Review of the state-of-the-art in Enterprise Risk Management
Discuss about the Enterprise Risk Management in Etisalat.
The Etisalat Group explores the proactive risk management and its importance in attaining the strategic objectives. In the internal control function of the group, the Enterprise Risk Management (ERM) process, it makes sure that the main risk is explored, assessed as well as managed around the Etisalat Group of companies. ERM framework of Etisalat offers the right assurance that significant risks are studied and examined (Wu & Olson, 2015).
The Etisalat group hires the robust system of ERM that includes three defence lines environment of internal control. In the day to day risk management, the first defence line goes around the OpCos. This is highly governed by the previous procedures and policies, and it also covers up regular perspective on explored risk as well as ongoing risk mitigation management activities (Olson & Wu, 2010). The next defence line includes the corporate functions that continue their accountability for monitoring and oversight of risks. Deducted tasks like Finance (Revenue assurance and fraud management), legal, regulatory affairs, and internal control (compliance and ERM) includes different activities to reduce and manage the massive range of risks. Along with this, capabilities of agreement in the functions of internal control are set up or emphasizing over the legal compliance issues like corruption and anti-bribery.
The last line of defence offers the personal assurance about the company’s internal control environment through conducting an internal audit, along with other functions of reliability that are outlined in second defence line (Choi, Ye, Zhao & Luo, 2015). Both the internal audit and internal control functions continue to move independently from the report functionally and executive management to Etisalat Group Audit committee that is authorized by the board of directors, to supervise the area.
Enterprise risk management (ERM) holds the holistic approach towards the company risk. A holistic approach is considered as the risk in the context of the group, gathered components of risks or either the combination of risks for viewing the individual issue. While analysing the enterprise risk management through the perspective of practitioners, who can apply as well as practice any concepts related to management in the actual business world. In the case of enterprise risk, one is a Casual actuarial society (CAS), as per CAS committee, ERM is explained as a discipline through which companies in assessing the industry, exploits, controls, monitors, and finance from every source, with an aim to enhance the companies both short and long-term stakeholders value (Sun, Apley & Staum, 2011). To undertake the detailed analysis of enterprise risk management in the context of this study, it is essential to have an understanding of the critical viewpoints of risk management from practitioner’s perspective.
Core business activities
The perception of the practitioners provides an ability to analyse the actual time involved in organization risk management and differentiation in risk management in context of practical and conceptual application. Therefore, this literature includes the few views of practitioners over risk management. ERP is the new term that has come up as an ultimate approach towards managing risk (Ansaripoor, Oliveira & Liret, 2014). This strategy has also proved by the adequate performance, and the same make the company move from traditional risk management towards ERP. The other definition of ERM for practitioners is that, it’s a process through which companies methodically examine the risk related with activities. This is usually known as enterprise risk management, and its aim is to increase the highest value in these activities. As per Ho, Wu & Olson (2009), enterprise risk assists in managing the complete organization activities in an aggregate way, which is different from the traditional risk problems individually. Besides this, ERM emphasizes risk and mention it as a potential risk alternative, instead of stressing over controlling risks. This is the main reason for the companies to move from traditional risk towards ERM. Various authors hold common approach towards ERM, as per Zhang, Avasarala & Subbu (2010), a company can efficiently manage risk in two variant ways, and manage it at single time, which is referred as traditional approach and manage all risks by considering every factor, while risk assessment is conducted, and the same is known as holistic approach.
Factors such as increase in quantity of complicated issues like hazard risks that is considered as pure risk, financial risk is known as business that enhances the uncertainty between the corporate world, and create the corporate risks, as well as external pressure, for example corporate governance like risk regulation, intervention of government in corporate area by insisting the top management to ensure about holistic way, and develop the combination of different parts of risk by collecting risk, that is considered a portfolio of risks (Xu, Zhou & Wu, 2011). In case of Enterprise risk management, developing a risk portfolio is the core objective, and it sums up the threat, a portfolio of risk by analysing the individual components of risk within groups. One of the main features related to enterprise risk management is seen as an opportunity for making advantages at an early stage, instead of taking the measures to control it (Bogatai & Bogatai, 2007). In the today’s business world, enterprise risk management has become new trends.
Introduction to the company, organization or business unit you have chosen to study. This should also include a narrative on strategy, core business activities, recent financial performance and corporate view of risk management
A corporate view of risk management: Operational threats
Core business activities
Etisalat is the famous and largest telecommunication company offering corporation in the GCC. Its headquarters are located in Abu Dhabi, UAE. The company serves around 11.6 million customers, and they have more than 300000 large, small, and medium enterprise and government customers in the country (Enterprise Risk management, 2017).
Cybersecurity threats- the external cyber-attack threat around Etisalat network as well as information technology infrastructure will continue, especially in North Africa and Middle East areas. Both the IT and network security team try to proactively monitor all the activities going around the group network for exploring and reducing the expected threats of cybersecurity and breach of data privacy (Goh, Lim & Meng, 2007).
The pressure of competition and prices- the Etisalat market operates are featured through the increased competition level, including both new and existing, along with a reduction in cost, substitution of technology, product and market convergence, as well as customer churn. The group within the company try to analyse and monitor the market trends and invest in the products, networks, and services provide to compete in an effective manner (Gaudenzi & Borghesi, 2006).
Exposure of foreign exchange- Etisalat is highly exposed towards the prevailing uncertainty of international rate of exchange volatility in individual countries, in which they are working. Mainly, this volatility might impact the consolidated outcome and total Etisalat investment value in foreign operations. Group finances have also set up the policies, tools, and procedures for monitoring, managing as well as reporting the exposures.
Other exposure to finance- Both the financial assets and liabilities of the group are exposed to the different economic threats, which includes liquidity, the rate of interest as well as credit risks (Wu, Blackhurst & Chidambaram, 2006).
The Etisalat internal control group functions try to develop the yearly plan, by outlining the enterprise risk management as well as compliance activities that are approved by the audit committee. Its primary objective is to strengthen the lying three defence model lines by measuring the ERM maturing process as well as it also coordinates with compliance activities around the group.
Risk management is the primary function related to project-based companies, as well as its ultimate aim to create the corporation value. In current years, various project-based companies have tried to implement the system of project risk management for measuring and managing the associated project risk. The Etisalat group hire the system of robust ERM that creates the part of three defence lines within the internal control environment. The first defence line is related to regular risk management around the (Blackhurst, Scheibe, & Johnson, 2008). This is highly governed by the previous policies and procedures and also cover up the day to day review of explored risks and regular risk mitigation activities management.
Financial Risks
The second defence line includes the corporate functions that are responsible towards the monitoring and oversight of risks. Committed tasks like finance (revenue assurance and fraud management), internal control (compliance and ERM), legal and regulatory affairs, that conduct the different activities for reducing and managing the enormous risks (Heckmann, Comes & Nickel, 2015). Along with this, compliance capabilities in the function of internal control is set up for emphasizing over the legal compliance matters like corruption and anti-bribery needs.
Depending on the nature of the organisation, there are a number of factors that should be considered when designing and planning an ERM initiative. Details of the risk architecture, strategy and protocols should be recorded in a risk management policy for the organisation.
The process of ERM includes the identification, management, assessment as well as regular review of the risks and uncertainties that can negatively create influence over Etisalat ability for attaining the strategic aim. Evaluation of ordinary risk around different areas in which Etisalat group operate through considering the explained tolerance level and risk appetite. Assessment of risk and reduction is the essential part of group yearly business budgeting and planning process. The ERM framework of Etisalat is linked with the global best practices like ISO 31000 standards (Hult, Craighead & Ketchen, 2010). The Etisalat group also monitor and conduct a review of risk principle that can impact the business, reputation and financial performance. While various other risks are existing, it even breakdown different and essential threats are going around different operations of the company.
The risk radar of Etisalat depict the business risk in the telecommunication sector through categorizing the risk in around four quadrants, which correspond towards the universe risk model, these quadrants are related with compliance threats, which originate in law, policies, and corporate governance; operational threats that affect the process, people, system and complete business value chain; strategic threats that are related with competitors, customers and investors, and financial threats that stemmed through the market vitality in the actual economy (Demarzo, Fishman, He & Wang, 2012). Below is the figure that shows the risk ongoing in telecom sectors in the year 2014.
These risk relate to failure in realizing the new roles associated with evolving structure of market; failure to having regulatory certainty over new structure of market; avoiding the new privacy and security imperatives; failure in enhancing the agility of organization; failure to have data integrity for driving efficiency and growth; inability to have performance measurement in driving the execution; lack of understanding about value of customers; inability in adequately extracting the value from the network assets; wrongly explaining the inorganic agenda of growth; and failure to adopting the innovative routes (Nejad & Kuzgunkaya, 2015).
As noted, telecom business looks quite comparatively in managing the risks of information security. Etisalat had started taking action for achieving the improved ongoing insight level and ecosystem intelligence in the dynamic threats and vulnerabilities. Telecom companies are boosting their information related to security budgets importantly. In this year, the survey explored that the average of security budgets was US$5.4 billion, which includes the gain of 35% by the year 2012 (Nejad & Kuzgunkaya, 2015). In the context of complete, IT was spending increased to an average of US$162 million by the year 2013, which included the rise of 17% in the last year. Despite this rise, the budgets of information security depict the 3.4% of total IT spending, which is relatively less investment and had even stayed constant in current years (Sawik, 2011).
Other progress measures that were taken by Etisalat was gleaned through how correctly executives understand their program of organization security with the business strategy and entire spending. In this manner, the optimism of Etisalat was robust. In this context, 72% of the survey participants mention that security strategy is linked to the particular requirements of the business (Wakolbinger & Cruz, 2011). This kind of feedback depicts from top to bottom, and in this security had become elemental components related to corporate culture and excellent business imperative, but simultaneously, it was a challenge for IT.
The committee of sponsoring organizations of the Treadway Commission (COSO) had published the standards of enterprise risk management in the year 2004. The ERM cube of COSO is popularly known as practitioners of risk management, and it offers a framework for undertaking the ERM practices. It had attained considerable profitable influence, after linking with the Sarbanes Oxley needs for organizations listed in America. In the year 2009, ISO 31000 has also published the globally agreed standards for implementing the principles of risk management (Nejad & Kuzgunkaya, 2015). Previously, ERM practices were applied to emphasize the value protection and functions of risk with exploring the organization business objectives threats. Rapidly, it had included different external threats, while assessing the underlying issues to understand how the business is undertaken (Wu, Huang, Blackhurst, Zhang & Wang, 2013). But during this implementation, the focus of ERM over the dangers, risk down siding, missing upside, when it was made the essential element in the process of decision making. It also consults the ability to spot and assess the risks of helping the organization in developing the value and seizing the competitive benefits. Through COSO 2004 publication of ERM, the risk management undertook the essential steps. The framework came as the base for conducting conventional risk thinking. Buts its implementation in various companies emphasizes over isolation, mitigation, and management of known risks (Giannakis & Louis, 2011).
In the last few years, Etisalat operating environment had expanded as complex, highly technologically driven, international, as well as involved risk and business leaders that needs high ability to explore, assess as well as prepare the external focuses that might impact the strategy of organization; shift the conditions that might affect the strategy assumptions, and risk that might came through carrying out the procedure (Giannakis & Louis, 2011).
The risk intelligence is referred as the subset of the executive team of management. Its primary role is to come together for examining the risks of enterprise and actions that are taken for reducing them, review and aggregate the information of risk from various groups in business and even escalate the risk problems to the board, in case it’s required. The problem is that, in fact of risk intelligence, responsibilities are pass on to the existing executive committee, if the company had a proper mix of members (Giannakis & Louis, 2011). In risk intelligence, just like various companies approach towards enterprise risk management act as an essential part of managing the strategy and operations of the enterprise, or either as the soloed process. In the risk intelligent enterprise management, it is analysed that the executives dissect every action that can help in creating value and undertake the potential risk. They also identify the discussion on risk and value cannot be separated, and therefore, risk is viewed as the decision driver, instead of results of decision that is already taken.
The primary challenge related to risk intelligence during its process of creating value in the company is the gap that exists among the requirements as well as resources that are made available for examining the risks. It also generates challenge on manual vs. automated information technology. It also causes a problem on maturity enterprise risk management level, and finally, it’s the regulatory environment that is impacted by risk intelligence (Giannakis & Louis, 2011). It also create issues for the risk partners, as they disconnect them from the business process. It also create problems for the ineffective and inefficient result fragmentation, technology as well as ad-hoc technology. Along with this it’s also create issues related with silo mentality among the functions; interpret the risks and also try to control the uniformity. The approach towards addressing the risks are not standard, and overlapping of risk coverage, and technological uncertainty (Giannakis & Louis, 2011).
Risk intelligence issues often take place due to a reduction in staff, or either increased in the workload of the staff members in the company. It also occurs due to change in control systems or either implementation in the new program and policy. It also happens due to the attitude of the staff and inadequate training provided to employees. It also occurs due to the ineffective controls and processes. All these risks create dissatisfaction among the employees and demotivate them to work in the company (Giannakis & Louis, 2011). Along with internal conditions of the company, issues occur in risk intelligence, but simultaneously external circumstances and changes also impact the company through increasing problems. Due to economic pressure increase over the business employees and partners, problems usually occur; rise, or either turn in the regulatory or business to business needs also enhances the risk. It also happens due to audits took by the external agencies and attacks conducted for achieving the access to systems and information through groups (Wu & Olson, 2010).
Recommendations for improvement to existing project level risk management activities in project portfolio management to enhance ERM capability
Project portfolio managers applying for the project portfolio management should optimize the value of the business. It is recommended that they should enhance the odds of all success through emphasizing over supporting companies in creating a well-informed selection of investment. They are also advised to pursue the level if the company needs the enterprise-wise changes as well as capabilities (Micheli, Mogre & Perego, 2014). It’s entirely worth to note the efforts, where enterprise PPM practices are constructed. It is also recommended that they should use the enterprise objectives and goals as the input to formulate and to drive the plans of PPM improvement.
References
Ansaripoor, A.H, Oliveira, F.S., & Liret, A. (2014). A risk management system for sustainable fleet replacement. European Journal of Operational Research, 237(2), 701-712.
Blackhurst, J.V., Scheibe, K.P, & Johnson, D.J. (2008). Supplier risk assessment and monitoring for the automotive industry. International Journal of Physical Distribution & Logistics Management, 38(2), 143-165.
Bogatai, D., & Bogatai, M. (2007). Measuring the supply chain risk and vulnerability in frequency space. International Journal of Production Economics, 108(1/2), 291-301.
Choi, Y., Ye, X., Zhao, L., & Luo, C. (2015). Optimizing enterprise risk management: a literature review and critical analysis of the work of Wu and Olson. Annals of Operations Research
Demarzo, P.M., Fishman, M.J., He, Z., & Wang, N. (2012). Dynamic agency and the q theory of investment. Journal of Finance, 67(6), 2295-2340.
Enterprise Risk management. (2017). Retrieved from, https://o2.ae/clients/etisalat/annualreport2017/en/iar.html
Gaudenzi, B, & Borghesi, A. (2006). Managing risks in supply chain using the AHP method. The International Journal of Logistics Management, 17(1), 114-136.
Giannakis, M., & Louis, M. (2011). A multi-agent based framework for supply chain risk management. Journal of Purchasing & Supply Management, 17(1), 23-31.
Goh, M., Lim, J.Y.S, & Meng, F. (2007). A stochastic model for risk management in global supply chain networks. European Journal of Production Economics, 182(1), 164-173.
Heckmann, I., Comes, T., & Nickel, S. (2015). A critical review on supply chain risk – Definition, measure and modeling. Omega, 52, 119-132.
Ho, C-T., Wu, D.D., & Olson, D.L. (2009). A risk scoring model and application to measuring internet stock performance. International Journal of Information Technology and Decision Making, 8(1), 133-149.
Hult, G.T.M., Craighead, C., & Ketchen, D.J. (2010). Risk uncertainty and supply chain decisions: A real options perspective. Decision Sciences, 41(3), 435-458.
Micheli, G.J.L., Mogre, R., & Perego, A. (2014). How to choose mitigation measures for supply chain risks. International Journal of Production Research, 52(1), 117-129
Nejad, A.E., & Kuzgunkaya, O. (2015). On the value of response time characteristics in robust design of supply flow. Journal of Manufacturing Technology Management, 26(2), 213-230.
Olson, D.L, & Wu, D.D. (2010). Enterprise Risk Management Models. Heidelberg: Springer
Sawik, T. (2011). Selection of a dynamic supply portfolio in make-to-order environment with risks. Computers & Operations Research, 38(4), 782-796.
Sun, Y., Apley, D.W., & Staum, J. (2011). Efficient nested simulation for estimating the variance of a conditional expectation. Operations Research, 59(4), 998-1007.
Wakolbinger, T., & Cruz, J.M. (2011). Supply chain disruption risk management through strategic information acquisition and sharing and risk-sharing contracts. International Journal of Production Research, 49(13), 4063-4084
Wang, S., & Huang, G.H. (2014). An integrated approach for water resources decision making under interactive and compound uncertainties. Omega, 44, 32-90.
Wu, D.D, & Olson, D.L. (2015). Enterprise Risk Management in Finance. Basingstoke, Hampshire: Palgrave Macmillan 2015.
Wu, D.D., & Olson, D. (2010). Enterprise risk management: A DEA VaR approach in vendor selection. International Journal of Production Research, 48(16), 4919-4932.
Wu, T., Blackhurst, J., & Chidambaram, V. (2006). A model for inbound supply risk analysis. Computers in Industry, 57, 350-365.
Wu, T., Huang, S., Blackhurst, J., Zhang, X., & Wang, S. (2013). Supply chain risk management: An agent-based simulation to study the impact of retail stockouts. IEEE Transactions on Engineering Management, 60(4), 676-686.
Xu, J., Zhou, X., & Wu, D.D. (2011). Portfolio selection using λ mean and hybrid entropy. Annals of Operations Research, 185(1), 213-229.
Zhang, J, Avasarala, V., & Subbu, R. (2010). Evolutionary optimization of transition probability matrices for credit decision-making. European Journal of Operational Research, 200(2), 557-567.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
