Enterprise Risk Management

A simple risk assessment tool

  • 1.  A simple risk assessment tool

    Posted 06-17-2009 10:01 AM
      |   view attached

    Attached is a distributable Excel 2007 spreadsheet (*.xlsx) that can be used to identify and rate top risks for a specific focus area.  In this case, the focus area is Mergers & Acquisitions Risk.  However, the same tool can be used for other focus areas with some simple adjustments to the Business Risk Inventory (BRI) included as a reference source in the spreadsheet workbook.  As a caution, make sure your BRI and risk rating descriptions track with your underlying business process document and framework for ERM.

    For the M/A risk area, the business development teams conduct their own risk analysis using the tool and list up to five top risks associated with the potential acquisition.  They are asked to assign a risk category (strategic, operational, financial), specify a risk component (e.g., commodity risk), define the risk, provide details and drivers, specify impact areas (cost of goods sold, etc.), indicate likely impact direction (+/-) and list mitigation activities, success measurements, etc.  The information going into each one of the fields comes from the underlying BRI source via drop-down boxes with the exception of risk details/drivers and mitigation/outcome measurements which are manual inputs.

    The resulting 'report' is a one-page summary of each of up to five top risks that becomes part of a board book submission and provides a common basis and context for discussion of challenges and opportunities associated with the potential acquisition.

    While this is presently a distributed "system", collected data is captured by the ERM function and used to assist in maintaining enterprise risk tolerances as well as providing a basis for tracking actual results against expectations.  The specification of the nature of a particular risk and drivers as well as mitigation and outcomes criteria in the case of a particular acquisition target is manually determined at this point, although future versions of the application will incorporate more quantitatively based methods as necessary.

    Since an important part of the value proposition for ERM is not just to adequately characterize and treat a risk/s but also provide information that is timely, this tool is adaptable to programming in a .NET, SharePoint or other environment for online delivery with information passing to back-end databases.  Such a delivery method would significantly reduce hands-on time by the ERM function in gathering/organizing and makes the work done by others more of a living assessment that is adaptable to changes in environment.  For example, if Regulatory Risk is an important area of focus, the 'live' risk assessment tool can be easily modified as rules change.

    -------------------------------------------
    Ken Dolan
    -------------------------------------------

    Attachment(s)

    xlsx
    rat_maduedil.xlsx   44 KB 1 version