Enterprise Risk Management (ERM) applied to small business
Why is it that only large companies take advantage of ERM? Is there some reason that you need to be a certain size before you can use ERM?
The application of ERM to a small business produces the same advantages as a large business by allowing the small business owner to act strategically, anticipate risk events and apply resources to control/manage the risk events. This allows for a faster recovery should a risk event come to pass and less overall impact.
In working for large and small companies the main difference that I have found is the number of zeros at the end of the financial statements. The issues they face are similar, so why not use the same tools?
ERM can be scaled to meet the needs of any size company and even down to a personal level. The example I like to use in this context is a personal goal: Getting to work on time. One of the high risks I face is my clock radio alarm not coming on due to the radio station not broadcasting. The likelihood of this happening is high (4) and the impact can be high (4). Now that the risk event has been identified and rated I can continue to apply ERM by developing a risk mitigation plan (setting the alarm on my cell phone as a back-up). With the mitigation plan in place the impact of the event can now drop to low (1) because the event may still occur but the back-up plan will control the impact.
While this example can be done without formally being written down it does take you through the basic mechanics of ERM.
- Define the context (Goals).
- Identify the risk events that will prevent you from reaching the goals.
- Assess the risk events and controls.
- Implement mitigation plans to reduce the risks.
- Monitor the risks.
For a small business to use ERM it does not need to be as formal as with a large business. However, studies have found that writing down goals, and in this case the results of applying ERM, will increase the likelihood of you reaching your goals.