Fast Track To ERM Success: Striving For Quick Wins In ERM Implementation
Can there really be a “quick win” in the implementation of Enterprise Risk Management (ERM)? ERM is not a one-off project; it is a long-term commitment by the organisation to implement policies, frameworks, processes and procedures that spur the firm’s efforts to achieve its objectives. When well implemented, ERM is a tool that supports the organisation’s decision-making and helps it to develop mitigative action to avoid negative risk, and identify positive risk to create value for the firm. It cannot be implemented overnight. Despite its proven effectiveness, ERM is often viewed with scepticism and there is almost always initial resistance to its implementation.
How do you convince the organisations that ERM is good for them? Getting Board and top management buy-in is critical because ERM cuts across the organisation. It won’t work if there is no support from senior management. Ideally, it should be championed by someone at Board or C-suite level who can heighten its profile and give it more visibility while providing accountability. But all this will come to nothing if there is no actionable plan for its implementation, and no awareness or education about what it is, and what it can achieve – in particular, what it can enable the organisation to achieve.
There is no denying that ERM frameworks, processes and procedures can sometimes be overwhelming and onerous to implement. Many risk professionals who push the ERM agenda often find themselves inundated with the work of getting organised even before a suitable implementation approach is identified, and the necessary measures are put in place. Sometimes it better suits the firm’s purpose to demonstrate “quick wins” – how ERM works successfully on a short-term project, or within a department or business unit – first, before rolling it out across the enterprise. This also helps by generating feedback and comments by stakeholders that can be incorporated into its improvement.
The domino effect
ERM often seems daunting because of the extent to which it can be applied across an organisation. But small wins can often make more of an impact than waiting to fully and comprehensively implement ERM. Also, effective ERM takes time both to implement and be accepted. Acceptance grows with the development of the organisation’s risk culture, and its understanding of its risk appetite. ERM approaches and methodology will gain traction if they are applied incrementally, and changes in the organisation’s attitude to risk happen gradually. Because it is intended to be all-pervasive, it must take into consideration all of the firm’s structures, its issues, culture, values and other intangibles.
This necessitates an in-depth understanding of the organisation, its objectives, business and stakeholders, as well as the environment it operates in. A suitable framework is required to integrate all these components and support the firm in its efforts to balance its risks and opportunities by making the right decisions at the material time. All businesses have to deal with risk; it is how this risk is identified and managed, together with the uncertainty and disruption that come with it, that helps them maintain their competitiveness and sustainability. A capable Board that strategises well, and management that efficiently operationalises these strategies, make the firm more valuable.
It’s about more than just quick wins
Quick wins are good but they are not sustainable, and in the long run may hamper the organisation’s efforts to effectively implement ERM. ERM has to be coordinated across the whole organisation, not confined to just one unit or department, regardless of implementation challenges. Everyone throughout the organisation has to be able to recognise risk, and understand how it relates to their jobs. An understanding of risk management is therefore necessary so that employees will be aware of their responsibilities and strive to manage risk at their respective levels. This ultimately empowers the workforce and can improve organisational agility.
While quick wins can certainly garner support for ERM, risk professionals should always be on the lookout for ways to keep the narrative flowing. To do this, they need to understand their respective organisations in-depth and be aware of the extent of the organisation’s resources. They also need to be aware of the challenges confronting their organisations, and develop a comprehensive picture of how ERM can be applied to mitigate the risks that are preventing the organisation from achieving its objectives. Each risk needs to be properly identified and analysed before mitigative measures can be proposed, using the appropriate frameworks.
People are at the core of everything
In tandem, they have to develop insights and understanding of the workforce, and the organisational culture that drives it. Particularly where the organisation has overseas subsidiaries, local cultures may influence organisational culture. Risk managers may even encounter hostility and resistance to the projects they want to implement, but they should try to understand different perspectives. Resistance may stem from the lack of awareness or training in risk management. Local staff may see it as an imposition from the head office, or may be unable to implement risk management properly because of resource constraints.
When considering a quick win to demonstrate the effectiveness of ERM, try to start with the risks that are most relevant to the organisation’s objectives, and craft a program accordingly. It may then be easier to scale up the program or extend it, as the objectives will have an impact on all departments or business units. The important thing is to manage the quick wins so that the ERM conversation can be carried on. When the results of the quick wins become obvious to the Board, management and employees of the organisation, the risk manager will find increased buy-in of ERM frameworks, strategies, processes and procedures.