Congratulations! Your organization has determined that it needs to implement an ERM program. You’ve done all the research on the standards to use for establishing a governance structure, and you’ve committed to your board that the top risks to your business will be identified and managed.
Unfortunately, this beginning is the easiest part. Like any endeavor in life, you need to be willing to do certain things in order to be successful. If you want to get healthy for example, you have to be willing to change your diet and exercise for the long haul.
Your organization’s ERM program is no different….
In order for this initiative to bear fruit, your organization MUST be willing to do the following 4 things:
- Provide support – An ERM consultant can give you a wealth of advice on how to address threats to your organization. However, it won’t mean a whole lot if leadership does not provide support both verbally and in action. As the old saying goes, “actions speak louder than words!”
- Be involved – In addition to support, company executives and any subject matter experts (i.e. IT or project managers) must provide knowledge and perspective on their specific area. Again, any risk information will only benefit your company if the right people are involved.
- Follow through – An ERM program is not just a one and done effort – it’s a long-term commitment. Identifying and managing risks needs to become a central part of the company culture in order for it to yield benefits to your organization’s mission, long-term profits and more.
- Dedicated risk team – To ensure your ERM program doesn’t get brushed aside in the long run, best practices recommend that your organization have professional(s) dedicated to managing the risk process. How many dedicated team members you have will depend on how large your organization is and how complex your risks are.
Although we could certainly get into more detail on why having an ERM program is important, it’s vital for an organization’s leadership and personnel to understand what they need to do to ensure a program’s success.
Check out this piece on setting up an ERM program to learn more about establishing a framework, risk appetite and more.
If you are considering an ERM program or have an existing program and need a fresh set of eyes to realign priorities, check out my about page for a brief summary of my background and how I can help companies of all sizes identify, assess and respond to threats to your organization.
