Traditional risk management generally focuses on property and liability risks facing the organization. Buildings can burn, equipment can be stolen, customers can sue for injuries, employees get hurt, and automobiles can crash. There are a multitude of risk management techniques that can be deployed against these risks. Some techniques are risk reduction, some are risk prevention, and some are risk avoidance. The risk that remains requires some sort of risk financing treatment that often involves the purchase of insurance products. Traditional risk management is the realm of the professional “insurance manager” which was the precursor to the “risk management” position in many firms when the extent of risk management was primarily the purchase of insurance products.
Enterprise risk management represents the recognition that the risks to an organization go well beyond the typical property and liability risks of traditional risk management. Insurance is not always a viable option for the enterprise risks that are more strategic in nature. These types of risks include the prospect of supply chain failures, product flops, strategic missteps, and public relations challenges. Such risks were previously thought to be general business risks that resided solely with the C-level executives. Enterprise risk management reflects the realization that a risk professional has something to offer for managing these risks just as they manage traditional property and liability risks,
Lest you think that only large corporations need to worry about enterprise risk management, consider the situation of tiny little Memories Pizza of Walkerton, Indiana. Amidst the current firestorm of controversy surrounding Indiana’s Religious Freedom Restoration Act, the media has been swarming small businesses, looking for evidence of the Act’s evils. They found what they were looking for when they spoke with a young co-owner of the pizza shop. This blog will not take a position on the Indiana controversy – that’s not my place or purpose. However, the entire controversy and the specific case of Memories Pizza perfectly illustrates the type of risk that faces organizations beyond those that are typically (and relatively easily) covered by insurance. When controversy erupts, organizations may wish to just “keep their heads down” and stay out of it because common sense dictates that taking a stand is sure to alienate some stakeholders even if it elates other stakeholders. But when an employee with little or no public relations training is suddenly put on the spot, the organization may find itself thrust into damage control mode.
The risk of controversy is real, and it’s not insurable. Just ask Memories Pizza if they ever thought, in a million years, that they’d be shutdown by a state law that had no direct effect on them… until they commented on it in a nation that espouses the right to free speech.