The Institute of Enterprise Risk Practitioners (IERP®) is the world’s first and leading certification institute for Enterprise Risk Management (ERM).

Image Alt

IERP® International Institute of Enterprise Risk Practitioners

  /  Articles   /  Enterprise Risk Management Implementation: A Major Rethink Is Necessary

Enterprise Risk Management Implementation: A Major Rethink Is Necessary

Many companies implement Enterprise Risk Management (ERM), then sit back and assume that all their problems have been solved. Unfortunately, that’s not how ERM works. ERM is an ongoing activity; organisations which implement it should not limit themselves to just ticking boxes. They should be actively overseeing its systems, processes and procedures to ensure that it accomplishes what they expect it to. ERM is like making an investment. How much an organisation benefits from ERM depends on how much effort it puts into implementing, running, maintaining and upgrading it.

Make no mistake; ERM has immense benefits but is not something that firms should undertake lightly. It requires long-term commitment from everyone at all levels of the organisation. Ideally, the Board should set the ERM strategy. Management then operationalises it, bringing on board everyone from the Mail Room to the Board Room. This is an important challenge that needs to be overcome; how can all members of an organisation be convinced that certain systems, processes and procedures will work when their understanding of these is incomplete? They need training to recognise that ERM has value. As their understanding grows, they will begin to see how it can help them be more productive, thus making them more valuable to the firm.

But reaching an acceptable level of buy-in takes time and resources, which the firm may not be willing or able to spare. This is when it has to decide what level of ERM is appropriate for its needs, and either scale up or down. ERM can be customised according to the organisation’s requirements. But these requirements will change as the organisation grows. It needs different inputs at different points in the course of its development. ERM is intended to support an organisation’s decision-making processes and help formulate strategies that will move the firm forward, keeping it growing, competitive and sustainable.

With so much riding on ERM, the firm cannot afford to let it be directionless or unmanaged. A lot of information directly related to the efficiency and performance of the firm will have emerged in the ERM implementation process. This should be used to guide the firm as it navigates its challenges. Having this sort of information helps the firm pinpoint where its weaknesses lie – and where it can expect to experience difficulties. These are its areas of risk, which may prevent it from achieving its objectives. When an organisation understands what is holding it back, it can take the necessary mitigative measures. But organisations and their environments are dynamic, which means mitigation must constantly evolve.

This can only happen if the organisation’s understanding of its challenges, shortfalls and capabilities develops in tandem with, and keeps abreast of, its environment. It is a continuous balancing act which directly influences the development of an appropriate risk culture for the organisation. For the organisation to continuously benefit from ERM, there needs to be constant input. It is a matter of always being up-to-date with industry developments, regulations, compliance and what the competition is doing. In today’s business environment, companies cannot afford to be distracted from their objectives. ERM helps them maintain this focus.

Being focussed also means being “on top of things” – which implies keeping checks and balances. When appropriately applied, risk management keeps operations on an even keel. With risks identified, and mitigation measures in place, there are no unpleasant surprises, and disruption is kept to a minimum. The organisation’s progress will be unimpeded; it maintains its competitiveness and sustainability. This translates into good news for both shareholders and stakeholders. For shareholders, it means the company is performing well and being professionally managed. For stakeholders, it means the company is operating transparently and applying good governance.

Internally, the constant and correct implementation of ERM has the ability to generate a supportive, productive corporate culture. Everyone involved with the organisation begins to recognise the direct connection between their contributions and the organisation’s success. They thus become more invested in what they are doing. This may be an unquantifiable benefit but it is a significant one because the firm depends on its staff. Staff with the right attitude are invaluable; they are truly its greatest asset. With the right attitude, they are capable of carrying the company through the greatest adversity.

But it is the responsibility of the company to understand, first and foremost, that ERM is an ongoing proposition, and apply it correctly. It is not a one-off exercise. You don’t just tick boxes and expect ERM to work. You have to work at it, carefully and continuously, to make it work for you. Once it starts, implementation of ERM will be ongoing. It moves in tandem with the company, not independently of it. Its systems and processes are capable of keeping the company on track and aligned with its objectives. At the end of the day, organisations will realise that the returns on ERM are commensurate with how much they have invested in it to begin with.

    Name (required)

    Email Address (required, business email address only)

    Mobile Number (required)

    Company (required)

    Designation (required)

    Preferred Contact Method: (required)

    CallEmail

    What is the biggest challenge in your job/industry

    Which modules are you interested in? (required)

    Managing ESGMechanics of ESGEnterprise Risk Management

    Message

      Name (required)

      Email Address (required, business email address only)

      Mobile Number (required)

      Company (required)

      Designation (required)

      Preferred Contact Method: (required)

      CallEmail

      What is the biggest challenge in your job/industry

      Message

        Name (required)

        Email Address (required, business email address only)

        Mobile Number (required)

        Company (required)

        Designation (required)

        Preferred Contact Method: (required)

        CallEmail

        What is the biggest challenge in your job/industry

        Which modules are you interested in? (required)

        Evaluating Risk and Internal ControlCorporate GovernanceEstablishing a Cybersecurity FrameworkEnterprise Risk Management

        Message

          Name (required)

          Email Address (required, business email address only)

          Mobile Number (required)

          Company (required)

          Designation (required)

          Preferred Contact Method: (required)

          CallEmail

          What is the biggest challenge in your job/industry

          Message

            Name (required)

            Email Address (required, business email address only)

            Mobile Number (required)

            Company (required)

            Designation (required)

            Preferred Contact Method: (required)

            CallEmail

            What is the biggest challenge in your job/industry

            Which modules are you interested in? (required)

            Digital Risk Management and DisruptionMechanics of CyberSecurityEnterprise Risk Management

            Message

              Name (required)

              Email Address (required, business email address only)

              Mobile Number (required)

              Company (required)

              Designation (required)

              Preferred Contact Method: (required)

              CallEmail

              What is the biggest challenge in your job/industry

              Which modules are you interested in? (required)

              Evolution of BCM Standards, Policies and FrameworksBIA & BCMS Frameworks and StrategiesRisk, Sustainability, Metrics and Crafting Effective Business Continuity Plans

              Message

                Name (required)

                Email Address (required, business email address only)

                Mobile Number (required)

                Company (required)

                Designation (required)

                Preferred Contact Method: (required)

                CallEmail

                What is the biggest challenge in your job/industry

                Which modules are you interested in? (required)

                Emergency Preparedness, Response, BC Awareness and trainingBCMS Performance, Metrics and Audits, Disaster Recovery Plans and Lean MethodologiesCrisis Management

                Message

                User registration

                Reset Password