Enterprise Risk Management

Enterprise Risk Management

Collectively and individually, crises are serious threats that can become an opportunity to revamp. Clear governance, a flexible decision-making structure and defined responsibilities are the preconditions to face crises effectively. These can be developed within Enterprise Risk Management (ERM) system that allows to assess worst-case scenarios and impact analysis based on magnitude, probability, timing, directness and purpose, to develop the strategy accordingly.

ERM is a set of strategic tools introduced to protect a company from the consequences of external or internal events that could prejudice its operational and financial performance, market reputation and damage its business seriously. It includes Business Continuity plan and the respective Disaster Recovery plan.

Compliance with laws and regulations - Italian Dlgs. 231/2001, UK Bribery Act or US FCTA and AACA - is often perceived as a burden, an obstacle that slows down business. However, compliance factor can become an opportunity that rationalises processes, makes a company more trustworthy and attractive; finally, to shelter the company, its supply chain and its clients from damages.
The design and implementation of systems and Organisational models is only part of the process. The effectiveness of a strategy depends on an appropriate and consistent communication plan as well. It is an essential part of the overall strategy that helps to re-establish trust among stakeholders, enhance the reputation and create confident expectations to investors, clients, suppliers.

SSC Strategia & Sviluppo Consultants provides an overall ERM specific for SMEs needing to expand their business and locate new targets, have access to new valuable clients or tap capital markets. Solutions either can be customised to a specific field, activity and project or related to the company as a whole.
Components of Enterprise Risk Management
Business Continuity plan
It is a preemptive emergency system that includes resources, staff, devices and procedures that intervene in case of any emergency in order to assure an acceptable level of production, delivery, customer care and communication until the normality will be restored.
Disaster Recovery plan
It is a set of activities aimed to restore the procedures and productivity in the afterwards of a “disaster”. The aim is not only to recover the operations as soon as possible but also to prevent of future disasters, by identifying the weaknesses and analysing possible exposure to adverse circumstances..
Business Continuity and Disaster Recovery plans are strictly connected: the former assures that the company can keep on doing business despite an emergency that could drive it to a standstill, whereas the latter intervenes on the impact of such adversity onto daily operations.

We build ERM in five steps:


Hazard and Risk analysis

A preliminary analysis of current process, activities and technology and infrastructures; the quantity and nature of the potential hazards which can affect them and an evaluation of the probability and impact on the business.

Evaluation of current Risk management system and gap analysis

The second phase consists of a thorough audit of the checks, control points and procedures already adopted from the company to deal with such risks. Gap analysis aimed to identify the solutions to be adopted.

Integration of the Risk management system

Implementation of the solutions found to integrate the existing ERM following a PDCA scheme:
• Planning the steps of the intervention along a timeline shared with the company
• Doing by supporting the company in the realisation of the different tasks
• Checking the appropriateness and accuracy of the solutions found
• Acting by modifying, removing or integrating them in order to make them more suitable for company needs.

Stress and challenge tests to evaluate the effectiveness of ERM

Once the ERM has been completed, it must be tested in a simulation to analyse its effectiveness:
• Stress Test to evaluate hard factors like infrastructures, systems and IT
• Effectiveness Test to evaluate in terms of effectiveness the response of human factor and organisation
• Possible adjustment

Reporting and communication with external stakeholders

ERM systems are fundamental for the reputation of the company. This is why communication should be based on stakeholders profiling, clearly defined goals and targets.
Benefits of introducing ERM
Introducing a competitive advantage
Companies renowned for having implemented an effective ERM system can be in a stronger bargaining position when it comes to attracting investment, initiating new activities, entering new markets, and negotiating contracts.

A strong and reliable ERM system enhances company’s reputation, building trust with the stakeholders. For instance, by introducing ERM the supplier demonstrates a particular attention to the clients’ interests.
Improving processes & strategy
ERM represents the ability to forecast events, assess them and take the necessary steps in the overall strategy. It is also an effective mean to protect clients’ business from being impacted indirectly from supplier’s potential difficulties.
Reducing compliance costs

A preemptive ERM helps companies to reduce the costs of dealing with unforeseen emergencies, external shocks and prevent the company from being involved in any kind of prosecutions.
Discover other services that we offer

Discover other services that we offer