Skip To The Main Content
News & Updates

An upside to risk?

  • SIMA
- Posted: June 12, 2018
By Joseph Milan

Risk management is more than just attempting to minimize events with negative consequences. Trailblazing approaches to risk management create value for an organization by simultaneously reducing the impact of negative outcomes and increasing the benefits of positive outcomes. Although the concept of “exploitation of risk” may seem intuitive, many organizations do not understand the difference between downside and upside risk. For example, strategic initiatives such as mergers and acquisitions or investment in new infrastructure often represent a greater potential loss - and gain - to an organization than traditional sources of risk. 

Traditional approaches to risk management focus primarily on financial and operational risks. In the snow and ice removal industry, traditional risk management functions include transferring risk through contracts with clients and the purchase of insurance policies. Operational risk management functions may include loss prevention and safety programs to help reduce work-related injuries, liability claims and property damage. 

ERM theory and snow and ice
Enterprise risk management (ERM) focuses on the upside of risk as much as the downside and pushes traditional approaches to risk management into the space of supporting decision-making and strategic planning. ERM tools and techniques can be applied to important business decisions such as how to invest in new technology, improve efficiency, and even convert risks into opportunities for the organization. By framing important decisions and quantifying the uncertainty around the possible outcomes associated with decisions, ERM makes a valuable contribution to the strategic planning process. 

A two-hour workshop developed by the Risk Management Society (RIMS) at the 21st Annual Snow & Ice Symposium will focus on this new approach to risk management and provide insight to implementing comprehensive risk management programs that create tangible value for your company and your clients’ companies. 

Five-step process
The workshop is based on the RIMS 5-step ERM success trajectory model:

1. Commitment
. The commitment stage addresses important organizational cultural considerations and how to establish connections between strategic goals, objectives and specific risk management processes. For example, an organization may have a stated commitment to a “culture of safety.” However, bridging the gap from a high-level value statement and measurable outcomes such as reductions in frequency and severity of work-related injuries or third-party claims requires careful and explicit integration of process related to risk identification, analysis, evaluation and treatment that are often overlooked.

2. Design. The design stage focuses on how to build an ERM program that incorporates tools to measure the maturity of a program, write guidelines and documents, and allocate resources to the program. Most successful ERM programs are decentralized and require the people who are closest to the risk to be actively involved in the risk management process. Therefore, training programs are particularly important to help risk-owners throughout the organization understand their responsibilities for managing risk and reporting on effectiveness of risk treatments. 

3. Activation. The activation stage incorporates examples of how to utilize risk analysis tools, risk registers and dashboard reports to create aggregated reports of the risk profile of an organization. Quantitative, qualitative and hybrid approaches to risk analysis will be reviewed to help attendees decide which methodology works best for their organization. Regardless of the methodology employed to identify, measure and evaluate risk, the connection between organizational objectives and ERM outcomes will be reinforced.

4 + 5. Monitoring and Improving. Finally, the monitoring and improving stages address how to incorporate feedback loops that apply not only to the risks faced by the organization but also the risk management process. Key to these stages is to incorporate the organization’s appetite and tolerance for risk. Often, organizations are not aware of the risk they have taken on because of a lack of clarity around what represents an acceptable level of risk for the organization. Examples of risk philosophy statements will be reviewed to help motivate attendees to develop parameters around acceptable risk levels for their organizations in order to support conversations about resources allocation to manage risk. 

The workshop will also address common implementation obstacles to help attendees better prepare to begin an ERM journey. Although other ERM workshops focus on the more academic aspects, this workshop is inherently practical and tackles head on many of the challenges faced by organizations regarding implementing ERM. For example, having a clear understanding of value creation from ERM is a commonly cited reason that implementations fail. Therefore, we will look at ways to quantify and communicate expected benefits of an ERM program.

Overall, the main goal is to demonstrate how to foster collaboration among business units and with key risk functions to create long-term value. 

Jump start solutions
  • Understanding the level of risk your company is willing to accept is key to ERM success.
  • Utilizing ERM can bring value by identifying the ups and downs of risk.
  • Implementing ERM tools requires understanding and clear communication.
Joseph Milan is principal of JA Milan and Associates, LLC. Learn more about RIMS at and email Milan at
[Login to add acomment]