By Lubosi Kikamba
Every business operates in an environment where it is exposed to various risks and opportunities. For example, the Novel Corona Virus Disease 2019 (COVID-19) has negatively affected the operations of most organisations. The question is, how many organisations had plans in place to safeguard their business operations against the negative effects of such an uncertainty? Organisations that managed to thrive despite the disruptions caused by COVID-19 are the ones that had put in place a robust Organisational Resilience Framework which factored in the importance of areas such as among others business continuity and risk management. This article intends to unpack the advantages of integrating Enterprise Risk Management (ERM) in the processes of an organisations in order to achieve its strategic objectives.
The International Organisation for Standardisation (ISO) defines risk as “the effect of uncertainty on objectives”. Risk can either be positive (opportunities) or negative (threats). Some examples of risks for institutions such as the National Institute of Public Administration (NIPA) may include among others: general physical and mental well-being of both staff and students, protecting NIPA’s reputation and maintaining the quality of the programmes offered, rapid changes in technology, information/data security risk and ability to comply with the various laws and regulatory requirements.
Organisations have for many years faced risks and devised ways of dealing with them. Industries such as insurance or the financial sector/departments have for many years been dealing with risks. However, risks traditionally were managed in silos. For example, an IT manager would manage the IT infrastructure and ensure management of IT risks while legal or financial departments would also manage their own risks independently. At no point did these various departments come together to share risk oversight information.
It is for this reason that the concept of ERM was develop in order to ensure an enterprise-approach to risk management. According to the North-Carolina State Poole College of Management Risk Initiative 2009 report:
“The ERM approach emphasizes a top-down, holistic view of the inventory of key risk exposures potentially affecting an enterprise’s ability to achieve its objective. Boards, senior executives seek to obtain knowledge of these risks with the goal of preserving and enhancing stakeholder value”.
The above description of the ERM is in line with the principles of the latest ISO 31000:2018 “Risk Management- Principles and Guidelines “which explains that the purpose of risk management is the creation and protection of value. According to ISO, risk management improves performance, encourages innovation, and supports the achievement of objectives. It is also important to note that the rationale behind ERM is to promote a proactive culture of proper and systematic planning rather than a fire-fighting culture.
The Government of the Republic of Zambia has also recognised the importance of ERM in organisations. On Tuesday, 15th September 2020, Hon. Dr. Bwalya K.E Ng’andu, MP launched the Risk Management Framework for the public sector. This means Public bodies are required to practice risk management as required by the Public Finance Management Act No. 1 of 2018, Good Corporate Governance principles and as part of the ongoing Public Reform Programmes (PRP).
The National Institute of Public Administration developed its Risk Management Framework based on ISO 31000:2018 which awaits approval by the Governing Council. It is hoped that the integration of risk management in the Institute’s processes will lead to the benefits highlighted above. This is also in line with Institute’s Strategic objective number 6, which is to improve business processes and procedures.
Although the ERM approach emphasises a top-down, holistic view of managing risks, every staff of an organisation is a risk manager as each staff has a responsibility of ensuring that the organisation flourishes. Top management is key in terms of driving the agenda of risk management. A positive risk culture should also be inculcated in students so that as they join the industry and beyond, they will be more risk aware than risk averse.
The Governance Institute of Australia’s 2020 Risk Management Survey report, which is a survey of almost 400 governance and risk professionals and senior executives, reveal that the COVID-19 pandemic has put the issue of risk under the spotlight. The survey found that close to 40 per cent of businesses are not regularly testing their risk and crisis plans and just 11 per cent are testing regularly. To deal with uncertainty, the report recommends that regular and effective risk and crisis testing should become priority for organisations today. This is a suggestion that Zambian organisations like NIPA can also consider seriously.
As the saying goes, “a Journey of a thousand miles begins with one step”. As NIPA embarks on this journey of integrating ERM in its operations, it is hoped that all staff will support this important initiative. With time our ERM system will surely mature. Make sure you get the next issue of NIPA News where I will consider the interface between quality assurance and risk management.
