For those of you unfamiliar with construction terminology, mud is synonymous with concrete. But, for the sake of those contractors reading this post, I wish it was synonymous with something that didn’t “set up,” like snow for instance. You always know that snow will melt and set you free.  Unfortunately, many construction companies are stuck in the mud, so to speak, by the way in which they are operated.  As the world progresses to more sound methods of operating businesses, such as adoption of Enterprise Risk Management (ERM), I certainly hope construction doesn’t stay stuck in the mud.

In this post, I’ll give some background on the growth in Enterprise Risk Management and how it relates to the construction industry, and explain why adopting an Enterprise Risk Management philosophy for running your construction business is a wise decision. I say philosophy, because at its core, ERM is a shift in thinking, a shift in managing your business. It applies best in high risk industries, like construction, which have high failure rates due to persistent failures to recognize and mitigate risk across the entire business.

Enterprise Risk Management Growth

In a 2001 survey, Enterprise Risk Management: Implementing New Solutions, it was noted that 41% of the public companies surveyed indicated that they were currently implementing some form of ERM program.  As a result of Sarbanes-Oxley Act (aka SOX, the compliance requirements set forth after the Enron debacle), that number has been climbing ever since.  Why?  Quite simply, the rules of the game have changed for public companies.  They must now prove they have strong internal controls, complete intregrity and systems to manage all risks they face.  Unexpected “surprises” are no longer accepted; they now have swift consequences.  Given this environment it’s no wonder that Enterprise Risk Management (ERM) is being adopted by public companies at an ever increasing pace.

In the United States, the Securities and Exchange Commission, as well as the U.S. Federal Reserve and the American Institute of Certified Public Accountants, are demanding more accountability from corporate directors in terms of identifying risks and developing systems for managing them.  The National Association of Corporate Directors is encouraging audit committees to expand their scope of risk management reviews. Dunn and Bradstreet has released software to provide ERM Solutions. Standard & Poors, one of the largest credit rating companies of businesses worldwide, has announced that it is now including questioning about a company’s ERM practices to determine ratings for credit.  This rise in expectations requires a level of risk management knowledge and capability not found in many organizations so companies are scrambling and reacting to institute risk-based controls.

But how does all this apply to private companies that don’t have to worry about compliance issues brought forth by SOX? Plainly stated, ERM is not just for the “Big Guys” anymore.  As Tim Ling, president and chief operating officer of Unocal, stated: “I think you will see almost all companies over the next few years moving in the same direction [as we are], really trying to integrate the notion of risk management with the notion of just business management. To me, running a business is all about managing risk.”  Essentially, managing risk is really about properly managing a business, and therefore managing risk can create shareholder value if done correctly.  Thus, ERM is now seen less as a reactionary requirement to regulations, and more as just plain old good business practice.

Why Contractors make good Candidates for ERM

But you may question, does ERM apply to contractors? The answer is yes… more than ever. Since ERM best fits companies in high risk fast moving industries, contractors are prime candidates for adoption. Let me explain some of the reasons why:

Abundance of Risk - There are so many risk factors in a construction business that it is hard to manage them all. In essence, a contractor is like a juggler, typically having a ton of balls in the air, each being a problem that needs to be solved. Unfortunately, the functioning of the company is usually last priority. Since money is made or lost in the field, solving problems in the field typically takes precedence over solving problems in the company.

Tight Time Constraints – As every contractor knows, the construction industry moves at a million miles a minute. Since it moves so fast, it is very difficult to implement risk controls, or in other words, fix internal problems. The industry is very competitive, margins are small and great pressure exists to keep overhead down. So if overhead is already stretched thin and key management personnel are focused on solving problems in the field, there is simply not much time or human capital to get risk controls implemented. An internal problem may get temporarily addressed and go away for awhile, until many months later when it pops up again and everyone looks at each other and says “didn’t this happen before,” and the cycle repeats itself.

Insufficient Knowledge – Since contractors are so busy, do they have time to learn? If they don’t have the proper guidance, do they know the options available to improve the function of their company? The answer to both questions is usually no. Unfortunately, since they are so busy, they don’t have time to seek out those professionals who can give them advice, and to compound matters, Enterprise Risk Managers who understand the construction industry are hard to come by.

Unstable Controls – During day to day activities at a construction company, internal problems often come up and management will conclude that “we should do something about this.”  Unfortunately, the pressure to constantly meet day to day deadlines in a fast moving environment does not allow management sufficient time to methodically establish a plan to install risk controls effectively, and even if installed, management does not have time to perfect or monitor the control to assure it remains in place. As a result, a “quick fix” is often used as the solution. However, when a risk control is quickly put in place there usually is not enough thought behind it.  Therefore it simply does not stick, especially when not monitored.

All of these characteristics make contractors great candidates for ERM. So let’s talk about the how ERM can actually overcome the challenges for implementing risk controls as stated above, namely: the abundance of construction risk, the time constraints upon management, the insufficient knowledge about ERM and unstable controls.

How ERM overcomes the challenges for implementation of risk controls

ERM establishes a culture. First and foremost, ERM establishes a new corporate philosophy, a change in thinking toward a risk-based mindset, not only amongst management, but amongst all in the company. If nothing else were to be accomplished, just this mind shift alone is of huge benefit. When people realize how the company’s ability to make a profit can be put at risk directly by their work, there is a behavioral change. Not only do they realize the impact of their work, but they also gain a feeling of just how valuable they are, how valuable their work is, and how their work can be part of the company’s success. Since it is well documented that bottom-line performance can be largely attributed to employee fulfillment, an ERM approach to running business certainly has its benefits.

ERM creates root level accountability. The ERM methodology enables management to deal effectively with problems, even though an abundance of risk may exist. The accountability for mitigating risk is spread to all levels in all departments and therefore the responsibility for implementing controls is not just up to time-strapped management, but up to everyone.

ERM relentlessly drives improvement. Persistence, that’s the word. ERM does not go to sleep after a risk control is put in place. It relentlessly monitors the controls put in place and persists to uncover new risks. Risk is forever changing and new risks arrive on the scene all the time. The ERM process fully incorporates a “risk-sensing” mindset by constant reassessment and monitoring to validate current controls as well as address new risks.

Takeaway

In short, ERM addresses an abundance of risk by following a systematic process that educates the workforce on elements of risk within their area of responsibility, empowers them to individually install risk controls which are then monitored within the process to make sure the controls remain fully in place, thus creating a “no surprises” management environment.  Without an ERM framework, the failure to recognize risks or to mitigate known risks can make it difficult to compete, financially weaken the company, and potentially jeopardize its future.

So there you have it. ERM is being adopted worldwide and it is a perfect fit for construction. It will just be a matter of time before you will be expected to run your business with a risk-based approach. In fact, the banks and sureties are already asking contractors, “who handles enterprise risk management for your company?” Do you want to be the company that lags behind in understanding and taking action on business risks, or do you want to be a survivor in today’s fiercely changing and competitive environment? As to the ultimate question: “Should I personally get engaged in a risk-based mindset and adoption of ERM,” I leave you with some final questions.

· What can happen to create value in your company?
· What can happen to destroy value in your company?
· What degree of confidence do you have in the outcomes?

Think about it. Many will conclude it’s wise not to be “stuck in the mud.”

The construction industry is full of unending challenges, requiring high energy and constant problem solving.  The company owner is like a juggler with 50 balls up in the air (potential problems); if any drop (actual problem) it could cause all the rest to drop as well (total problem i.e. business failure).

The large amount of potential problems, combined with low industry margins,  is undoubtedly a major reason the construction industry has one of the highest failure rates (right up there with restaurants).   Unlike companies in most industries, though, contractors usually don’t fail because of poor products or service.

Why Contractors Fail

Sure there are some cases, but in general, contractors don’t fail because of poor construction.  Most contractors build a decent building.  After all, they have to follow rigid design specifications and plans and have to undergo inspections.  So if they don’t fail because of poor building practices, then why do contractors fail?

In simple terms, it is because of poor business practices.  Many construction companies are started by project managers without specific schooling in running a business.  They know how to run a job, but haven’t been taught to run a construction company. To compound matters, there isn’t really much formal education offered in running a construction company.  Frankly, there should be a college major for it.

Finding the Root Causes of Failure

Every company has a bunch of business practices, and if those business practices are properly in place, the company will maximize its ability to make a profit.  All those business practices (or things you need in place) are called risk factors.  That is the heart of Enterprise Risk Management…

Every process, practice, system, procedure, or activity that takes place in a company must be working perfectly to maximize profitability. Obviously, this sort of perfection is impossible, but it is (or should be) a goal for every company.

So, I started on a quest to uncover the root causes of business failure. I began by identifying all of the major contributing causes for loss based upon my years of experience and sought out publications and other professionals who could serve as resources for further adding to the list.

I knew that all causes of loss could be fixed by putting a business practice or control in place and that if those controls or practices weren’t in place, it could cause a business to fail.  Conversely, having all the necessary controls and practices in place would provide a business with the greatest ability to generate profits (to maximize profitability).

With a greater understanding of how controls impacted profitability, it became clear that the effectiveness of existing controls at a company had to be assessed to determine the degree the company was at risk of failure. This is, in fact, what the Enterprise Risk Management process does and what risk management was intended to be long ago.

Reactive Management

Just like financial advice is sought after a portfolio has shrunk or a financial dilemma has occurred, and business analysts are brought in after a company has lost money, I spent my early days as a consultant patching up systems or procedures in construction firms that were disheveled. In fact, a large amount of my time was spent on complete turn-arounds.

Proactive Management

Enterprise Risk Management identifies potential causes for loss well in advance so they can be addressed before harm occurs.  This is a large shift from the thinking of fixing problems once they occur.  That is the beauty of ERM.  It prevents problems by recognizing weaknesses while they can still be corrected.  That said, most contractors continue to unknowingly risk profits by failing to inspect systems and controls that could cause future problems.

I encourage any contractor interested in preventing problems rather than patching them to consider adopting an ERM process and the philosophy of enterprise-wide risk management.  It’s a sure way to strengthen business fundamentals and maximize potential profit.

This week’s Case ‘n Point will focus on the risk of misleading financial data. As our real-world example will show, inaccurate accounting can cause poor management decisions that ultimately hurt a contractor’s bottom line.   In a quick informal survey, I asked several members of our community what information they gather to make decisions. Every contractor said that financial statements are either the first or second resource of information.

Business functions across the gamut are tied to financial statement results: everything from hiring, equipment purchases, salaries/bonus, financial credit, to surety credit. For this reason, many of the risk factors in the category “Accounting Procedures” have high importance for contractors. We could easily make the case that financial statements have (or at least should have) the greatest influence on a company’s decision making.  

The Risk Victim
Conway Remodeling, Inc. (CRI) is a relatively young contractor who has been in business for six years. CRI has historically performed 80% residential and 20% commercial remodeling. Commercial projects are relatively small and almost never consist of more than two or three units of an office building.

During the most recent year, CRI took an opportunity to perform a large commercial project. Instead of the common two or three unit remodel, CRI was in charge of remodeling an entire five story office building. Since the commercial work was more sizable, management felt the carpentry work, which was typically subcontracted out, could be self-performed.  Using historical financial statements, management determined that the carpentry could be performed at a profit.

The Risk Impact
CRI’s management relied on their historical financial statements to make a decision, which is usually a good practice; decisions should be made by gathering the most information available.  However, just because a company has prepared financial statements does not guarantee that the information is accurate. The financial data could be of poor quality and relying on incorrect financial data is just as bad as guessing.

As is the case with many small contractors, CRI did not allocate some indirect costs to projects or to their labor burden rate.  Instead, the costs were kept as General and Administrative because they were not believed to be significant.  When management determined carpentry would be profitable, they used financial statements that didn’t properly allocate workers’ compensation premium to each project. Thus, they didn’t realize that the carpentry work would add significant costs and was not as lucrative as expected. If management had the correct labor burden rates and allocated costs correctly, they would have determined the margin was too small and continued to subcontract out carpentry.

The Lesson
As CRI’s workers’ compensation insurance policy came to a close, the insurance carrier came in for a final audit to determine the audit premium. Overall revenue had grown only slightly, so CRI expected the audit premium to be rather small. However, there was a fundamental change in the structure of CRI’s operations. Almost twice as much in wages was paid as a result of self-performing the carpentry work. Thus, workers’ compensation insurance was going to be twice as expensive and this would all be reflected on the final audit. CRI was shocked to learn that their audit premium for workers’ compensation was $30,000 and, as standard, was due in 30 days.

We mentioned that financial statements are the linchpin for decisions throughout the entire company. In addition to performing the carpentry work, CRI had made several other bad decisions based on the financial statements. Additional labor was hired, not enough cash was banked to cover the audit premium, slightly higher Christmas bonuses were paid to reflect what appeared to be a good year, and more commercial jobs were bid using the estimates from the last job.

In the above exhibit, CRI would have made a better decision if they used high quality financial data. By installing two controls, CRI could have had high quality financial statements:

1. Performing a monthly insurance audit: The monthly audit makes adjustments to the premium in order to reflect the year-to-date difference in estimated and actual wages. 
2. Use approprate labor burden rates: If CRI’s accounting system tied the indirect cost of workers compensation to wages paid, the calculations used to estimate profit margin would have signaled management to subcontract out the carpentry work. 

If both controls were in place, either would have sent off a red flag early in the project, or even before the project was bid. Unfortunately,  many contractors don’t install these controls until they are burned the first time.  

We can’t overstress the importance of controlling your “Accounting Procedure” risk factors. Our Free Construction Business Analysis reflects this same level of importance. Many contractors who perform a Business Analysis expect to score very high. However, they often receive lower than expected scores due to weak accounting procedures. Strengthening the business practices that control accounting procedures will have a large impact on decision making and help ensure that more earned revenue is sent directly to net profit.

Today I met an individual who asked what I did for a living. I was somewhat distracted and mumbled the word “risk management.” As I regained my focus this gentleman said “Oh, you’re a risk manager. I’ve had trouble with my Workers’ Compensation…” and he began to talk about insurance.

This was a prime example of the perception surrounding the terms “risk management” and “risk manager,” and how they’ve been equated solely to insurance coverage and insurance professionals in the past.   I’ve witnessed this misrepresentation of the terms so many times that I felt not just inspired, but a public obligation, to write this article and help clear the confusion with the terminology that began long ago.

PASSING THE SMELL TEST

In the early 1960’s, two professors, Robert Mehr and Bob Hedges, developed the concept of Enterprise Risk Management. These two could easily be called the Godfathers of Risk Management. They published the first text to fully address the subject of business risk, “Risk Management in the Business Enterprise.”  The book introduced how risk management of an entire business could maximize efficiency, which would result in greater productivity. The basic premise was that all business risks should be managed, not simply those that could be “insured.”

Suffice it to say that over time, the term “risk management” began to take on a more limited meaning, referring just to insurable risks (for a slightly more elaborate outline see history of enterprise risk management). Now, some 45 years later, many large public firms are finally returning to the original roots of risk management. The Risk Managers of these firms manage the risk exposures of the entire business, not just those risks that are insurable. Mehr and Hedges would be very happy about this if they were here with us today. And, I might add, this helps put my mind at ease as well.

You see, having been heavily involved in construction for much of my lifetime and having witnessed many different construction business failures, it became evident to me that the causes for each failure all boiled down to risk. However, it never seemed to make sense that insurance brokers and agents called themselves risk managers, especially since they only provided a form of management that addressed insurable risk. It just never sat right with me. First of all, they really didn’t address anywhere close to all of the business risks that exist. Second, out of all the business failures I had witnessed, none were the result of having too little insurance or poor loss control procedures. When I finally came to understand how risk management evolved over the years it was somewhat of an awakening.

THE ENTERPRISE RISK MANAGEMENT PROCESS

Robert Mehr and Bob Hedges came up with the steps for the risk management process, and the basic form is still in practice to this day:

• Risk Identification (Identify all the risk factors; all the possible causes for loss in a typical company)
• Risk Analysis (Analyze the risk; assess and measure the potential for loss in the company to be examined)
• Risk Response (Determine what to do; either assume, transfer or reduce the risk)
• Risk Control (Implement internal controls to reduce or transfer the risk)
• Risk Monitoring (Select a method for monitoring results and put it in practice)

As originally intended, risk management would encompass management of the entire business enterprise; hence, the field became known as Enterprise Risk Management (ERM for short). ERM requires examination of all risks that an organization faces and applies directly to four distinct types of risk: Operational Risk, Financial Risk, Strategic Risk, and Hazard Risk.

For the most part, only hazard risks are insurable.  Thus, insurance brokers should have called themselves hazard risk managers instead of just “risk managers”.  Now, with the reemergence of ERM, traditional insurance-based “risk managers” are being pushed into a wider arena of risk management, one that incorporates all other areas of business risk, many new forms of risk analysis, and a wider array of risk control mechanisms.

The primary challenge of expanding risk management across the enterprise is that, because it involves so many different aspects of an organization’s operations, traditional insurance-based risk managers (who focus only on hazard risk) are simply not qualified as enterprise risk managers. They simply don’t have the experience or expertise necessary to have a firm grasp of all aspects of a business, and there are already signs they are losing their hold on the “risk manager” title. In fact, the fastest growing position in the business world today is that of Chief Risk Officer (CRO). As ERM continues to filter down from public companies to smaller and smaller private companies, you can expect a CRO type individual to become part of every management team. After all, the adoption rate of the ERM process has already reached 40% in public firms.

In order for risk managers to evolve from insurance minded professionals to ones who understand the risks of an entire business enterprise, they will have to learn the language and the approach of each business area, either alone or as a team. If they are to act as a team, the team leader will need to have a basic understanding of all the steps involved in the entire process of risk management and the methodology used in each business area. Clearly, traditional risk managers will need to obtain additional skills to be involved with enterprise risk management.

TYPES OF RISK MANAGERS

There is no doubt Enterprise Risk Management is making its way from large public firms to firms in the private arena. It is being dictated by credit providers of large public firms as a result of Sarbanes-Oxley and, given the current credit environment, may soon be expected of private firms too. It may not be long until ERM becomes an expected and necessary way for all companies to operate.

Since risk management has expanded to cover risk across the entire enterprise, one of the largest challenges has been finding individuals capable of understanding and managing such risk. Since insurance agents or brokers who only provide insurance advice to their clients do not fit the bill, corporate decision makers only have a couple options:

1. Salaried employees who can learn to manage a wider scope of risk for their company than traditional risk managers (often chief financial officers or treasurers); and
2. Independent consultants who provide comprehensive Enterprise Risk Management services.

Individuals who perform at this level are called CRO’s. They are in very high demand today and typically are drawing salaries even higher than the CFO. As time progresses, I expect that there will be a lot of CRO’s working on a consultancy basis since smaller firms won’t be able to find, much less afford individuals qualified to identify, assess, and control all of the risks in a business enterprise. Obviously, such individuals must be very specialized in a particular industry to serve their clients well.

To choose the best type of risk manager for their companies, corporate decision makers must now consider the potential increase in profits that the adoption of the Enterprise Risk Management process can bring. For those early adopters, employing an experienced professional in Enterprise Risk Management is the key to real benefit. If that person is a consultant, he can be used as the de facto enterprise risk manager who can be relied upon to retrain traditional risk managers already on staff so they can gain the full knowledge of how to control risk across the enterprise. As time will tell, the true risk manager will not be the traditional insurance professional who addresses Hazard risk, but will be the individual who can address Operational, Financial, and Strategic risk as well. That is how risk management is evolving and what is expected of a risk manager in many companies today.

Thus, will the real risk manager, please stand up!

By:  David F. Druml, ERM Specialist a My Risk Control, LLC

Excerpts from “Journal of Risk Management of Korea Volume 12, Number 1” D’Arcy, Stephen P., Professor of Finance, University of Illinois at Urbana-Champaign, May 30, 2001

The certificate of insurance description box must read: “Jake’s General Contracting is named as general liability additional insured.”

Top of page 1

THIS CERTIFICATE IS ISSUED AS A MATTER OF INFORMATION ONLY AND CONFERS NO RIGHTS UPON THE CERTIFICATE HOLDER. THIS CERTIFICATE DOES NOT AMEND, EXTEND OR ALTER THE COVERAGE AFFORDED BY THE POLICIES BELOW.

Top of page 2

If the certificate holder is an ADDITIONAL INSURED,  the policy(ies) must be endorsed. A statement on this certificate does not confer rights to the certificate holder in lieu of such endorsement(s).

This weeks Case ‘n Point (and first ever) reveals the painful truth about being too relaxed with risk control. The lesson of our story illustrates how Enterprise Risk Management is shadowed by its own success. As always, the names of those involved have been changed.

The Risk Victim
Xcavator Inc has been in operation for just under a decade. Its strong reputation places it on top of local GCs’ calling lists when excavation and grading work is needed. Unfortunately, management is a bit closed-minded to installing risk control procedures.  Xcavator Inc has been lucky during its last few years of growth and has grown a little cavalier, mostly due to effects of the success paradox. But all games of Russian Roulette must come to an end.

The Risk Impact
While grading for a public works project, Xcavator Inc hired a third-party to off haul dirt from the construction site. The expense for off hauling dirt wasn’t part of the original contract, but Xcavator received a verbal change order from the public agency’s construction manager to incur the extra cost.

The bill for off hauling came to $20,000 and Xcavator Inc added the additional expense to its next invoice. But the public angency rejected the extra cost, stating that it hadn’t approved the change order. Xcavator Inc tried to produce a valid change request, but since the order was verbal, none could be produced. And to compound matters, the construction manager who had given that verbal order was no longer with the agency.

The Lesson
Faced to absorb the $20,000 expense, Xcavator Inc management set out to lay blame. Ultimately, the superintendent had blame for ordering the hauling company to begin work. With proper controls, there should have been at least two responsible parties: the superintendent making a request and the project manager approving the request.  Lack of a written change request should have been a red flag for one or the other responsible parties. This weakness would have been uncovered by the MyRiskControl system during a review of the Contract Non-compliance risk factor.

This story helps illustrate how Enterprise Risk Management shadows its own success. Xcavator Inc learned a hard lesson. Whether it begins to get serious about installing risk controls has yet to be seen. But even if it does, the reward for installing controls after a disaster is greatly reduced. However, if the controls were in place from day 1, we would never know the value Enterprise Risk Management can have.

“These factors don’t matter.” Those were the words I heard after presenting a contractor with a proven list of over 65 risk factors that can impact a construction company’s ability to make a profit.  He gave the list back to me with 20 risk factors circled and told be the rest were of no consequence. If I hadn’t previously run a number of construction companies and closely observed hundreds more, his words may have cast doubt.  But I knew better.  Some risk factors are certainly less important than others, but they all can play a roll in causing business failure; even seemingly unimportant risk factors can interact with one another to have a large impact.

With respect to business, a risk factor is defined as an activity, practice or condition that can cause financial harm. Risk factors vary by industry.  For example, smoking is a risk factor in the medical world, specifically related to the health of an individual. It does not apply to a construction business. Likewise, failing to have a job cost system in place is a risk factor related to a construction business, but certainly is not a risk to an individual. Risk factors are also different across businesses. A risk factor related to overstocking perishables in a restaurant due to poor inventory control does not apply to construction. Poor humidity control is a risk factor in a flower shop but not in a restaurant.

As you can imagine, there are many different types of risk factors and for the most part they are specific to an industry.  Some risk factors are really important because the harm they can cause is great.  Other risk factors are of lesser importance because the harm they can cause is not so great, thus having a smaller impact. To actually determine the impact a risk factor can have (its importance), takes years of case study. But suffice it to say, importance varies.

(more…)

This title seems especially appropriate following the recent Beijing Olympics. But today we are not talking about Chinese culture, we are talking about qualitative data and quantitative data, risk data and financial data, causes for success and causes for failure. What do these have in common? As the Chinese definition goes, they are two complimentary qualities that, when put together, form the whole.

At the end of the day, business is about achieving profitability, which is defined as the ability of an enterprise to generate revenues in excess of the costs incurred to produce those revenues and is often measured by a rate of profit or rate of return on investment. Credit underwriters also seek to achieve profitability, and that means avoiding large, unforeseen losses. To maximize profitability, underwriters need to find the optimal balance between premiums charged and risk present.

Unfortunately, as discussed in The Risky Game of Credit Underwriting, underwriters are often working with insufficient, inadequate, or obsolete data so measuring the “risk present” becomes quite a tall order, and many times involves outright guessing. They have no way of knowing where the applicant lies in the ERM – Business Success Matrix. Fortunately, with the advent of a standardized mean to collect and analyze qualitative data, most of these underwriting deficiencies can be overcome. In this post, we’ll discuss how qualitative and quantitative data fit together to form a complete picture of an applicant during the credit underwriting process.

(more…)

Companies usually find themselves in one of four quadrants of the ERM/Business Success matrix:

1. A company has proper risk controls in place and is successful/profitable
2. A company does not have proper risk controls in place and is successful/profitable
3. A company has proper risk controls in place and is unsuccessful/unprofitable
4. A company does not have proper risk controls in place and is unsuccessful/unprofitable

The Success Paradox

The term “Success Paradox” has been used to refer, among other things, to individuals that are economically successful not being as happy as those less economically well-off, to the increased vulnerability of developed countries to diseases such as measles, and to the concept that an enterprise, such as a poverty NGO, can put itself out of business if it is successful.

(more…)

The topic of Enterprise Risk Management can seem quite confusing, especially since there is a good deal of misinformation floating around.  In “The Top 10 Enterprise Risk-Management Myths,” Gordon Burnes of NewsFactor.com discusses some of the most common myths of Enterprise Risk Management.  The article is a good read for those interested in ERM, although we should point out that it is (like most information on ERM) still heavily IT/Financial focused.  A couple of the myths speak directly to the premise behind MyRiskControl.com:

Myth Number 7: You Can Manage Risk Only from the Center

No one is likely to argue that strong, central risk management is a bad thing. Unfortunately, many organizations make the mistake of investing only in a centralized function because it’s too difficult to federate, and they don’t know how to push risk management to lower levels of responsibility in the organization. It’s a classic issue of consistency vs. quality of information.

But, accurate information lies at the business line level. Organizations must augment their centralized risk management efforts with localized, distributed data, and the only way to reliably and cost-effectively do that is to invest in automated technology solutions.

Along this line of thinking, he continues:

ERM needs to be deployed bottom-up so that business managers are the first-line managers of risk, embedding enterprise risk management within the day-to-day business processes of the firm. They must understand the risk/reward trade-offs involved in their own decision-making. Risk management should create a bias for action, surfacing problems as they arise and empowering the entire organization to be risk managers. (more…)