In a world of ever-growing uncertainty, what do you think is the one thing companies and people crave?
My own answer to this question boils down to one word – simplicity.
That’s right…
Company leaders have enough on their plate without having to make sense of complicated practices that provide few, if any, tangible benefits.
This principle applies to a range of situations, including ERM.
For years, ERM has been dogged with the reputation of being too bureaucratic and complicated. Many practitioners, including my old self, make things more complicated than they need to be.
At some point, this challenge makes the business scream on the inside, and sometimes out loud to STOP THE INSANITY similar to the iconic 90s fitness guru Susan Powter.
The parallels between ERM practices and Susan’s point that exercise and weight loss are made more complicated than they need to couldn’t be any clearer, and that parallel is this:
When something is made more complicated than it needs to be, it will be met with dread, hostility, leading to eventual abandonment.
There’s an erroneous perception that says everyone must understand every single step in the ERM process, no matter how big or small. This just slows things down.
ERM must move at the speed of business to be valuable. There are two exceptions to this general principle we will discuss later.
From a process perspective, the big question to ensuring ERM moves at the speed of business is this:
How simple can we make this and still get the information we need?
In today’s environment of extreme uncertainty, executives need more detailed information than in the past.
Many have the mistaken view that this need automatically necessitates a more complicated process.
Simplifying ERM practices means taking a careful look at what’s been done and asking ourselves questions, like…
“Is this still necessary to getting the information executives and managers need?”
“Do we need to interview 50 people to do a risk identification?”
“Do those people we interview also need to complete a survey?
“How long should it take for us to conduct a risk assessment?”
Information for strategic and business decisions comes from multiple sources. “Are there other areas or business units where we can obtain information without bothering anyone?”
Just because things were done a certain way 1, 2, or even 5-10 years ago doesn’t mean they have to (or should) be done the same way now. As we discuss here and other previous articles, ERM processes are iterative by their very nature, so they will always need refinement by default.
For example, rather than bringing leaders or people together multiple times for hours on end, you could structure your workshops something like this: (I literally just led several of these over the last few days.)
After speaking with leaders individually to understand their role and their business objectives (remember that this is a client for Strategic Decision Solutions, so you may not need these “discovery sessions”), bring in a group of people who are working on a single objective. These workshops lasted for approximately 2 hours, and we covered a ton of territory.
Spend the first 10-15 minutes having your participants identifying success drivers for their objective, then have them pick the top 3 (biggest) drivers.
For each driver, starting with the top 3, have them brainstorm the biggest potential obstacles or barriers to success as it relates to the driver.
After each success driver’s obstacles and barriers are identified, have participants choose the biggest (1 preferably, but 2 if you must) obstacles or barriers.
The first 60-75 minutes are spent in this conversation. Then spend the rest of the time on the prioritized 5 success drivers – let them take credit for all of the activities that the company is doing to address the biggest obstacles and barriers (a/k/a “mitigations”). It is during this time that you can also identify gaps in those activities and brainstorm on what else needs to be done to be comfortable with the success driver being a true enabler for the objective.
These sessions or workshops are about more than just identifying risks. It’s during these conversations where participants can understand what’s being done about those risks, prioritize the risks, and develop action plans all in the same session.
Assessment can occur during this session too but doesn’t need to look like the usual likelihood and impact. Remember, the assessment process doesn’t have to be complicated. Decision makers don’t need to understand inherent or residual risks. And since the risk is connected to an objective, or rather a risk’s impact on an objective, I lean away from having rating criteria altogether. (I know, this is a huge shift for ERM practitioners.)
Instead, assessing a risk to an objective really becomes about determining if it’s a deal breaker that will stop the company in its tracks, or something the owner can work around, or an acceptable risk that can be monitored.
Now there are two situations where a slightly slower, more thoughtful processes will be necessary. These include:
- The business is always on the go-go-go putting out fires or otherwise making decisions in a very reactive While business should move quickly, it should not be frantic.
- The business and the company at large do not have clear goals but instead has shiny-object syndrome.
It’s situations like these where ERM needs to say ‘hold on, let’s take a breath, and ask ourselves – what are we here to accomplish?’
We’ve explained in several previous articles how ERM cannot be considered a separate activity from running the business.
Asking the question ‘how simple can we make this’ and embedding a simpler approach into business and strategic decision-making is the key to improving the perception that ERM is nothing more than a bureaucratic compliance exercise.
Or put more succinctly, they will appreciate your efforts to stop the insanity!
How do you need to simplify ERM processes in your company?
Join the conversation on LinkedIn to share your thoughts!
