Difficulty to understand the industry vernacular may be part of why a study showed 89% of executives said they wanted to build an Enterprise Risk Management (ERM) process into their organizations; Yet only 11% of their companies had completed the implementation.
Whatever level of risk management, change management or similar process your company has in place, sometimes people like to obtain working definitions without having to ask the expert who enjoys using hard to understand acronyms.
Five of the primary aspects of Enterprise Risk Management follow:
1. Does ERM focus only on money?
While money is the language of business, ERM goes beyond dollars and cents. In a natural disaster, the safety of employees is a paramount concern. Transactions with customers contain an element of privacy. Safety and privacy are ethical issues.
2. What activities does ERM involve?
There are eight fundamental ERM activities: (1) determining the organization's risk appetite, (2) setting organizational objectives that reflect that appetite, (3) identifying internally and externally potential risk events, (4) assessing the level of risk associated with these risk (5) developing and implementing a pro-active plan to address those potential risks, (6) establishing and implementing control policies and procedures, (7) gathering information and communicating it to people in time for them to fulfill their risk management responsibilities , And (8) continuously monitoring the program and making adjustments as needed to keep the ERM program current and relevant.
3. What are ERM deliverables?
ERM does not stand apart from other parts of the organization. The program delivers include objectives that reflect management's risk appetite; Risk assessment and planned response; Monitored compliance with adequate internal controls; And implementation of a communication plan.
4. How do I know whether our ERM program is a success?
Determining whether an organization's ERM program is a success is ajudgment call. The judgment is based on the effectiveness of the eight ERM activities. Are the program deliveries and risk responses effective?
5. How does ERM fit into the goals and structure of the organization?
The eight ERM activities (reference question 3) are applied across strategy, operations, reporting, and compliance. ERM is integrated through the organization's structure such as subsidiary, business unit, division, and entity levels.
With a better understanding of ERM terms added to your vision, create an initial draft of your risk management program or process to get from here to there. An old adage is to Plan the Work and Work the Plan. Break the plan into detail steps or milestones you can monitor by time and assign responsibility to. Those smaller chunks build self confidence and provide the ability to check in to make revisions on the upcoming steps. There is a reason people say inch by inch, life is a cinch.