How one company’s ERM team is raising risk awareness and its own profile by organizing the firm’s sprawling risks.
Sometimes the best way to add importance to your function is to look to the top. To management, that is. This was what one company’s enterprise risk management team did to accomplish two things: help organize the company’s risks and add a level of seriousness to the function itself.
The head of this ERM team recently described, at NeuGroup’s Corporate ERM Group’s annual meeting, how he and his colleagues went about this task of organizing and legitimizing.
- The member said that when he took over the role of head of risk management at the company, “ERM was a board reporting exercise; it was muted.” But then the board, in its desire to improve at oversight, decided it wanted to get a better handle on the company’s risks.
Simplifying. The member said his team started with the twin goals of simplifying and optimizing. “Simplification,” he said, was “near and dear” to his company’s heart. This involved getting a better and more holistic view of enterprise risks and applying a strategy that assigned risks to business lines or individuals and allowed a better way to share results, standardize risk scoring, clarify risk definitions and roles, and leverage technology.
Whose risk is it? One of the first issues was identifying who owned what risk. “We don’t have a lot of roles that are ‘risk managers’ or ‘risk champions.'” ERM developed a risk council, which was comprised of people from different parts of the business. The council was given heft by drafting “a leader that was high up in the organization to help navigate and get people more engaged.” There is now active engagement across the company as well as a program that is a good balance of time, commitment and resources for all involved.
Aligning on tech. There is also good alignment on methodology and what technology to use. The member said that the technology search has been getting momentum from other functions that have an interest in ultimately sharing it. “More groups are pricking up their ears as we get closer to a tool selection,” he said. This is beneficial because it will allow ERM to share the cost with whichever function decides to partner with it.
Sharing the news on risk. The final step will be how to share any findings on risk and spread the word across the business. This includes creating a forum for problem-solving and sharing information on risk, where to focus mitigation efforts and aligning the messaging to leadership.