Michael Cannes, senior risk and assurance manager at Rochdale, shared insights about the risk environment from the perspective of a former credit union manager during the 2022 CUNA Supervisory Committee & Internal Audit Conference in Las Vegas.

Credit unions work within an operating environment that includes events that can identified in an external environment, such as economic trends, regulatory changes, and competition, as well as internal events involving people, processes, infrastructure, Cannes says.

“When these events occur as an organization is pursuing it’s strategic objectives, they become risks or uncertainties,” he says. “Risk is therefore the possibility that an even will occur and affect an organization’s ability to achieve its strategic objectives.”

Risk appetite is the type and amount of risk an organization is willing to take on in pursuit of value. “This almost always involves risk and return trade-offs,” Cannes says.

Cannes uses a Las Vegas analogy to illustrate risk. “If I’m playing blackjack and it’s $25 a hand, that’s much more risk than I want to take. But if there were $1 tables I would be more likely to sit down and play,” Cannes said. “That’s similar to risk appetite. If that risk is lower, you’re much more likely to make organizational ‘bets.’”

Organizations use different tools and functions to identify, manage, and control risks, he says. 

The central objective of enterprise risk management (ERM) is to improve the capability and coordination of risk while integrating the output to provide a unified and holistic picture of risk for stakeholders and decision makers, Cannes says.

ERM establishes an organization-wide structure and process to identify both risks and opportunities, including communication, response plans, and creating a collaborative and innovative environment.

“ERM increases confidence and capabilities around understanding and managing the risks of today, while better positioning the organization to leverage opportunities in the future,” Cannes says.