This week’s guest, Chris Mandel, is the Director of the Sedgwick Institute and the Vice President for Sedgwick’s Strategic Solutions. Chris has more than 25 years of leadership experience in large global corporate risk management.
What is the Goal of Traditional Risk Management?
- Prevention - prevent bad things from happening.
- Financing - figure out the best way to financially mitigate the negative effects of those bad things.
- Control - discern what the necessary steps are after those bad things occur.
Resiliency in Enterprise Risk Management
Enterprise Risk Management, or ERM, applies the three pillars of traditional risk management (prevention, financing and control) to all risks and considers not only the negative outcomes, but positive outcomes as well.
Approximately ten years ago, resiliency has become more of focal point with regards to business continuity and is now at the heart of ERM. Resiliency as a function of business continuity has become the core aspect of risk strategy, which involves anticipating the various outcomes of processes within your entity.
With resiliency in mind, it is imperative risk managers ensure that the financing of risks is aligned with the financial strategy of the organization. Resiliency provides the organization with the means to optimally mitigate damages during and after a crisis, in turn, fortifying its ability to respond effectively.
Resiliency is building a strong organization that is able to respond to its risk profile accurately and effectively, as well as reducing the impact of those risks on the organization's or entity's strategic plan.
Traditional Prevention and Control vs. Resiliency
Resilience actually serves as a "third dimension" of the traditional risk management standpoint. Prevention reduces the likelihood of losses occurring, control minimizes the cost of a loss, and resiliency emphasizes restoration and rebuilding back to the status quo.
Resiliency simply enhances the traditional two-legged stance of prevention and control and instilling resiliency as a risk management objective into your entity and/or organization requires a strong risk culture and direction.