Water Journal : Water Journal August 2011
governance refereed paper technical features 66 AUGUST 2011 water risks from all sources for the purpose of increasing the organization's short- and long-term value to its stakeholders." (Casualty Actuarial Society, 2003) "Risk Management Framework: Set of components that provide the foundations and organizational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organization." (AS/ NZS ISO 31000:2009) However, while ERM should contain the elements of Risk Profile, Risk Appetite and Risk Tolerance, even as late as 2009 there was no common understanding or consistency in the comprehension of these terms (Carpenter, 2009). Further, while ERM was originally developed for understanding and managing fiscal and economic risks, it has now evolved to include other aspects such as stakeholder and environmental values, including corporate social responsibility as part of defining an Table 1. Some ERM definitions (Carpenter, 2009; AS/NZS ISO 31000:2009), descriptions and examples (see also Table 2 for supporting information). Term Description Examples of What is Involved Risk Profile The broad parameters a firm considers in executing its business strategy in its chosen market space. ISO 31000 uses the term 'Establishing the Context -- Defining the external and internal parameters to be taken into account when managing risk, and setting the scope and risk criteria for the risk management policy', as well as a specific definition of 'Risk Profile -- Description of any set of risks'. Understanding your risk profile also includes identifying and assessing your organisational risks. ISO 31000 presents an overall set of principles that can be used to help an organisation fulfill this requirement. Understanding the operating context of the organisation -- includes understanding your key stakeholders, their value drivers and their priorities -- e.g. a financial regulator might be more concerned about fiscal responsibility and compliance, whereas a resource stakeholder may be more concerned about water quality and quantity. Stakeholder register. Compliance register or manual. Scope of the risk assessment. Organisation-appropriate risk matrix for chosen corporate values -- for a utility this can include infrastructure management, public and worker health, environment, climate change etc; includes impact and likelihood. Corporate risk register (clearly articulating the risk criteria identified as part of the operating context), the events that could occur from not meeting those criteria, the outcomes, risk scores (including uncertainty, maximum and residual risk), treatments (controls) and actions to resolve the identified issues (including the risk owner). Risk Appetite The level of uncertainty a company is willing to assume given the corresponding reward associated with the risk. ISO 31000 uses the term 'Risk Attitude -- [An] organisation's approach to assess and eventually pursue, retain, take or turn away from risk'. High risk appetite = acceptance of more uncertainty for a higher reward. Low risk appetite = less uncertainty and acceptance of a lower return. At the board level, the risk appetite statement is usually a qualitative definition, usually against strategic corporate objectives and drivers, which is then articulated into practical implementation at the management level including development of quantitative risk tolerances. Risk appetite metric (Table 2). Clear articulation of risk appetite ratings against each of the identified risks to organisational objectives. Risk Tolerance The limits of an organisation's capacity for taking on risk. Clear articulation of tolerances the organisation is willing to work within. Can use a combination of qualitative, semi-quantitative and quantitative metrics to describe risk tolerance, and used as a basis for monitoring. The tolerances should be used to help set corporate KPIs. Figure 1. Board and management responsibilities in ERM (modified from Korthals and Chase-Jenkins, 2010).
Water Journal September 2011
Water Journal July 2011