Enterprise Risk Management for Small Business: Implementation of ISO 31000:2009 International Risk Management Standard (Part Two)

Deddy Jacobus
(This paper has been published by IICIES, 2010)


Abstract
Profound in any small business is its limit access to two important resources: fund and qualified management team. For that reason, small business is doom to experience ‘unexpected shutdown’ due to its lack of working capital and or poor managerial decisions. Hence, of high importance is for any small business entrepreneurs to make sure that he or she does not waste any financial resources in their possession or make wrong decisions that could jeopardize their business. The author is confirmed that a solution to this situation is the implementation of enterprise risk management (ERM), ISO 31000:2009. ERM enables any small business to prepare a better strategic and operational planning, to manage its operation in a more efficient and effective way, to avoid any expected and unexpected losses, and to establish a sound culture of high performance organization. A small business entrepreneur can utilize its organizational limit and risks to achieve better return than his or her competitors. How is it possible and affordable for small businesses are the main issues will be discussed in this paper.

Key words: Enterprise risk management, small business, iso 31000

Traditional approaches to risk management emphasize mitigation, focusing on the readily apparent risks facing a company in the areas of revenue assurance, security, health and safety, credit, regulatory, technology, fraud and more. These threats are, of course, important and must be addressed. But the good things that might occur, like having enough production capacity to meet the increase of market demand, should also be considered. While it is important to evaluate potential crises, it is equally critical to consider risks that are linked to success so an entity can capitalize on opportunities (Wagner and Layton, 2007).

This paradigm shift in perceiving risk has brought in the understanding that risk could not be managed in silo approach by a certain function. Risks should be managed comprehensively, enterprise wide approach, hence the term ‘enterprise (wide) risk management’ (COSO, 2004).

2.1 ERM defined
There are many definitions of ERM, but the definition provided by the committee of the sponsoring organization of the tradeway commission (COSO) is most often quoted. It defined ERM as a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives (2004).

The definition is elaborated further by COSO. ERM is a process applied by all decision makers in organization starting from strategy setting down to activities across the enterprise. The process should be to identify potential events (both upside and downside risks), addressing opportunities and threats equally and balanced. The process should enable an entity to maintain its risks to always be within its willingness to accept and its capacity to manage those risks. And finally the process should provide assurance for the organization regarding the achievement of objectives.

Enterprise risk management considers all the risks faced by the firm and attempts to integrate these disparate risks into a single unified analytical framework. Traditionally, risk has been managed in the compartments of financial risk, operating risk, and credit risk. Rather than allowing risk to remain in such “silos,” ERM insists that these must be brought together into one system of risk management (Nocco, 2006).