The Future of ERM Flashcards
10 steps to successful ERM?
- Engage senior management and board to provide resource and support
- Establish independent ERM function reporting directly to a board member
- Establish risk architecture at exec and board level, supported by IA
- Develop ERM framework with classifications
- Develop risk-aware culture using common language, training and education
- Written procedures with clear statement of risk appetite
- Agree monitoring and reporting against established RM objectives
- Undertake risk assessments to identify accumulations and interdependencies of risk
- Integrate ERM into strategic planning, business processes and ops success
- Contribute to success by delivering measurable benefits
10 barriers to successful implementation of ERM?
- Lack of understanding and belief it will suppress entrepreneurialism
- Lack of support and commitment from senior management
- “just another initiative”, relevant and importance not accepted
- Benefits not perceived as being significant
- Not seen as part of core activity, seen as time-consuming.
- Approach too complicated or over-analytical
- Responsibilities and need for external consultants unclear
- Risks separated from where they arose and should be managed
- RM seen as static and not appropriate for a dynamic org.
10 RM seen as too expensive, taking over all aspect of the org.
What action should be taken to challenge the barrier of:
- Lack of understanding and belief it will suppress entrepreneurialism
Establish shared understanding, common expectations and consistent language
What action should be taken to challenge the barrier of:
Lack of support and commitment from senior management
Identify a sponsor on the board and confirm shared priorities.
What action should be taken to challenge the barrier of:
“just another initiative”, relevant and importance not accepted
Agree a strategy that sets out anticipated outcomes and benchmarks for benefits
What action should be taken to challenge the barrier of:
Benefits not perceived as being significant
Complete a realistic analysis of what can be achieved and impact on the org’s mission
What action should be taken to challenge the barrier of:
Not seen as part of core activity, seen as time-consuming.
Align effort with core processes and mission of the org
What action should be taken to challenge the barrier of:
Approach too complicated or over-analytical
Establish appropriate level of sophistication for framework and risk assessment
What action should be taken to challenge the barrier of:
Responsibilities and need for external consultants unclear
Establish agreed architecture with clear roles and risk responsibilities
What action should be taken to challenge the barrier of:
Risks separated from where they arose and should be managed
Include RM in job descriptions and ensure risks are managed in the context that gave rise to them
What action should be taken to challenge the barrier of:
RM seen as static and not appropriate for a dynamic org.
Align RM with decision-making activities
What action should be taken to challenge the barrier of:
RM seen as too expensive, taking over all aspect of the org.
Be realistic about scope. Do not claim that all business activities are RM activities by a different name.
What factors may influence the effectiveness of ERM?
- senior management influence within departments
- external influences including corporate governance
- nature of the business, products, culture
- corporate attitudes, including previous RM experiences
- origins of the RM department
How long is it likely to take to implement a RM framework?
2-5 years
Why might the timeframe for implementation need to be extended
Implementation of a comprehensive RMIS
