The practice of enterprise risk management (ERM) is like giving your credit union an adjustable lens that offers you a wide-angle view of your entire organization and its competitive environment and a close-up look at specific risks and opportunities.
What used to simply be called “risk management” is now “enterprise risk management” to imply a much broader scope.
ERM also represents the evolution of management’s ability to assess how any credit union activity returns value to the organization, according to Tony Ferris, managing partner of The Rochdale Group. Assessing and mitigating risk are vital in that process.
“The heart of the matter is leveraging risk for opportunity,” says Ferris.
Traditional approaches to risk management looked at past occurrences that created vulnerability and losses. In contrast, Ferris says ERM now looks at what’s ahead to identify potential events that could seriously disrupt either operations or strategy.
That cost could take the form of either actual financial losses or missed opportunities from being risk-averse for the wrong reasons.
“There are opportunities staring you in the face that you might not see or might not take advantage of because you don’t understand them,” Ferris explains.
The squeeze on margins means credit unions must understand the return on investment for everything they do, not just loans and investments, he says. A good ERM program encompasses strategic, operational, transactional, and technological risk.
This enables your credit union to create a broad-based profile that measures risk in dollar terms. That will be invaluable when regulators eventually shift to risk-based capital requirements.
The ERM process
It’s a mistake to think of ERM as a formula that can be plugged into any credit union to assess risk, according to Ann Davidson, senior consultant for risk management at CUNA Mutual Group. Instead, ERM is an ongoing, credit union-wide process that involves many individuals.
“It requires extensive collaboration throughout your credit union to develop your approach and to identify and communicate about risk,” Davidson says. Elements of an ERM approach include assessing risk, developing policies, establishing controls, and monitoring performance.
While there must be an executive and possibly a Risk Oversight Committee to coordinate ERM, risk management never exists in a silo. The goal is to eliminate silos by stimulating connections and conversations that create a “risk culture” where management objectively identifies risk and manages
it through strategies such as insurance or fraud reduction.
A credit union-wide approach prevents unsafe risk concentrations in a specific area, such as real estate loans. It promotes information-sharing to rein in fraud, and it prevents credit unions from becoming risk-averse due to one individual’s or group’s perception, says Davidson.
NEXT: Culture change