Enterprise Risk Management: Concepts and Processes

Subject: Decision Making
Pages: 6
Words: 1710
Reading time:
6 min
Study level: PhD


The impact of risks affects all the aspects of any enterprise, worsening its financial position, marketing opportunities, abilities to meet its obligations, and other perspectives. The main reasons for the emergence of risks are the globalization of markets, increased competition, increased availability of information flows and databases, and the complexity of the business. These and other reasons have two possible implications. On the one hand, they increase possible risks, and on the other hand, they form the ability to manage them. For any organization, whatever field of activity it is engaged in, risk management means identifying, analyzing, and regulating those threats that can harm its property and profitability. As an example, the case of Caremark will be taken, the company that found itself involved in serious problems caused by an inadequate policy of risk assessment and management. Further, the analysis and assessment of threats affecting the operation of the enterprise will be performed. Also, benefits for stakeholders will be considered, as well as Caremark’s gaps regarding this area of ​​work. It is supposed that the establishment of an effective risk management system at the enterprise will allow reducing threats to a minimum level and preserve the budget and competitiveness of the organization.

The Concept of Enterprise Risk Management and Its Benefits for Business Stakeholders

In the market economy, a significant portion of risks is at the level of a separate firm and personal entrepreneurs. Since threats related to economic activity are objectively unavoidable, the first condition for their management is the ability to reduce them to the highest possible level (Bromiley, McShane, Nair, & Rustambekov, 2015). To do it, it is essential to know the general and specific causes of a particular type of risk, determine the circumstances under which it occurs, assess the likelihood of its occurrence, and compare benefits and possible losses.

Risk management concepts are a dynamic environment for testing numerous tools for assessment, analysis, and regulation. Methods are constantly evolving and improving. In the recent past, fragmented and episodic approaches to risk management were used (Bromiley et al., 2015). They were based on the assumption that little can be done to predict and manage the level of threats and focused on mitigating or eliminating their consequences. In other words, a passive approach to management was applied. Modern models are based on an active professional position that implements an integrated, continuous, and expanded approach.

The strategy for managing risk events is formed by the managers of a specific enterprise. As a rule, all the problems solved by the governing board are reduced to two main ones – to preserve a base capital (shareholder value) and create an additional (new shareholder value) (Brustbauer, 2016). The ratio of these two positions determines the ideology of the business leader’s attitude to the term of risk. Many of the responsible persons traditionally rely on the threat management methods that underlie a static concept, which is considered a classic approach. It helps to significant but sustainable development in the conditions of the required prevention and reduction of losses. It brings benefits to stakeholders and certainly helps in the process of organizing the work of a particular enterprise and planning its all future activities. Therefore, the process of enterprise risk management plays an essential role in the work process and has certain advantages that are reflected in the preservation of budget and the competitiveness of a particular venture.

The Roles of Ethics and Knowledge in the Caremark Case

In terms of ethical issues, the Caremark case reveals some nuances that could have been changed to build stakeholder confidence in the company. Thus, for example, Bainbridge (2009) claims that the directors of the corporation consciously ignored their responsibility and violated “their duty of loyalty by failing to discharge that fiduciary obligation in good faith” (p. 977). Also, it is important to note the fact that the managing board consciously did not control all the operations, which was a violation of the rules for ensuring the financial stability of the enterprise and protecting its budget. Such indifference to necessary measures of protection is an indicator of directors’ incompetence and lack of sufficient knowledge about doing business in a competitive and market economy.

Ethical issues concerning not only the incompetent management of the corporation but also legal proceedings were a significant problem for the leadership of Caremark. As Bainbridge (2009) notes, “Caremark should insulate risk management from judicial review,” which means that the corporate principles of work provide for the independent resolution of problems related to threat control (p. 984). The lack of knowledge about the peculiarities of enterprise risk management became a problem for the company’s directors, which resulted in significant losses and the loss of clients’ and shareholders’ interests. Taking into account the norms of threat control could be an effective way to protect the company’s resources. Nevertheless, the directors did not show initiative regarding this issue, which became a fatal mistake and entailed all further problems. It once again proves the need for timely implementation of the risk management policy and the calculation of all development prospects. Regardless of the scope of work and the authority of the corporation, specific measures to support business should be conducted.

The Caremark Case’s Gaps Related to Enterprise Risk Management

When assessing risks, it is possible to make many mistakes and receive incorrect results. In the case of Caremark, there were significant gaps that led to problems and caused dissatisfaction among many stakeholders. Thus, for instance, the company did not regularly update the methodologies used for risk assessments. It was the reason for the discrepancy between the principles of management and calculations and current market conditions. Moreover, the lack of professionalism of the participants in the assessment process is a significant obstacle to obtaining qualitative input data. According to Brustbauer (2016), new threats should go through the process of analyzing and planning the response strategy. If it is not done, there is a danger to the assets of the enterprise and its sustainability in the market. The leadership of Caremark did not make enough efforts to carefully calculate the possible profits and costs of the corporation, which led to financial problems and subsequently caused litigation and discontent among shareholders.

Another major gap that was admitted was the inefficient use of available resources to monitor and evaluate the success of the enterprise. As Lam (2014) remarks, if it is possible to accumulate the statistics of risk events, over time, it is possible to move from qualitative assessment of the probability of risk (an expert method) to quantitative evaluation. However, the specialists of Caremark did not resort to such a strategy, which became one of the key mistakes in the process of work. Consequently, constant monitoring of current financial assets, as well as timely regulation of management practices, can provide an opportunity to conduct a competent and successful risk assessment policy for a particular enterprise.

Enterprise Risk Management Concept and Processes

Enterprise risk management allows the leadership to effectively operate in the face of uncertainty and associated threats and to take advantage of opportunities, thereby increasing the potential for the company’s value growth. This indicator will be maximal if the management determines the strategy and objectives to ensure the best balance among the growth of the company, its profitability, and threats. Thus, the governing of any venture includes determining the level of risk that an organization is prepared to take in accordance with the development strategy (Lam, 2014). Also, this concept includes improving the decision-making process for responding to emerging threats (Lam, 2014). Another process is the reduction in the number of unforeseen events and losses in business (Lam, 2014). Finally, the rational use of capital is also part of the risk management concept (Lam, 2014). Taking into account all potentially possible events, the leadership is able to identify the areas of potential opportunities and actively use them.

In the case of Caremark, the relevant provisions of the threat management concept were not taken, which caused resonance and problems in the enterprise. If the directors had timely resorted to the introduction of processes to optimize the operating regime of the corporation related to the financial security of assets, the problems would not have manifested themselves to such a strong extent. However, efforts were inadequate, and the result was the loss of stakeholder confidence and financial problems.

The Roles of the CRO in Relation to Caremark

The activities of any large company are subject to an increased level of risk caused by the need to focus on individual customer requirements and the necessity for interchangeability of resources. In order to minimize potential threats, some enterprises resort to the help of contract research organizations (CROs). These organizations are enterprises that carry out one or more of the sponsor’s duties and functions in the framework of a contract (Lam, 2014). With respect to the Caremark corporation, such assistance could have made a significant contribution to developing the policy of protecting the company’s budget and assessing its possible risks.

The role of CROs in the process of Caremark’s work could have been significant if appropriate changes had been proposed by qualified and experienced employees. Thus, proceeding from the problems of the corporation under consideration, it was extremely important for it to have the necessary system of monitoring and evaluation of financial risks. For these purposes, professional analysts could have developed a special plan and proposed ways to implement it. According to Lam (2014), “a CRO would also benefit companies in which the full breadth of risk management experience does not exist within the senior management team” (p. 61). Therefore, the help of professionals can be a good source of solutions to problems associated with inadequate financial policies.


The establishment of an effective risk management system at the enterprise helps to reduce threats to a minimum level and preserve the budget and competitiveness of the organization. The use of appropriate strategies to assess the current state of a particular enterprise and to search for possible improvements is the component of successful management. The help of CROs at the stage of finding the right ways to avoid a crisis can be useful. The case of Caremark confirms the need for relevant measures regarding the protection of the organization’s funds and maintaining shareholders’ confidence.


Bainbridge, S. M. (2009). Caremark and enterprise risk management. Journal of Corporation Law, 34(4), 967-990.

Bromiley, P., McShane, M., Nair, A., & Rustambekov, E. (2015). Enterprise risk management: Review, critique, and research directions. Long Range Planning, 48(4), 265-276.

Brustbauer, J. (2016). Enterprise risk management in SMEs: Towards a structural model. International Small Business Journal, 34(1), 70-85.

Lam, J. (2014). Enterprise risk management: From incentives to controls (2nd ed.). Hoboken, NJ: John Wiley & Sons.