Enterprise Risk Management Implementation: A Major Rethink Is Necessary
Many companies implement Enterprise Risk Management (ERM), then sit back and assume that all their problems have been solved. Unfortunately, that’s not how ERM works. ERM is an ongoing activity; organisations which implement it should not limit themselves to just ticking boxes. They should be actively overseeing its systems, processes and procedures to ensure that it accomplishes what they expect it to. ERM is like making an investment. How much an organisation benefits from ERM depends on how much effort it puts into implementing, running, maintaining and upgrading it.
Make no mistake; ERM has immense benefits but is not something that firms should undertake lightly. It requires long-term commitment from everyone at all levels of the organisation. Ideally, the Board should set the ERM strategy. Management then operationalises it, bringing on board everyone from the Mail Room to the Board Room. This is an important challenge that needs to be overcome; how can all members of an organisation be convinced that certain systems, processes and procedures will work when their understanding of these is incomplete? They need training to recognise that ERM has value. As their understanding grows, they will begin to see how it can help them be more productive, thus making them more valuable to the firm.
But reaching an acceptable level of buy-in takes time and resources, which the firm may not be willing or able to spare. This is when it has to decide what level of ERM is appropriate for its needs, and either scale up or down. ERM can be customised according to the organisation’s requirements. But these requirements will change as the organisation grows. It needs different inputs at different points in the course of its development. ERM is intended to support an organisation’s decision-making processes and help formulate strategies that will move the firm forward, keeping it growing, competitive and sustainable.
With so much riding on ERM, the firm cannot afford to let it be directionless or unmanaged. A lot of information directly related to the efficiency and performance of the firm will have emerged in the ERM implementation process. This should be used to guide the firm as it navigates its challenges. Having this sort of information helps the firm pinpoint where its weaknesses lie – and where it can expect to experience difficulties. These are its areas of risk, which may prevent it from achieving its objectives. When an organisation understands what is holding it back, it can take the necessary mitigative measures. But organisations and their environments are dynamic, which means mitigation must constantly evolve.
This can only happen if the organisation’s understanding of its challenges, shortfalls and capabilities develops in tandem with, and keeps abreast of, its environment. It is a continuous balancing act which directly influences the development of an appropriate risk culture for the organisation. For the organisation to continuously benefit from ERM, there needs to be constant input. It is a matter of always being up-to-date with industry developments, regulations, compliance and what the competition is doing. In today’s business environment, companies cannot afford to be distracted from their objectives. ERM helps them maintain this focus.
Being focussed also means being “on top of things” – which implies keeping checks and balances. When appropriately applied, risk management keeps operations on an even keel. With risks identified, and mitigation measures in place, there are no unpleasant surprises, and disruption is kept to a minimum. The organisation’s progress will be unimpeded; it maintains its competitiveness and sustainability. This translates into good news for both shareholders and stakeholders. For shareholders, it means the company is performing well and being professionally managed. For stakeholders, it means the company is operating transparently and applying good governance.
Internally, the constant and correct implementation of ERM has the ability to generate a supportive, productive corporate culture. Everyone involved with the organisation begins to recognise the direct connection between their contributions and the organisation’s success. They thus become more invested in what they are doing. This may be an unquantifiable benefit but it is a significant one because the firm depends on its staff. Staff with the right attitude are invaluable; they are truly its greatest asset. With the right attitude, they are capable of carrying the company through the greatest adversity.
But it is the responsibility of the company to understand, first and foremost, that ERM is an ongoing proposition, and apply it correctly. It is not a one-off exercise. You don’t just tick boxes and expect ERM to work. You have to work at it, carefully and continuously, to make it work for you. Once it starts, implementation of ERM will be ongoing. It moves in tandem with the company, not independently of it. Its systems and processes are capable of keeping the company on track and aligned with its objectives. At the end of the day, organisations will realise that the returns on ERM are commensurate with how much they have invested in it to begin with.