I like John A. Wheeler’s comments because he says successful ERM requires investment in people first, followed by process and technology respectively. Far too often, organizations go out and buy some technology and say “go do risk management” when there are no processes or buy in from the top. (Well, perhaps this doesn’t happen everywhere, but it happened once to me so I can speak from experience.) Once you have the people and the processes then you can spend some money on a tool; until then, most organizations can manage their risk list with Excel or Word since the person who owns the risk management process, will likely be the only person managing the data in the early days.
Wheeler also addresses culture. I am a big fan of culture and organizational behaviour and have a Jeffrey Pfeffer Award from my MBA class to show for it.
This is why I say that any accounting professional can do a risk assessment but that does not qualify them to be responsible for and ERM project. To be an ERM practitioner you need to know about cultural analysis, process improvement, communication, change management, and strategy as well. Like me.
By: John A. Wheeler
- Reassessing risk culture
- Expanding ERM to cover more types of risk
- Involving the board and senior executives more in ERM
- Involving all employees in ERM
- Reinforcing the role of the Chief Risk Officer
As companies look to address these challenges, investments must be made to support ERM in an effective and efficient way. Investments will be required in three main areas and in the following order – people first, process second and technology third. The order here is essential, as I will explain below.
People investments will take the form of enhanced training and change management as companies work to change the risk culture and educate all employees about their specific role in risk management going forward. Investment may also be required to enhance the skills and capabilities of those responsible for leading the ERM efforts, including the elevation of the Chief Risk Officer as a corporate champion. This investment is critical in laying the foundation of a successful ERM program. Without the right leadership and culture, the effort is doomed to fail.
Once a solid foundation is in place, then the new processes can be implemented to support the program. From a process perspective, investment must be made to streamline and integrate the various forms of risk management across the entire enterprise. This investment may be the source of the greatest return for most companies since much of the risk management activity to date is redundant across the enterprise. In addition, supporting processes need to be enhanced as well. Processes such as strategic planning and incentive management that have a major impact of the direction and behavior of an organization must be effectively integrated and reconciled with the ERM program.
Finally, these new and enhanced processes will require automation to optimize the efficiency as well as the transparency of the successful ERM program. An investment in a technology platform, such as OpenPages, is the thread that binds an ERM program together and provides the mechanism to sustain an ERM program over the long-term.
Following this recipe for ERM investment and improvement will not only lead to more effective risk management practices, but also ultimately to a more efficient enterprise and greater long-term profitability.