Authored by Cassandra Walsh and Corey Parker
Enterprise risk management (ERM) has long been a powerful tool for organizations looking to optimize their risk management functions. Now, more than ever before, we are seeing an uptick in organizations embracing and leveraging the risk-aware culture to move their ERM program forward.
ERM is the framework through which organizations proactively identify, assess, mitigate, monitor and respond to risks and opportunities. Integrating ERM into an organization’s daily culture and operations will provide a channel toward informed decision-making, coordination of risk-related activities and a link between the organization’s strategic plans/objectives and the enterprise risks, while flowing down to all risk-related activities and decisions.
Before embarking on the ERM journey, it is critical to develop a foundation that provides an ERM framework customized for the unique aspects of the organization.
While there is no one-size-fits-all or cookie cutter approach to ERM, an organization’s risk management activities can quickly become disconnected, inconsistent and/or siloed without a sound ERM framework. An integrated ERM framework will enhance decision-making and risk management activities, leading to a consistent and proactive approach across the organization.
The creation of an ERM framework will drive not only accountability over time, but it will transform risk management into a sustainable business approach that integrates seamlessly into the daily routines across the organization and links to the strategic goals and objectives of the organization.
Risk management activities are already an active component of most organizations. It can be challenging from the inside of an organization to conceptualize an ERM framework. In fact, this is where most stop: asking, “Where do I start?” A critical first step in laying the foundation for a sustainable ERM framework: Begin by identifying and inventorying the risk management activities already in existence.
A simple, yet valuable next step: convene an introductory educational ERM session for involved stakeholders. This educational session introduces the “basics” or “fundamentals” of ERM and establishes a common risk vocabulary in the process. Leverage this common risk vocabulary across the organization to create a consistent understanding of and approach to risk management, mitigation strategies and decision-making.
The introductory educational ERM session will create momentum and drive consistency of ERM concepts across the organization. Some of the concepts that should be introduced and defined in this initial session include:
Everyone involved in the ERM program will have a different role and their perspectives on risk will likely vary. As the ERM framework matures, those differing backgrounds and experiences will shape the overall direction of the program and mold the organization’s appetite and tolerance for risk. This transformation will not take shape overnight; it will mature at a pace that fits the environment of the organization.
As your organization’s ERM framework continues taking shape and management begins transitioning beyond the introduction of ERM, other important considerations include:
Overall, your ERM framework will continue to evolve as the program matures and is integrated into daily risk management activities. Being in the midst of a pandemic or other crisis environment does not mean your organization should stop working to mitigate risk OR taking advantage of available opportunities. ERM is just one way to ensure this pandemic does not stop us from moving forward!
For more information on this topic, or to learn how Baker Tilly specialists can help with ERM at your organization, contact our team.