What are common misconceptions that can block success in your Enterprise Risk Management program? Your host Edward Robertson has a list of ERM myths, observed over several years’ experience as practitioner and educator. We continue our discussion with explanations and examples. For each point, we will give you the practical take-away to apply in your risk management program.
Take-away: In fact, the studies reporting on the implementation of management initiatives in all sectors show that failure and under-delivery are quite high, and there is a considerable literature on the causes. This should be taken into account when designing and implementing the ERM regime.
Take-away: Technology and enterprise software implementations are indeed a notorious when it comes to program failure and chronic under-delivery, with extraordinary costs. Establish and understand your own business process and investigate thoroughly the success factors in IT implementation before contemplating a large commitment of resources to tech “solutions”. Above all, do not fall prey to the myth that the technology, in and of itself, will inspire acceptance and take-up of the new management program, whether it is ERM or something else.
Take-away: A compliance regime may be appropriate for the business or organization. But the danger is to construe apparent compliance as real adherence to the regulations or code. Risk assessment must investigate the possibility that a check-the-box or superficial monitoring operation is actually missing breaches. Then again, successful operational complliance will be insufficient if the organization does not examine strategic risk in light of the wider environment, industry trends, etc.
Take-away: The risk ID and assessment process (I advocate for a process I call High Quality Risk Assessment) should be scalable and applicable to any context, including, of course, the strategic plan itself. We naturally assume that you have arrived at goals and objectives through a planning process. The questions then become: is the strategic plan well founded? Is it substantiated through research into industry trends and conditions? And is it properly formulated in terms of actionable goals? If the answer to any of these is no, then that is your first important risk.
Take-away: Forecasting uses historical data to establish the probability of certain definite outcomes, and so relies on the statistical method. Enterprise Risk Management, by contrast, rarely has the pertinent statistical data to bring to bear upon the full range of strategic and operational decisions, and so uses a round table method. We identify the uncertainties associated with a given plan, and then take immediate action to mitigate and nullify them.
Establish and understand your own business process and investigate thoroughly the success factors in IT implementation before contemplating a large commitment of resources to tech “solutions”. Above all, do not fall prey to the myth that the technology, in and of istelf, will inspire acceptance and take-up of the new management program.
Program implementation failure
A synopsis of various studies.
Scroll down to audio post: innovation: successful tech implementation part one
Risk tolerance vs risk appetite
RIMS document, pdf download
Exploring Risk Appetite and Risk Tolerance
“Steering clear of compliance pitfalls” © Key Media Pty Ltd.
Unattributed, 31 May 2010. Corporate Risk and Insurance. Excerpt:
What is Risk Commentary?
We see a striking contradiction in all businesses: the sharply increasing need for Enterprise Risk Management, as opposed to risk managers' persistent reports of low perceived value of their own processes. Correctly implemented, High Quality Risk Assessment will not only address uncertainty, but even solve chronic business problems. Join Edward Robertson, successful ERM practitioner and thought leader, to discover a simple process that delivers clear value.