ERM: 5 Steps to Success & Better Risk Assessments
Steven Minsky | May 20, 2013
Most agree that working from the top down, meaning to first identify corporate objectives, then focus on the details of how to achieve them is what most managers wish they could be doing more of. However, the reality is most managers are so busy with day-to-day activities that little time is left over to work on the big picture. Everyone agrees the role of ERM is for risk management to be involved in the “key business decisions,” however, some misinterpret this as interviewing only the senior executives in “big picture” risk assessments. In reality, aligning day-to-day activities of all managers to the strategic objectives set by senior leadership, and then aggregating and analyzing this information is the winning approach.
So how is this accomplished?
Here are the 5 steps to quickly and practically embed risk management enterprise-wide.
- Begin with a “quick win”: Day-to-day activities are managed by business process owners throughout the organization. Winning the hearts and minds of these managers is all about helping them get current and in control of what’s in their “inbox”. Being in control of their current work will free up needed time and energy to understand and contribute to the “big picture.” Start with a business function that your direct boss is already responsible for, such as vendor management, information security, fraud, internal audit, regulatory compliance or business continuity. Your boss is highly motivated to get things done and has the resources, expertise and authority to help you make a “quick win” with this business area in less than 90 days. Quick wins build confidence, skills and attract other managers to seek you out and invite you into their world.
- Streamline current daily activities: An organizational system is needed to reach managers and help them connect to the big picture. A successful system will immediately streamline their daily tasks so nothing falls through the cracks. This organizational system is called “ERM Software.” Often, I have been asked for real world examples of this technology successfully adopted. Believe it or not, one of the best examples of a risk-based approach is Facebook or LinkedIn. Consider the task of documenting and connecting every person on Facebook, “the big picture,” from the top down in spreadsheets. This approach would be impossible! That is why Facebook instead focuses on the immediate problem of providing an organizational structure that allows users to share their information easily and quickly. Most importantly, the structure automates what each user is attempting to achieve, building a “big picture” network of contacts they can call upon when they need them. ERM Software is real and operates with the same technology and approach, but unlike a “social network”, ERM Software builds a “corporate network” of information, updates, and connections fully controlled by your organization. ERM Software grows in value exponentially, like Facebook does, with minimal oversight and expense. This same organizational structure enables you to aggregate and analyze this information to deliver the “big picture” to the board and senior leadership.
- Make relationships visible: Separation of duties originally focused employees in departments that were structured to manage only one subject, like vendor management or IT security; however, corporate silos have been crumbling, leaving such employees unprepared to meet these new challenges or uncover the inter-dependencies between their efforts. A risk taxonomy within ERM Software provides a structure to collect the information already in use by your organization. Additionally, like the role of Facebook or LinkedIn, risk assessment software does all the heavy lifting: finding who is connected to who, maintaining these relationships on your behalf, and automatically notifying you of changes you should know about. No more “missing the memo” or “gaps” in your control environment. At the click of a button ERM Software uses these relationships to connect a manager’s activities to the leadership team’s strategic objectives. Just like Facebook, these relationships communicate information both vertically and horizontally, resulting in the alignment of activities without any additional work from participants.
- Use risk assessment tools to prioritize tasks: Stress comes from inappropriately managed commitments. Risk assessments ask the question, ”What is the business impact and should I really make this commitment?” Risk assessments not only help each manager prioritize tasks, but also covers their backs with sound reasoning using an enterprise-wide evaluation criteria. ERM software risk assessments enable managers to make the business case for allocating resources to their most critical tasks, making work faster and easier to accomplish. Risk assessments score attributes based on relationships in step 3 to all connected policies, contracts, and controls, automatically prioritizing work and making clear what should be done the next today.
- Establish the ERM Process: I have discovered that one of the major reasons managers are skeptical about ERM is that they have tried to do all five steps of risk management at the same time and by themselves. ERM Software, like Facebook and LinkedIn, creates step-by-step wizards that organize your thoughts into a system that you can trust and rely upon. ERM Software reminds you when to identify, assess, evaluate, mitigate, or monitor risk and it connects you to those that can help you complete tasks in half the time. Creating an enterprise wide network of assets, processes, and risk at one point seemed impossible, but by empowering users and equipping management with the appropriate structure, it can be accomplished in as little as 90 days.
So what is holding you back from getting started?
Don’t buy any ERM Software at all, just pay-as-you-go with a full spectrum ERM SaaS Cloud service. LogicManager can have you up and running in 5 business days without any upfront hardware or software investments, and no IT work, and no long term commitments—just all the built in content you need, all connected.