Enterprise Risk Management


In today's business world risk is a central part of all corporate activities. Margins are tighter and the competition in the international market is getting tougher. New companies take part in the competition while established corporations either adapt to significant changes or withdraw from specific markets. This developmental process can be observed almost every day in the international economy. When companies fail to adapt to new circumstances this is often due to an excessive risk exposure and occurring threats. In contrast, new entrants in the market thrive on the opportunities and succeed big time – flying high. Both opportunities and risks impact corporate development. In business, risks can be seen as the possibility to deviate from goals; risks result from the unpredictability of the future and occur because of “random” disturbances; a certain loss is therefore not a risk.


Management always aims at steering the company through possibly risky passages in such a way that it gets as close as possible towards its objectives, while at the same time making sure that the owners’ as well as management’s tolerance of residual risk is not exceeded.

From a “vulture’s eye view” the potential dangers are withdrawal of business license, lack of cash flow and negative equity or insolvency. Enterprise risk management (ERM) aims at identifying potential threats due to lack of cash flow and financial strength; ERM also integrates the compliance with laws and regulations and initiates appropriate measures for securing corporate footing.

To keep companies from damage it is not sufficient merely to list and identify risks; risks must be evaluated and controlled with regard to their potential to threaten the very existence of the company. For identifying and controlling risks of non-compliance CRISAM® provides content libraries which can be extended and specified according to the industry. In order to control liquidity and financial risks CRISAM® provides tools for analysing the unpredictability of the future by means of statistical methods and for identifying measures.

Rome wasn’t built in a day; similarly ERM cannot be set up in one go – it is a step by step process of continuous improvement. CRISAM® supports this process and provides a 5 step maturity model according to CMMI (capability maturity model integration). In stages 1 and 2 a risk management process is set up for a qualitative assessment of risks and for making a risk inventory. Starting from stage 3 risks are monetarily assessed and evaluated within a range of scenarios from worst case to best case. Thanks to this monetary quantification potential risks can be linked to business planning. Starting from maturity level 4 a connection between the risk management process and corporate planning is established by means of bandwidth planning. The highest maturity level, within the CRISAM® maturity model, is reached when bandwidth planning is used as an essential input on corporate management.

  • INITIAL: Only major risks are identified, qualified and displayed individually. Risk reports are issued when needed.
  • DEFINED: Risks are reliably and fully captured (at least qualified) and documented. Managers are informed through reports in cyclic intervals.
  • MANAGED: The risk management process uses a documented traceable method. Risks are quantified and aggregated. Measures are recognised and assessed in their entirety.
  • MONITORING: Opportunities and risks are assessed and aggregated as a corridor covering a range of possible deviations from the target (related to corporate planning or the company’s risk strategy). Measures are included together with their benefit-cost ratio.
  • OPTIMISED: The risk-based planning process is an integral part of strategic management. The risk management system is directly connected to the company’s control systems.

CRISAM® accompanies you from initial level 1 up to bandwidth planning and risk-based management at level 5. The process of continuous improvement (CIP) helps you to bring your risk management process to the level of maturity that is required for your business; it is a step by step approach so there is no need to start from zero at every single stage.