Back to Insights

A Deeper Look: Understand Your Company's Risks with an Enterprise Risk Assessment

Mark G. Metzler, CPA, CGMA, CEPA
Mark G. Metzler, CPA, CGMA, CEPA Director, Audit & Accounting

This article originally appeared in the June 2018 issue of Smart Business Philadelphia magazine.

Mark G. Metzler, CPA

Business owners are accustomed to dealing with risks. Most, if not all of them, understand the relationship between risk and reward. However, a second relationship is equally important: the relationship between risk and awareness.

“Taking risks is not in itself a problem, but ignorance of the potential consequences is an entirely different matter,” says Mark G. Metzler, director of Audit & Accounting at Kreischer Miller.

Smart Business spoke with Metzler about the benefits of an enterprise risk assessment.

What are the types of risk?

There are generally four types of risk: financial, operational, regulatory and reputational. If one were to dwell solely on the risks, it is easy to  become paralyzed and ignore the rewards of owning and running your own business. Therefore, it is critical that you not only understand your company’s top risks, but also implement processes and procedures to effectively assess, manage and monitor risk. This is commonly referred to as an enterprise risk assessment.

Looking more closely at the types of risk, financial risk refers to safeguarding company assets, which include hard assets like cash and investments, inventories, and property and equipment, as well as soft assets such as customer lists, intellectual property and trade secrets.

Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. Because people, systems and processes are not perfect, operational risk cannot be eliminated.

Regulatory risk relates to compliance with laws and regulations, and reputational risk addresses the company’s public image, which may be a company’s biggest and most important asset.

Arguably there is a fifth risk, cybersecurity, that should be included in the list. However, cybersecurity is an element of all the risks previously described and must be considered in any risk assessment.

What is an enterprise risk assessment?

An enterprise risk assessment is a process through which management identifies significant threats that would prevent the company from meeting its stated goals and objectives. It assigns specific responsibility and accountability for developing controls to mitigate risk. It also implements those controls and monitors the controls to verify that they are working as intended.

It is important to have the perspectives of all of the stakeholders in order to perform an effective enterprise risk assessment. This may include the owner, senior management, sales, operations, production, suppliers and customers. Additionally, for certain discussions, involvement of your accountant, legal counsel, banker and insurance broker may be appropriate.

To be successful, contrary views must be encouraged. Surrounding oneself with ‘yes men’ will ensure that bad news is never heard in a timely manner and may result in a decrease in information sharing. Gathering perspectives from individuals who are ‘on the ground’ helps leaders understand what risks could have the most significant impact to the company over the next few years.

In an enterprise risk assessment, the stakeholders share their views of the risks that can impact the business. The findings are then prioritized and rated based upon their risk and probability of occurrence, and potential business impact. A formal action plan is developed for risks falling outside of acceptable levels, and individuals are assigned responsibility for implementing and monitoring risk mitigation plans.

What can a business owner hope to achieve by performing an enterprise risk assessment?

An enterprise risk assessment helps to align risk with strategy. Other benefits include enhancing risk response decisions, creating more efficient operations,  providing for proper resource allocation, improving the company’s reputation and possibly lowering insurance costs. Understanding potential pitfalls and  developing a predetermined response can decrease the likelihood for negative outcomes.

There is risk associated with every business venture. Without risk, there may be little reward. Business owners therefore need to understand the risks that exist in their companies and how they can minimize them. ●

Mark G. Metzler can be reached at Email or 215.441.4600.

You may also like:

Contact the Author

Mark G. Metzler, CPA, CGMA, CEPA

Mark G. Metzler, CPA, CGMA, CEPA

Director, Audit & Accounting

Employee Benefit Plans Specialist, Owner Operated Private Companies Specialist, Private Equity-Backed Companies Specialist

Contact Us

We invite you to connect with us to discuss your needs and learn more about the Kreischer Miller difference.
Contact Us
You are using an unsupported version of Internet Explorer. To ensure security, performance, and full functionality, please upgrade to an up-to-date browser.