How to Avoid Becoming Roadkill on the Enterprise Risk Management Highway

March 2010 Issue

By Diana Del Bel Belluz, M.A.Sc., P.Eng.

Every year, several large consulting firms issue findings of their latest ERM surveys. They highlight the growing number of executives who now recognize they need to start or accelerate their organization’s ERM journey.

Unfortunately, these studies don’t probe the ‘dark side’ of ERM because they don’t answer two critical questions: How many organizations have abandoned their ERM journey and Why did their ERM initiatives fail?

ERM failures teach us that to gain traction, you must confront the barriers that can temporarily stall or permanently defeat your ERM initiative.

In this article, I share my observations about the rarely discussed barriers to ERM success. These insights are drawn from two sources. The 20 years I have spent helping organizations to implement systematic risk management give me direct from the trenches experience in what works and what doesn’t. For the past decade, I’ve organized The Conference Board of Canada’s ERM conference and it gives me a unique window into the broader practice of ERM in the corporate, government and nonprofit sectors.

BARRIER #1. Complacency.

You’ll miss the onramp for the journey towards systematic, integrated and proactive management of enterprise risks if your leadership team is not bothered about the gaps and weaknesses in its current approach.

To overcome this barrier, build and sell the business case for ERM.

First, figure out what will motivate your leadership team to adopt ERM so you can build a compelling business case. Did you know the reason your organization decides to pursue ERM is a good predictor of your program’s future success?

Are you motivated by external requirements, e.g., Sarbanes-Oxley legislation for publicly listed companies, the banking sector’s Basel accords, Standard and Poors’ requirements for nonfinancial entities, the Treasury Board of Canada’s integrated Risk Management policy, or Accreditation Canada’s Qmentum program? Or are you primarily responding to demands from your Board of Directors for assurance that the organization is managing enterprise risks appropriately? Either way, you may run out of gas before you get very far.

The programs with the most staying power are developed by executives who are driven to continually improve their firm’s performance. They use ERM both as a defensive mechanism and to deliberately exploit the upside potential of risk.

The second critical thing you need to do is find ways to have your people experience the benefits of ERM. Nothing ‘sells’ ERM better than having your people experience success with it by applying the concepts in your decision making and strategic planning processes.

For tips on how to accomplish this, see the past e-zine articles about building the business case (July 2008), winning buy-in (December 2007), and mobilizing your people (May 2008).

BARRIER #2. Resistance from executives

If executives don’t understand or trust risk analytics, at best they’ll imagine that ERM will undervalue their expert judgment and at worst they’ll fear it will diminish their control over strategic decisions. If your ERM tools are difficult to learn and apply, managers will perceive ERM to be too much work.

To overcome this barrier, build compact ERM processes and tools that add value and inspire trust. This means designing risk analytics that deliver a marked improvement in the quality of risk information brought to strategic decisions. It also means designing an ERM program that integrates with your existing decision and reporting processes rather than adding an extra layer of management.

For example, I recently helped the executive team of a healthcare organization develop simple ERM assessment tools that supplement their balanced scorecard process. The methodology provides clarity about the factors that drive risk. This enables a more conscious discussion at the executive table about how to best allocate resources to ensure achievement of near-term corporate objectives and build resilience to sustain the organization over the long-term. The transparency of the analysis enables the executive to provide strong evidence to the Board that the risks being taken to advance the organization’s mission are both well understood and managed appropriately.

A caveat about political resistance... Based on his experience at several financial firms and with multiple CEOs, John Fraser, VP Internal Audit and Chief Risk Officer at Hydro One Inc., concludes “ERM will not work in every company. The success of ERM is dependent on a number of factors, including the desire by the board and the executive for transparency. If you have an autocratic CEO, who has all the answers, that person does not particularly welcome or need your input or a whole bunch of democratic-type discussion. In a company like that, you can push all you want but ERM isn’t going to be successful.”

BARRIER #3. Lack of ERM know-how.

Proficiency in the ERM discipline is required to conduct (or oversee) the design of ERM processes and tools that will produce meaningful risk information. If the person tasked with developing your ERM framework has only weak ERM knowledge and skills, they’ll produce poorly constructed tools and processes that don’t effectively manage your risks. This can permanently destroy the credibility of the whole initiative.

To overcome this barrier, tune-up your ERM knowledge. This means both acquiring knowledge and building the skills of the ERM discipline. To get a good education in ERM, use a mix of the following:

  • Publications. Visit the Risk Wise website for a Reading List and the many free publications and newsletters featured on the Resources page. Risk management practitioners in over 30 countries subscribe to this E-Zine to get tips on implementation.
  • Public courses. Some professional associations and educational institutions offer excellent introductory training on risk topics. But be careful, all publicly offered courses suffer from the same weakness.  Because they serve a broad audience, they have to stick to generic principles and ignore the important nuances of adapting ERM tools to work in your firm’s particular business context.
  • In-house training. Don’t forget that the rest of the executive team needs skills in using the ERM tools. At Risk Wise, we specialize in delivering in-house training tailored to the specific needs of our clients (e.g., Bombardier, Toronto Transit Commission).
  • Conferences. Visit the Risk Wise website for a listing of Events that will help you keep abreast of the latest developments in the field and to build your peer support network.

BARRIER #4. Lack of experience in leading change.

How you roll out the ERM framework and tools will make or break your program. It is common for executives who have not previously implemented ERM to be defeated by classic challenges in organizational change such as resistance, competing priorities and cultural inertia.

To overcome this barrier, get help from someone with experience. If you try to go it alone, you will waste precious resources going down blind alleys. Either recruit a change expert from within your organization to manage the change process for you or seek advice from an experienced ERM coach. The research shows that adding coaching to training puts you in the ERM fast lane.

For example, six years ago I coached the executive team at a nonprofit agency on how to sequence and pace the introduction of the components of their ERM program. They used the template to both avoid the people issues that typically stymie technical risk experts and to maintain momentum on their ERM journey.

*

The Risk Wise bottom line… Technical and people challenges on the ERM journey have made roadkill of many executives. If you want to make ERM an integral part of your organization’s culture, learn how to tackle the most common barriers to ERM success.

To explore your best strategy to start or accelerate your ERM journey, contact Diana Del Bel Belluz

*

Follow the links to:

  • Read this month's Bonus Resource - New Compendium on Enterprise Risk Managment
  • Download a printable version of the entire March 2010 issue of the Risk Management Made Simple Advisory.
  • View the Article Index to access back issues of the Risk Management Made Simple Advisory.

Current Special Offers for Subscribers

Current Special Offers for Subscribers

The codes to access the following special offers have been emailed to all Risk Management Made Simple Advisory subscribers:

  • SPECIAL OFFER: $460 off the full conference fee for Risk Management Made Simple Advisory subscribers on the Resilience 2017 to be held on April 24-26, 2017 in Edmonton, AB. (Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.

  • SPECIAL OFFER: $150 off the full conference fee for Risk Management Made Simple Advisory subscribers on the Canadian Privacy Summit 2017 to be held on May 2-3, 2017 in Toronto, ON. (Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.

Not yet a subscriber, but want to access these special offers?

When you subscribe to the Advisory, we'll send you the code for all current special offers along with a link to your New Subscriber Bonus, a copy of Moving Beyond the Risk Map to Operational Vigilance.

FIND OUT FOR YOURSELF why risk management leaders subscribe, click to access the ARTICLE INDEX of all past issues of the Risk Management Made Simple Advisory.

"I save and study each issue of the Advisory. I appreciate how Diana gives very practical advice and links it to fundamental theories and best practices." 

Sherrie Hyde, Risk Manager, Lutherwood

Current Special Offers for Subscribers

The code to access the following special offer has been emailed to all Risk Management Made Simple Advisory subscribers:

  • SPECIAL OFFER: $460 off the full conference fee for Risk Management Made Simple Advisory subscribers on the Resilience 2017 to be held on April 24-26, 2017 in Edmonton, AB. (Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.

  • SPECIAL OFFER: $150 off the full conference fee for Risk Management Made Simple Advisory subscribers on the Canadian Privacy Summit 2017 to be held on May 2-3, 2017 in Toronto, ON. (Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.

Not yet a subscriber, but want to access these special offers?

When you subscribe to the Advisory, we'll send you the code for all current special offers along with a link to your New Subscriber Bonus, a copy of Moving Beyond the Risk Map to Operational Vigilance.

FIND OUT FOR YOURSELF why risk management leaders subscribe, click to access the ARTICLE INDEX of all past issues of the Risk Management Made Simple Advisory.

"I save and study each issue of the Advisory. I appreciate how Diana gives very practical advice and links it to fundamental theories and best practices." 

Sherrie Hyde, Risk Manager, Lutherwood

FREE DOWNLOAD

Moving Beyond the Risk Map to Operational Vigilance

Read more about the Risk Management Made Simple Advisory.

"It is so refreshing to read a newsletter that offers real solutions for risk management challenges."
Cathy Taylor
Director, Risk
Kinross Gold Corporation

Jump Start your risk management program.

Receive personalized advice from Risk Wise

See Details

Diana's Pick

Neuroscience and the Nonprofit Manager (written by Andy  Segedin and published in the NonProfit Times) shares some of the tips on how to counteract common biases and habits that impede effective decisions.

The article is based on a workshop that Diana Del Bel Belluz of Risk Wise presented at the 2015 Risk Summit organized by the Nonprofit Risk Management Center.