Enterprise Risk Management Supply Chain Risk Management Business Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.


This literature review is about critically analysing and understanding risk management. To start off with what is risk basically, its features, what does risk management means, why risk management is important among organizations? Today's organizations have mostly adapted enterprise risk management, why organizations have moved from traditional risk management to enterprise risk management. People's attitude towards risk management has changed and is changing. The aim of this literature is to focus on the various aspects of risk management, types of risk and mostly focused on enterprise risk management. Enterprise risk management (ERM) is a hub of all the risk management entities. According to Olson & Wu (2008), enterprise risk management is a combination of various factors which has a potential impact on the activities, their processes and resources of the organization. This also includes other external factors like economic change, financial market developments are to name a few, all these factors go beyond the control of the organization even though the organizations are prepared with various alternatives to protect themselves. Hence risk portfolios are developed with serious responsibilities. The primary objective of this literature is to analyse about risk, to have a critical perspective on risk management, understanding enterprise risk management (ERM) and analysis its importance among organizations in today's competitive corporate world and finally focussing on a specific area of enterprise risk management.

Perhaps Casual actuarial society (CAS) has a better perception of ERM a more convincing definition, according to CAS committee the ERM is defined as " ERM is a discipline by which an organization in any industry assesses, controls, exploits, finances and monitors from all the sources for the purposes of increasing the organizations short and long term value to its stake holders" (CAS,2003:8).

It is important to understand what is risk basically. Something related to uncertainty is known as risk, this is a very basic understanding of every human being. Now that uncertainty has consequences if it is dependant to uncertain situation. Risk and uncertainity are related to each other. According to Hillson & Murray-Webster (2007), risk is not the same as uncertainty. Risk is a common term used in today's world that may be related to any circumstances such as personal, society or business. Uncertainty can be termed as a risk environment and it has two characterictics variablility and ambiguity. Risk is related to uncertainty and has it consequences, but its not the same as uncertainty due to its two characteristics. Variability can be termed as a situation or an issue which can be measured with various possible values (Hillson & Murray-Webster, 2007). Whereas ambiguity is defined as the uncertainty of meaning itself. Unsure of a particular event or unforeseen might occur, there is uncertainty of the event itself. There is no content or meaning of the event, basically it lacks clarity on all the aspects of that event. This type of uncertainty is known as epistemic ambiguity, epistemic derived from greek word episteme means knowledge, the knowledge which not clear or incomplete knowledge. Another beautiful perception of risk given by Dickson (1995), states that risk brings sweetness as well as bitterness to life, unlooked for an unwanted event in the future. Well everyone wants their world to be totally risk free which is inevitable. The bitter side is the downside of risk which concerns every human or entity.

Risk management term is given for collective activities pertaining to risk. Activities like planning, avoiding, reducing, controlling risk and improving risk strategy. For years managing risk has always been one of most difficult and complex task for any circumstances like organizations, society as well as personal. None of the organizations would survive without an effective risk management. Managers have a poor undertsanding of risk management as they cannot foresee or they do not intend to forsee what would happen in the future and deriving multiple probabilites possible outcomes. Managers and employees both have different perception towards risk. Everyone have their own ideology on managing risk this is known as attitude toward risk. According to D'Arcy & Brogan (2001), risk management is being practiced for thousands of years; an example for this is a risk manager burning fire at night to keep wild animals away. Risk is totally unavoidable the more managers and organizations try to mitigate risk (reduce risk) there are more possibilities of getting new risk, risk can never be fully quantified (limited) but can try to control. Warring and Glendon (1998), states that risk management is extensive, the scope of risk management is huge considering the key dimension such as objects of risk management are various hazards and threats like pure risk and speculative risk. Before Enterprise Risk Management (ERM) came into existence, organizations followed traditional risk which focussed on pure risk and speculative risk. Pure risk is defined as those risks in which there is a possibility of total loss or no loss (D'Arcy & Brogan, 2001). An example of pure risk is to own a house, there is a possibility of the house getting burned down, hit by an earthquake. Other possibilities are health and safety, fire hazards, business interruption, environmental impact are to name few (Warring and Glendon, 1998). Speculative risk on the other hand is defined as the possibility of gains in risk (D'Arcy & Brogan, 2001). It's just like gamble if succeeds it maximizes profits (Warring and Glendon, 1998). For example in stock purchase, there may be a possibility of stock value going down making a loss, possibility of stock value remaining intact, possibility of rise in stock value there by maximising profits (D'Arcy & Brogan, 2001). The next key dimension of risk management is risk contexts, it is the context of how risk is perceived to exist and the ways by which the risk management responds to identify, understand and analyse various threats and hazards (Warring and Glendon, 1998). The other two dimensions are the objectives of risk management and various methods to evaluate risk, in other words risk management methodology summarizing the objectives of risk management such as reducing, eliminating and controlling pure risk and gaining utility, profits, benefits from speculative risk (Warring and Glendon, 1998). As far as risk management methods are concerned, it is the process or derived model to identify, evaluate, estimate and quantify risk. Hence risk management is an ongoing process which needs improvement from time to time at regular intervals, thereby striking a balance between benefits and quantifying risks. Greater the risk taken the rewards achieved, this is one of the positive aspects of risks (Ritchie & Marshall, 1993).

Crockford (1986), states risk management is difficult to define, but it can be considered as a simple application to solve particular problems of risk with proper decision making such as defining problem, evaluating possible solutions for quantifying risk, implementing proper optimal solutions and monitoring the performance of that solution. World cannot exist without uncertainty, irrespective of well managed factors, the possible changes are not within ones control. According to Dickson (1995), understanding the risk management philosophy is essential; it gives a clear picture of where the company stand with respect to the issues of risk as well as its management. Writing a risk management statement is very important it derives the risk management philosophy of the organization, showing a clear understanding of corporate nature towards risk is known as risk management philosophy. Setting long term objectives by the company rather than responding to the incidents occurred. Risk managers should educate staff members make them understand about risk and creating a positive approach, positive attitude towards risk. Risk management philosophy is quite useful in setting benchmarks to achieve the desired targets. Risk management philosophy allows viewing on risk from company's perspective rather than individual's perception. Risk management is not an individual's responsibility but it's a responsibility of the entire line management. Identification of risk is only a preliminary to control risk (Crockford, 1986).

Another perception of risk known as regulation of risk with respect to governmental risk or can be even termed as society risk, risk here dealt with government acts towards the society. The regulation of risk is defined as "Governmental interference with market or social processes to control potential adverse consequences to health, risk conventionally defined as the probability not necessarily calculable in practice of adverse consequences" (Hood et al, 2001:1). In order to control risk, various regulations are laid in power by the government enforcing laws, products and behavioural standards. For example the mad cow disease during the 1980's and 1990's posed a risk towards the society, the cows were infected and the people who consumed the meat of cows were infected by hazardous human brain disease know as new variant Creutzfeldt-Jakob (nvCJD), government had to take steps to control risk by implementing various regulations such as banning meat consumption and imposing standards on meat consumption (Hood et al, 2001). Usually when risks is defined in terms of society threats, where the impact is huge on a state or country, government plays a vital role in deriving risk regulation and hence the term risk regulation regime, the term regime denotes the complexity of the institutional geography (Hood et al, 2001).

Risk can be classified in different types depending on the occurrence of uncertainty. As Crockford (1986), said risk can never be fully controlled or eliminated but various measures or steps can be taken to reduce and avoid. Every risk is different from the other and has its own consequences and various methods are implemented to mitigate them. Both enterprise risk management and traditional risk have similar types of risk but their attitude and approach towards them is different. Every author has given different perception towards different types, let's discuss few of them. The different types are; first is Natural perils and loss of personnel, natural perils are those risk which are nature affected such as fire breakout in a factory, floods, earthquakes, any natural catastrophe risk is said to be in natural perils categories, loss of personnel is when someone in an organization or factory dies in an accident, employees get injured during work, the company has to pay the employees a compensation. The company loses work, time and costs which is incurred by paying insurance premiums (Crockford, 1986). Opportunities in risk, any event which is under favourable circumstances which may give rise in financial profit, it's known as serendipitous, that means by chance or by accidental fortunate something good happens (Olson & Wu, 2008).In Killer risks, the events or risks when occurred leads to major loss, disaster or damages there by leading to permanent closure of those operations itself (Olson & Wu, 2008). Environmental risk are those hazards that cause damage to humans through undesirable changes in the eco system such contamination of water, soil, air (Warring and Glendon, 1998). Any risk which is related to ecological changes thereby cause harm to humans, living beings can be termed as environmental risk. Labour and liability risk, in labour there is always a risk with employees, the loss of employees by any means such as death, injuries and lack of performance is a potential loss. Whereas in the liability, every business faces liability risk especially when they are manufacturing or supplying products to third parties in other countries any single event or a catastrophe would cripple their business there by building liabilities to third parties (Crockford, 1986).In Political risk, suppose any wrong, hazardous decisions taken by group members or leaders of a particular organization, associations, unions and even government parties which could lead to lose charisma, trust, support and attraction among members thereby turning against them, ultimately leading in losing power and position (Warring and Glendon, 1998). Political risk are speculative they can attract support as well turned against the one taking decisions, taking risk. Political risk and social risk are interconnected. Social risk is one where activities like terrorism, curfews, and environmental hazards affecting humans takes place, political and social are interconnected because these risk involves government interferences and when government or other parties group takes decision they risk their position and power, their actions can be serendipitous or adversarial affects (Crockford, 1986). Financial risk can be defined as risk taken in international business, the fluctuation of foriegn exhcange rates during imports and exports of products and commodity risk is known as the possiblilities of changes in prices of raw materials during buying, selling from and through suppliers (CAS, 2003). This might be the perception of traditional risk, perhaps enterprise risk management ERM has a holistic approach towards financial risk. Holistic approach is known as to view risk in terms of group, a collvective elements of risks or combining the risk altogether to view as a single issue.

Enterprise risk management is superior than the traditional risk management, even though organizations were able to design risk strategies based on traditional views, the risk management was not so effective, in traditional risk, the risk management department was isolated from organization, hence there was a need to find a better and more effective strategy for risk, the out come of that is ERM. Enterprise risk management is a new term which is becoming an ultimate approach to risk management (D'Arcy & Brogan, 2001). Hence this new approach has proved through effective performance thereby making organizations to move from traditional risk management to enterprise risk management. This might have a more convincing and good definition of ERM "It is the process whereby organizations methodically address the risks relating to their activities, with a goal of achieving sustained benefits across the portfolio of activities. This is often called as enterprise risk management (ERM) and its objective is to add maximum values to these activities" (Reuvid, 2007:5). Every organization wants to attain success and earn profits; they need to take risk in order to achieve business objectives. As quoted earlier there is no reward without taking risk. According to D'Arcy & Brogan (2001), enterprise risk manages the overall activities of the organization in an aggregate manner unlike traditional risk managing issues independently, more over the ERM focuses risk as a potential benefit opportunity rather than just focussing on minimising or controlling risks. This is one of the reasons for organizations to shift from traditional risk to ERM. Hence enterprise risk management is widely accepted by all organizations. Many authors have similar perceptions towards ERM, according to Nocco & Stulz (2006), an organization can manage risk in two different ways, managing one risk at a time which is a traditional approach and managing all the risk holistically this approach is said to enterprise risk management, considering all factors when assessing risk is known as holistic approach. The concept of enterprise risk management was developed during the mid 1990's in organizations with objectives to manage risk effectively, keeping risk management as a top priority among organization (Olson & Wu, 2008). The casual actuarial society (CAS), the committee for enterprise risk management describes on the evolution of ERM, stating its various factors and characteristics that gave birth to enterprise risk management. Risk management has been practiced in organization since ages but it was carried in various part or risk was dealt separately which is known as traditional risk, similar actions were carried out like identifying risk, assessing, prioritizing and treating risk has been a common practice, what now had changed is various parts of risk management has combined together and treated in a holistic manner and escalated to top management responsible for risk management (CAS, 2003). There are various factors that lead to the development of enterprise risk management. The factors are; increasing number of complicated risks such as hazard risk which is also known as pure risk, financial risk in business, increase in uncertainty among corporate world thereby creating corporate risk, external pressure like corporate governance such as the regulation of risk, government interventions in corporate world insisting top management to handle risk as their prime priority. Another factor is the increasing tendency to view risk in a holistic manner, thereby developing a combine integration of various parts of risk grouping together to form a collective risk which is also known as portfolio of risk (CAS, 2003). In ERM creating a portfolio of risk is a primary objective; it's just not summing up all the risk, portfolio of risk means understanding individual elements of risk in collective group. One of the key features of enterprise risk management is; ERM sees risk as an opportunity to make benefits as discussed earlier, rather than only taking measures to control them. Enterprise risk management has become a new trend in business world. Hence enterprise risk management is highly structured and disciplined approach thereby putting all the entities like people, processes, knowledge and technology in place to focus on uncertainties and risk of organization as their prime priority, which would create value for risk management (KPMG, 2001). According to KPMG (2001), enterprise risk management is a combination of holistic, integrated and strategic approach which helps to manage business risk, future focussed such as viewing risk as opportunity to maximise profit for organizations and increase stake holder's value. Holistic approach is viewing risk collectively or grouped together. Integrated approach makes employees to think what to do, how to do and to think intuitively in situation which requires immediate action (Harmon et al, 2007). Strategic approach views a holistic perception to risk, combining pure and speculative risk together which are involved in hazards or threats to an organization (Warring and Glendon, 1998). Not only KPMG, even other authors like Olson & Wu share similar perception of the change from traditional risk to enterprise risk management.

The ERM was developed setting some standards and guidelines in association with corporate governance regulations such as self regulatory organizations for industries they develop specific standards for risks, guidelines and framework (Reuvid, 2007). Reuvid (2007), states some of the self regulatory organizations such as Committee of Sponsoring Organizations (COSO), COSO has their own perception of enterprise known as COSO ERM, COSO derived a new concept in ERM known as risk appetite (Moeller, 2007). Here is a good and precise definition of risk appetite "Risk appetite is defined as the amount of risk, on a broad level, that an organization and its individual managers are willing to accept in their pursuit if value" (Moeller, 2007:51). COSO works on behalf of auditing profession, other regulatory organization such as the Basel Committee on Banking Supervision for financial institutions and Global Association of Risk Professionals (GARP) work on behalf of financial risk managers (Reuvid, 2007). The IFRIMA, International Federation of Risk and Insurance Management Association, it is known as the international umbrella for risk management associations, they encourage the best practices and guidelines for ERM. Even the Federation of European Risk Management Associations (FERMA) also adopted risk management standards and guidelines, it was first published in UK in 2002 (Reuvid, 2007).

Enterprise risk management is an integral part among industries, without the integration of enterprise risk management it is quite difficult for an organization to survive as well as to stand in competitive market. ERM is applied in every aspect of the business, it is wide spread. In supply chain field, industries are always at the higher side of facing risk.

This literature will discuss on supply chain and its risk, which is known as supply chain risk management. ERM is applied in supply chain, the part of literature focuses on the critical aspects of supply chain risk and different ways to control and reduce risk. The primary objective of this research is to focus on the supply chain risk, critically analyse and evaluate the major aspects of risk with respect to supply chain. Perhaps understanding what is supply chain would be a better start, an organization must identify, assess, evaluate, prioritize and manage the overall supply chain to stand in today's competitive market. A good definition of supply chain can be stated as "A web of autonomous enterprises collectively responsible for satisfying the customer by creating an extended enterprise that conducts all phases of design, procurement, manufacturing and distribution of products" (Sinha et al, 2004:154) and supply chain management can be defined as "A set of three or more entities, organizations or individuals directly involved in the upstream and downstream flows of products, services, finances, and or information from a source to a customer" (Mentzer et al,2001:4). Today's world consists of market uncertainty and turbulence, a rapid demand in almost all the sectors of businesses is one of the key reasons for this turbulence, industries have shortened the development of product life cycles, and when new products introduced in competitive market, leaving the demand life cycle to be unpredictable (Christopher & Lee, 2004).Product life cycle is known as the stages involved from planning, designing till the development and completion of the product, and demand life cycle is known as the demand created for new products which is consumer based, developing a competitive stance in market place, there by predicting the demand of the product. This lead to a rise of more and more complex supply chains and managing supply chains irrespective of simple or complex is challenging in present competitive industry. In today's world managing supply chain is becoming increasingly challenging, with the rise of industries expanding their business and increase in manufacturing of products there by adding more and more suppliers in the supply chain stack, makes supply chain vulnerable to disruption, supply chain are always at the higher side of exposure to risk. In recent news from MAA (Midlands Aerospace Alliance), Annette Oliver, Director, Supply Chain at Aero Engine Controls (AEC), stated that "A GOOD supply chain management doesn't happen by itself, not does it arrive overnight like the season's first snow. It takes focus and determination over a long period, but the results are worth every bit of the effort" (MAA, 2009:6). It is a difficult task to understand and manage supply chains, especially supply chains with multiple suppliers and their sub suppliers. It is not an easy task to manage a supply chain of a particular company, especially companies with a huge portfolio, supply chains are usually complex, the structure of the whole supply chain which consists of multiple suppliers and sub suppliers, are difficult to analyse and the risk, disruptions and disturbances are highly, one cannot predict or foresee which part of the supply chain, whether supplier, distributors or even manufacturers would be vulnerable to disruptions. Whatever an accurate risk strategy may be designed and closely monitor the foreseen and unforeseen risk, still there are greater possibilities of new risk emerging out. Hence risk cannot be fully quantified but can be controlled and mitigated or reduced to certain extent to avoid possible losses. According to Norrman & Jansson (2004), supply chain risk management is a tool applied to control risk. Amore precise and convincing definition on supply chain risk "Supply chain risk management is to collaborate with partners in a supply chain, apply risk management process tools to deal with risks and uncertainties caused by, or impacting on, Logistics related activities or resources" (Norrman & Jansson, 2004:436). Peck (2006), states that Supply chain risk has become a fashionable area in the field of management research. Risk managers have to take steps to avoid the supply chain breakdown perhaps understanding the risk factors, analysing and then taking step to mitigate them would control supply chain breakdown, according to Chopra & Sodhi (2004), understanding, analyzing the variety and interconnectedness of the supply chain would give managers an insight to develop effective risk reduction strategies. Without understanding the structure of supply chain it's quite difficult to implement a risk reduction strategy. Chopra & Sodhi (2004) also state that in order to devise a risk reduction strategy one must understand and analyse the risk, categorise it and find the drivers pertaining to risk, the causation for risk is known as risk drivers, analysing the conditions and events to cause that particular risks would help managers to devise an effective tailored risk mitigation strategy. Organizations have devised several strategies to mitigate risk in supply chains; in fact those risk reduction strategies have been quite successful when implemented in their organizations it is important to understand that every risk strategy devised is unique, a risk strategy of one organization cannot be implemented in another because of its risk categories and their drivers, every strategy will not fit in another place, but it is possible to adapt the best practices from collective organizations and devise a new strategy and implement based on existing risk strategy. According to Norrman & Jansson (2004), identifying and analysing the risk in supply chain is first and most important stage in development of risk reduction strategy, it enables the decision makers to understand the events and causes of disturbances. In order to assess the risk exposure, the organization not only must identify the direct risk to its operations but also identify the potential causes of risk in every link along the supply chain (Norrman & Jansson, 2004). This is a good strategy to find out the potential causes in supply chain. There are several issues and challenges facing supply chain disruptions, in supply chain if any one of the links or suppliers or sub suppliers are affected by any catastrophes and hazards, that may be of any category, the whole supply chain of the organization is disruption and it's a difficult task to put these suppliers back to track and managing itself is a difficult. Supply chain are vulnerable to international terrorism, these not only disrupt but also cripple the business. In the case of September 11th 2001, many manufacturers soon after the attack faced problems of disruption as the flow of materials to several plants were stopped (Sheffi, 2001). An example, Ford had to stop the work in assembly lines since the loaded trucks with components were delayed from Canadian and Mexican borders. In the case of Toyota the SUV plant Sequoia in Indiana halted their production in hours since the steering sensors shipped from Germany delayed due to air traffic shutdown. Ford and Toyota faced transportation disruption because they operated on Just in Time (JIT) system, as they held inventory few days or few hours prior to manufacturing (Sheffi, 2001). The Just in Time is a Japanese innovated system for supply chain where the essential manufacturing components for any industry are delivered few days or few hours prior to operations. Hence in these cases supply chains are managed under increased uncertainty (Sheffi, 2001). According to Sinha et al (2004), there are some major factors to deal with supply chain risk. In supply chain the network relationships like supplier, distributors and manufacturers, these relations are delicate and the management should be diplomatic, in good terms always. These relations, the supply chain link itself is based on trust, if there is no trust among trading partners, if they don't trust to do the jobs properly, the entire supply chain would be disrupted, because the entire supply chain is based on trust. Non co operating and in active partner can cripple the supply chain. It is difficult to build trust with same partner for business. Transparency of information is another major issue, in order for smooth running of supply chain activities, information transparency is very important. Information sharing through collaboration can be levied between buyers and sellers (Sinha et al, 2004). The aim of information transparency is to create an extended enterprise in order to built trust and commitment among partners. Every manufacturer, supplier or sub supplier have ways of interpreting the customer information, if wrong information is interpreted then there are possibilities of creating distortions and disruptions, this increase of distortions in supply chain would ultimately create a bull whip effect (Sinha et al, 2004). According to Lee et al (1997), bullwhip effect can be defined as the orders to the suppliers tends to vary largely than sales to the buyer which is known as demand distortion and this distortion shoots upwards with much amplified form, there by varying amplification. Lack of ownership is a very serious issue and one of the major factors affecting the supply chain breakdown, according to Jüttner et al (2003), the risk involved in lack of ownership among supply chain occurs when the relationships between buyers and seller are unclear. Outsourcing, core competencies are key issues, as the supply chain increases, increase of more suppliers, manufacturers, sub supplier, logistics partners, thereby extending the network and making the supply chain more complex, these relationships are often confused with their line of responsibilities and refuse to take ownership of issues. Supply chain is vulnerable to risk known as inertia, it's a general lack of response to the changing environmental, market and organizational conditions (Jüttner et al, 2003). In order to successfully manage supply chains, a cross functional integration with marketing playing a critical role is required which is quite challenging (Lambert & Cooper, 2000).


Risk management is a difficult task. This literature has discussed about risk, risk in general carries a negative perception, but without uncertainty the world would not survive. It is people, organizations and every entity should take measures, steps to reduce and avoid risk in everyday life. Risk management, the process itself means managing collective activities at one time. Initially the perception of people and organizations towards was negative and still is negative to the present day, but it is rapidly changing. It was the traditional risk which carries the negative perception, since traditional risk consists of pure and speculative risk; organizations gave more importance to pure risk such as natural catastrophes and hazards, rather than focusing on speculative risk as well. The attitude of organizations and people toward risk was to manage one risk at a time, but that's not the present situation, since enterprise risk management introduced among organizations, risk management is more focussed and given a top priority. In enterprise risk management risk is seen as an opportunity rather than just seeing as a threat and finding ways to mitigate them. In traditional risk, risk is usually seen as an individual responsibility, where in enterprise risk management, risk is portrayed as everyone s responsibility (Olson & Wu, 2008). Organizations are becoming more and more aware of enterprise risk management, its performance have proved the reason for organizations shifting from traditional risk to enterprise risk management. A holistic approach in identifying and mitigating risk makes enterprise risk to stand out in business world. Moreover the various regulatory organizations, risk standards encourage organizations with best practices and implementations of enterprise risk management. Supply chain risk management is also another perception of enterprise risk management, supply chains are usually difficult to manage, the longer the supply chain, more increased complexity to manage them, and managing risk is an ongoing process in supply chain as well as any entity in business world. Various supply chain risk reduction strategies such as, mitigating risk though increased confidence in network is also one of the good ongoing implemented strategies (Christopher & Lee, 2004). The major factors that affect the supply chain breakdown is lack of trust and ownership, information transparency, outsourcing and other logistics disruptions like transportations should be the first priority in resolving issues in supply chain risk. Supply chains are complex and disruptions, breakdowns are unpredictable, which part of link may break down is quite difficult to foresee, but steps can be taken to analyse the cause and categories risk in each link, then implement strategies to avoid them. This would also help in reducing supply chain disruption.