is take what is implicit and make more it explicit.” 



On a scale from 1 to 5, with 1 being 'Not Good' and 5 being 'Excellent', how would you rate this article?

Press enter to submit your rating

Rate this Article

Use this form to provide additional feedback based on the rating you provided.

Thanks for Rating

Would you like to provide feedback?

Thanks for your feedback!

This information is general in nature and is provided for educational purposes only. Regions makes no representations as to the accuracy, completeness, timeliness, suitability, or validity of any information presented. Information provided should not be relied on or interpreted as accounting, financial planning, investment, legal, or tax advice. Regions encourages you to consult a professional for advice applicable to your specific situation. Regions neither endorses nor guarantees any websites or companies referenced in this article that are not owned by Regions.