After being scarred by the financial crisis, middle market company CFOs and finance departments are proactively taking the lead in enterprise risk management, the practice of identifying an organization’s unique risks. Known as ERM, this practice creates a heightened awareness of risk across organizations, with the potential to minimize and mitigate those risks.
Noting that ERM is part of sustainable business planning for middle market companies, McGladry LLP identifies it as a critical component of keeping middle market companies in growth mode. COSO (The Committee of Sponsoring Organizations of the Treadway Commission), a leader in establishing corporate risk management best practices, notes that creating processes around risk helps managers make better informed risk-based decisions.
Large corporations have invested in risk management for years; only recently have middle market companies followed suit, according to Business Insurance, a publication of Crain Communications.
Risk Management Best Practices
As a component of a growth-oriented strategy, risk management is both an offensive and defensive tactic, McGladry notes in “Keeping the Middle-Market Growth Engine Humming: Three Key Growth Drivers to Consider.”
ERM is defensive in that it seeks to minimize organizational losses that can occur as a result of both internal and external factors. It is offensive in that it provides managers with the ability to optimize revenues and earnings as a company defines acceptable and unacceptable risks.
Business Insurance identifies several specific areas where middle market companies can focus their risk management efforts. These include:
- Business continuity planning: Middle market companies face business continuity threats from a wide range of sources. By creating a robust and realistic continuity plan that includes disaster recovery or the departure of a key executive, among other things, middle market companies have the ability to respond, rather than react, to the unexpected.
- Crisis management: Crises can include a natural disaster, a public relations disaster or other emergency. Creating and testing a crisis management plan is another way to ensure that a company will have the ability to navigate a variety of difficult situations.
- Cyber threats: Data breaches are the most visible type of cyber threat that companies of every size face every day. Middle market executives are recognizing this risk and taking steps to address it with proactive strategies such as insuring against cyber risk, creating cyber threat plans and hiring in-house and outsourced expertise.
Middle market companies can also benefit from defining their parameters around risk and benchmarking risk management performance. These practices serve to define what types of risk are acceptable and what types of risk are unacceptable and how ongoing risk practices are actually stacking up to stated objectives. When middle market executives explore, identify and communicate specific risk parameters and consistently benchmark their efforts, it’s more likely that those efforts will pay off in the long term.
A final word
There’s a lot more to risk management than appointing a committee, creating some documentation and getting back to business as usual. Unless enterprise risk management practices are embedded in an organization, such efforts won’t ultimately endure, help the company avoid risks in the future or assist it in embracing positive risk to grow and thrive.