Enterprise Risk Management

ORiskLogoORisk – a positive approach to Enterprise Risk Management (ERM)

Is your Enterprise Risk Management (ERM) system universally accessible to your people and structured in such a way that you can capitalize on the opportunities revealed by ERM as well as manage risk?

Does your ERM system allow you to

  • Upload risk scenarios at all levels from the  boardroom to the most remote reaches of your enterprise?
  • Review and take action on risks and opportunities across the full management spectrum?
  • Report your enterprise risk profile in a comprehensive yet unambiguous single document?

These basic aspects of ERM are the essence of ORisk, a cloud based system that provides you with your own server dedicated to risk management and comes fully loaded with all the content needed to drive an enterprise strategy that balances entrepreneurship with comprehensive risk management.

Enterprise Risk Management

Kaplan and Mikes examined ‘the individual and organizational challenges inherent in generating open, constructive discussions about managing the risks related to strategic choices and argue that enterprises need to anchor these discussions in their strategy formulation and implementation processes’.  They concluded that ‘active and cost-effective risk management requires managers to think systematically about the multiple categories of risks they face so that they can institute appropriate processes for each. These processes will neutralize their managerial bias of seeing the world as they would like it to be rather than as it actually is or could possibly become’.  Notwithstanding the wisdom of Kaplan and Mikes in highlighting the tendency for strategic thinking to be overly optimistic and the value of risk management thinking in counter acting this intuitive but potentially dangerous approach, there is a way to achieve this balance in one system.

The University of Indiana contends that its’ ‘ERM framework effectively navigates through uncertainty and associated risks while enhancing opportunities and the university’s capacity to build value’.  Similarly, the approach at Purdue aims that ERM will ensure the seamless integration of strategic planning, recognize early warning risk indicators, link decisions with stakeholder values and drive sustainable synergies.


ORisk pursues the future of ERM by integrating risk management into strategy in a way that incorporates the wide view of ISO 31000 but adds the power of a cloud based approach to harnessing the intuitive input of all members of the enterprise.

The eclectic approach built into ORisk allows the enterprise to load any risk at any level, have that risk reviewed across the full management spectrum and report the enterprise risk profile in a way that drives corporate sustainability by maintaining a spirit of entrepreneurship while ensuring that risk management is always at the forefront of all enterprise activities.

ERM in human services

The ‘Managing Risk In Community Services: A Preliminary Study Of The Impacts Of Risk Management On Victorian Services And Clients’  concluded that ‘central to the rationale for risk management, as developed in Australia, New Zealand, Canada and the United Kingdom, is the importance of improving service delivery, enhancing innovation, and effectively managing change.  In addition it was noted that ‘broad and sweeping agendas for risk management in the public sector suggest its role is much wider than the traditional function of controlling specified primary and operational risks. Rather, risk management was increasingly identified as integral to general efficiency and effectiveness of reforms and change management strategies.

From a practical perspective the most telling finding is that risks associated with governance and accountability systems were emphasised by CEOs and senior managers from community service organisations (non-government services). Participants from public agencies reported that they had well-established infrastructure and systems in place for quality assurance, auditing and reviews, along with specific-purpose software to record, track and follow-up risks, access to lawyers for legal advice, and other resources. Participants from community service organisations highlighted constraints in implementing reliable governance systems as a direct result of ‘infrastructure problems’, mainly due to limited finances or a lack of dedicated funding set aside for the emerging systems requirements necessary for effective governance. To illustrate, the CEO of a specialist disability service claimed that implementing risk management systems was costly, particularly in terms of administration, citing that 20 per cent of the budget was needed for administration whereas their funding department had suggested that 12 per cent was adequate. These uneven pressures on agencies and their differential capacities for risk management depending on size and government or non-government status was a major finding of our study.  Finally, this study concludes that ‘most service providers have adopted risk policies and procedures which are based on different assumptions, namely those about the primacy of protecting their organisation, clients and staff. Although reasonable, these assumptions may not adequately address the broader realities of today’s focus on human rights, individualised care, partnerships, collaboration and the role of service consumers in their own care. ∙ The complexity of care and the range of risks involved will inevitably increase in these contexts. The findings of this project would support consideration of a common framework for service providers in their approach to care planning and decision making with clients and their representatives.

ORisk Approach

Drawing from both the broader context of ERM and addressing the specific need for a more complete approach to risk management in the care and community environment, ORisk has developed a risk management system that allows all team members to be risk owners, can extend risk participation outside the enterprise and allows management to mitigate and report risks across the full spectrum of the enterprise’ activities.  Users of ORisk can be confident that they are addressing enterprise risk in a way that reinforces strategic direction but still allows all risks to be presented from the risk owners or observers perspective.  This is a critical aspect for achieving the full range of benefits that Enterprise Risk Management can deliver.

To learn more about how ORisk can help you incorporate strategic expansion alongside a comprehensive risk strategy go to email orisk@openrationale.com.au.