Designing an ERM program involves a lot of experimentation based on your company’s leadership, culture and operations
The board and/or executives have decided to establish an enterprise risk management (ERM) program. You have been given the responsibility of designing an ERM program for your organization and have established that they are in it for the long-haul. But where do you start?
There are so many resources (books, articles, webinars) out there, but you are having problems making heads or tails of it. Much of it sounds like theory or textbook, but how do you know what will work for your organization?
As you read through the multitude of resources, including this article on governance documents, you question and second-guess yourself about so many areas, including:
- how to engage with people,
- the ways to identify risk,
- how to assess the risks,
- the best way to report risks to executives, and
- how frequently to talk to people across your company.
“The theory and ideas floating around sound great on paper, but will they work for me?”
You don’t want your ERM program to be one of those stories: the program that dies a painful death or is just a check-the-box task.
You know the company – the personalities of the executives, the hectic (or not so hectic) schedules, how people prefer to communicate, and the operations of the company. Wanting to get it right the first time likely means you are over-preparing. Just like studying for an exam, there is such a thing as over-preparation or over-planning.
Designing an ERM program is like an experiment – you have to be mentally and emotionally ready to try things that may not work and make adjustments to get the best fit for your company.
As you are working to design the program, take a look around the organization to see what other activities related to risk-management are already being done. Avoid the duplicative efforts. Identify what is working (and not working) in those processes, and use that information to your advantage!
Ensure you are designing an ERM program that fits your organization
Use your knowledge of the organization to your advantage. Use your network of people across the organization to understand some of the undercurrents. Get people with influence across the company to buy-in and heartily support the idea of ERM.
Set the expectations from the very beginning, even before you start actually doing risk management. Make sure to include these points in your messaging and conversations:
- ERM is a long-term commitment, so don’t expect quick results.
- Some activities will be experimental, and feedback is requested and appreciated.
- ERM takes time if it is going to be done right…BUT it can provide so much value!
- It is not a red-tape activity, not meant to create a bureaucracy, and not to be duplicative.
You and the program will succeed. Just put on your lab coat, make sure you are ready to adapt on the fly, and get to it.
And remember, if you experience a hiccup or two along the way, a program can have a “reset” time – like discussed in this post – and emerge victorious!
What areas worried you when designing an ERM program and how did you overcome them?
I would love to hear from you. Please share your thoughts in the comment field below, or join the conversation on LinkedIn.
Do you want someone to guide you through the process? Are you struggling to get your risk management initiative off the ground or back on track? Contact me to discuss your program today, or continue browsing ERMInsightsbyCarol.com for more information.
Meme image courtesy of “Toeytoey” via FreeDigitalPhotos.net
