The business environment is full of risks and uncertainties. With the improvement in information technology, the level of risks has increased in the modern environment. Particularly, the issue of cyber-attack is one of the key concerns to the management of organizations. However, after reading these two articles, it is evident that enterprise risk management is not a simple task as most people think. The five resilient points noted from these two articles are related to the complex nature of enterprise risk management. Firstly, enterprise risk management is a process, not an event or an action. According to George (2013), enterprise risk management should be a continuous process which is monitored both from the internal and external environment of businesses. This view is also supported by COSO (2004) who posits that risk management must be integrated into to the firm's purpose, mission, and vision. This argument is crucial because it makes organizations to be always prepared for any occurrences.
Secondly, enterprise risk management is a collaborative process. Despite the senior management being mandated with the task of assessing, evaluating and preventing risks and uncertainties, they are supposed to collaborate with other industry players. This point is vital because it insists on the collaborative nature of management in addressing risk and uncertainties. Thirdly, it is evident from the articles that to comply with the available risk management regulations does not imply that an organization is safe. Risk management is an active process which cannot be defined by laws. In this respect, management should be actively be involved in minimizing risks. In fact, risks are not static and need new strategies for their suppression every time.
Additionally, it is evident that enterprise risk management is tied to a firm’s profitability. As George (2013) points out, risks can affect the efficiency of business operations. In this respect, it is vital for enterprises to conduct a cost-benefit analysis of their risk management measures and their effectiveness. This opinion is essential in amalgamating business operations with risk management measures. Remember, the role of a business is to create value for its owners. However, this value cannot be attained without suppressing risks. Finally, it is apparent from the articles that effective communication is key in enterprise risk management. Each industry and enterprise face unique risks. However, there are common risks like cyber-attacks. In this case, communicating and consulting with experts and industry players about a risk can aid significantly in eradicating it. This view retaliates on the argument that risk management is a collective action. In fact, this point is vital in enhancing networking in the management and business world.
- The articles focus more on the role of management in enterprise risk management. However, what is that role of the government or its institution in enterprise risk management apart from policy implementation and enforcement?
- According to the articles, the management shoulders much of the blame when there are poor risk management strategies resulting in a data breach. However, they also maintain that risks and uncertainties are not static. In this case, which is the best way to ascertain who is to blame in case of a data breach?
COSO, 2004. Enterprise Risk Management-Integrated Framework. S.l.: The Committee of Sponsoring Organizations of the Treadway Commission.
George, T., 2013. Risk and Compliance—For Better or Worse?. ISACA JOURNAL, Volume 4, pp. 1-4.