The Importance of Ecosystem Risk Management (ECORM)
Christina Kite is a member of the MIT EMBA class of 2014.
In business, you’re only as good as the decisions you make. However, a big part of most decisions involves uncertainty.
Risk management is the process of dealing with uncertainty, and is something we study at MIT to learn how to make better decisions. Effective risk management includes:
– identifying and recognizing sources of uncertainty;
– measuring and assessing the frequency of occurrence and severity of the impact of the risk; and
– evaluating alternative approaches to wear, transfer, mitigate or take advantage of the risk.
A New Approach – ECORM
Building on that foundation, I’ve created a new approach to risk management that I call “ecosystem risk management” or “ECORM,” which is a subset of enterprise risk management (ERM). This approach focuses on external risks that come from government, regulators, community, the general public, suppliers, vendors and partners. It also could come from shareholders, investors and customers.
Think of it like the internet and intranet. ECORM is part of ERM, but it gives you a closer view to inter-enterprise risk management.
Getting Caught Off Guard
In the last few years, a lot of organizations would have benefited from an ECORM approach, as they’ve been caught off guard by external risk. Just look at the security breaches at Target. The risk that came from a third party wasn’t being managed. However, that risk was huge and impacted the community’s perception of the company.
Breakfast of Champions
ECORM is about looking at risk from the different viewpoints of the shareholder, customer, investor, regulator, government, community, vendor, partner and supplier. How do you quantify the risk among those different stakeholders to come up with your own ecosystem risk profile? How will you continue to measure and monitor that profile as it changes over time? This is an outside-in view of an organization rather than inside-out view.
To create an ecosystem risk profile, you need to determine the leading indicators of customer satisfaction, regulatory compliance, supplier satisfaction, vendor satisfaction, etc. This type of 360-degree view is critical for companies, yet how many actually do it? And if they do perform such a review, how often do they repeat it? The answer is: not often enough. Yet feedback is the breakfast of champions as long as you can digest it.
Some of the indicators for best practices are being created on the fly. The Dow Jones Sustainability Index is a good case in point. If you’re not using it today to determine if you’re a green organization, you should be. In the partner/vendor/supplier realm, do you ask for a satisfaction rating? More importantly, do you tie employee bonuses to that rating? Are customers’ satisfaction ratings tied to bonuses?
ECORM is intended to turn the perceptions you might have about your company into actual knowledge. You need to know if you are where you want to be or if you need improvement. If you need improvement in one area, will it impact another? Are there interdependencies? You’ll find answers with an outside-in view of your organization.
How do you manage external risk in your organization?