Creating a Healthy ERM Culture – Part 4

August 2013 Feature Article

By Diana Del Bel Belluz, M.A.Sc., P. Eng.

This is Part 4 of a series of articles defining 12 cultural traits that are essential for a healthy risk management culture. In this article, I provide tips on how to promote two of the 12 traits, i.e., being Performance-Oriented and Collaborative.

The earlier articles in the series covered six of the 12 ERM culture traits (shown in green font in Figure 1):


Figure 1 - 12 traits of healthy risk culture

The 12 cultural traits support specific phases of the ERM Implementation and Organizational Learning Cycle. (For details on the cycle, see the Advisory issues of April 2011October 2011, December 2011March 2012).

Healthy Risk Culture Trait #7: Performance-oriented

ERM programs that are primarily focused on compliance with rules will inevitably degenerate into a tick-box exercise. Merely putting enterprise risk management (ERM) processes in place is not enough. To gain traction and be effective, ERM programs must focus on enhancing organizational performance.

Unfortunately, many ERM programs fail to measure if and by how much they contribute to organizational performance. They focus almost exclusively on assuring that risks are identified, assessed and monitored using a consistent process. For me, it evokes the image of a race official whose only concern is whether or not the runner followed the rules with no thought to how well the athlete places. It brings to mind this wonderful quote:

"However beautiful the strategy, you should occasionally look at the results." Winston Churchill

Effective ERM leaders focus on ensuring their firm's ERM processes are actually working! They embrace their role as "coach" and put their primary focus on helping decision-makers to measurably enhance organizational performance and resilience.

To illustrate a performance-oriented culture, I use the image of a runner crossing the finish line. The runner represents the manager and the finish line his or her key objective. As coach, the ERM leader provides the tools, training, skills and motivation to help managers deal with the risks that can influence the achievement of their objectives.

How to cultivate it:

To ensure that ERM is oriented towards performance, first link ERM activities to the achievement of corporate objectives.

Leaders and managers can accomplish this by constantly asking themselves “How does this ERM action contribute to the achievement of the business objective?” Specifically, managers must interpret and apply the discipline of risk management to their decisions and actions in a thoughtful way to constantly optimize the risk-reward equation.

Aligning with corporate objectives helps you to:

  • Keep the focus on performance (vs. assurance for assurance’s sake)
  • Track ERM results by quantifying the value of ERM in terms of its actual contribution to the achievement of corporate objectives.

A second strategy is to use your ERM tracking and reporting to build feedback loops that encourage a virtuous cycle of good ERM behaviour. When leaders acknowledge the contribution of ERM to corporate objectives, it goes a long way towards building buy-in.

Healthy Risk Culture Trait #8: Collaborative

In the early days of ERM, emphasis was placed on assigning an “owner” to each enterprise risk. The rationale was that accountability would incent the risk owner to ensure the risk was managed to an acceptable level.

That thinking works well when risks are truly compartmentalized, i.e., the risk owner both has control over the risk and bears the brunt of the impact and is therefore incented to manage it. 

However, many enterprise risks ignore organizational boundaries. These risks can arise due to the actions of one or more functional areas or business units butthe effects are felt in yet another area(s) of the organization.

Furthermore, research shows that catastrophic corporate collapses are rarely due to a single cause. Instead, they typically result from several interdependent risks coming to fruition simultaneously or in a chain reaction.

For risks that cross organizational silos and for interdependent risks, it isn’t practical for a single risk owner to single-handedly manage the risk. Instead, a collaborative approach is required. The risk “owner” acts more as a “broker” to establish and coordinate the relationships necessary for effective management.

How to cultivate it:

Understand the cause-effect relationships of enterprise risks. How does each risk arise and who is affected by it? What are the interrelationships between risks? Knowing the answers will enable you to identify the internal and external stakeholders that must be part of the risk response strategies.

Decide who is best positioned to respond to the risk.  For risks that cross organizational silos, it is important to define the roles and relationships that are necessary for effective risk management. It’s also important to define how you will communicate across silos to ensure that the right information gets to the right people in a timely manner for effective risk management action.

Ensure people are properly incented to work together to manage the risk. This may require negotiation between departments. The CEO plays a major role in ensuring that the senior team is incented to work together on risks that cross silos.

For example, the CEO of one client that I worked with decided to focus ERM discussions entirely on those risks that crossed organization boundaries. For enterprise risks that were neatly contained within a single department, “ownership” was assigned to the executive accountable for that department with the expectation that the risk “owner” would handle the risk as part of their normal business function.

This enabled the senior leadership team to give their full attention to “shared” and interdependent risks that required management to collaborate on solutions. The CEO’s approach served to both encourage collaboration and to streamline the executive team’s conversations about enterprise risks.

The Risk Wise bottom line…

While assurance is an important element of ERM, performance is king. Constantly orienting ERM activities to the achievement of organizational objectives is the only way to provide value and is also essential forwinning and sustaining buy-in to ERM. Since many enterprise risks cross organizational silos or can interact with other risks, you need to broker relationships that engender collaboration among internal and external stakeholders.

*

My forte is coaching executives on how to integrate ERM into their organization’s unique business practices and culture. If you want help to engender a performance-oriented and collaborative culture in your organization, contact Diana Del Bel Belluz at Risk Wise:  This email address is being protected from spambots. You need JavaScript enabled to view it. or by telephone at (416) 214.7598

Follow the links to:

Current Special Offers for Subscribers

Current Special Offers for Subscribers

The codes to access the following special offers have been emailed to all Risk Management Made Simple Advisory subscribers:

  • SPECIAL OFFER: $460 off the full conference fee for Risk Management Made Simple Advisory subscribers on the Resilience 2017 to be held on April 24-26, 2017 in Edmonton, AB. (Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.

  • SPECIAL OFFER: $150 off the full conference fee for Risk Management Made Simple Advisory subscribers on the Canadian Privacy Summit 2017 to be held on May 2-3, 2017 in Toronto, ON. (Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.

Not yet a subscriber, but want to access these special offers?

When you subscribe to the Advisory, we'll send you the code for all current special offers along with a link to your New Subscriber Bonus, a copy of Moving Beyond the Risk Map to Operational Vigilance.

FIND OUT FOR YOURSELF why risk management leaders subscribe, click to access the ARTICLE INDEX of all past issues of the Risk Management Made Simple Advisory.

"I save and study each issue of the Advisory. I appreciate how Diana gives very practical advice and links it to fundamental theories and best practices." 

Sherrie Hyde, Risk Manager, Lutherwood

Current Special Offers for Subscribers

The code to access the following special offer has been emailed to all Risk Management Made Simple Advisory subscribers:

  • SPECIAL OFFER: $460 off the full conference fee for Risk Management Made Simple Advisory subscribers on the Resilience 2017 to be held on April 24-26, 2017 in Edmonton, AB. (Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.

  • SPECIAL OFFER: $150 off the full conference fee for Risk Management Made Simple Advisory subscribers on the Canadian Privacy Summit 2017 to be held on May 2-3, 2017 in Toronto, ON. (Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.

Not yet a subscriber, but want to access these special offers?

When you subscribe to the Advisory, we'll send you the code for all current special offers along with a link to your New Subscriber Bonus, a copy of Moving Beyond the Risk Map to Operational Vigilance.

FIND OUT FOR YOURSELF why risk management leaders subscribe, click to access the ARTICLE INDEX of all past issues of the Risk Management Made Simple Advisory.

"I save and study each issue of the Advisory. I appreciate how Diana gives very practical advice and links it to fundamental theories and best practices." 

Sherrie Hyde, Risk Manager, Lutherwood

FREE DOWNLOAD

Moving Beyond the Risk Map to Operational Vigilance

Read more about the Risk Management Made Simple Advisory.

"It is so refreshing to read a newsletter that offers real solutions for risk management challenges."
Cathy Taylor
Director, Risk
Kinross Gold Corporation

Diana's Pick

Neuroscience and the Nonprofit Manager (written by Andy  Segedin and published in the NonProfit Times) shares some of the tips on how to counteract common biases and habits that impede effective decisions.

The article is based on a workshop that Diana Del Bel Belluz of Risk Wise presented at the 2015 Risk Summit organized by the Nonprofit Risk Management Center.