Risks are known far in advance by at least one employee – and typically by several – on the front lines of every business. However, problems arise when managers lack mechanisms to escalate and connect their risks with the concerns shared by colleagues in other parts of the organization.
When critical business interdependencies are not formally recognized, they remain invisible, and the cumulative impact of these concerns is rarely addressed. Without the ability to identify connections between risks across business silos, high impact risks remain “unknown” to senior management. As a result, the individuals capable of allocating resources to mitigate these risk sit idly as their risk exposure grows. This is literally a preventable disaster waiting to happen.
There is another name for this life cycle of immature risk management, which since 2010 has carried similar penalties to fraud. Given by regulators and shareholders, the name is “negligence.”
Our business environment requires us to uncover useful risk dependencies so that they become known, and to benefit from this knowledge when things change — the proverbial “not missing the memo.”
The Power of ERM Connections: How it Works
Generally, we know what happens in our own department, so the most interesting information often comes from other departments and groups. For example, when you incorporate information from the outsourcing, supply chain, and customer retention departments into the equation, you find yourself with countless insights into your organization’s true risk picture. But, without ERM software, you’d need to be in back-to-back meetings all day just to keep up with each department.
Similarly to how LinkedIn provides you an ability to keep in touch and network with loose acquaintances in your personal social network, an ERM software system automatically connects you with those you depend on for success in your business. As with LinkedIn, getting started is not a massive, centralized undertaking, but rather a few minutes of entering your business area and the resources it depends on. The software automatically leverages these relationships to identify the key stakeholders in other groups, notifying you of material changes in regards to connections internally, or to your supply chain and customer base.
So the problem is how do we allow for the connection of risks? How does the “right” network of problem solvers form?
To find out, read the 2nd part of this post on escalating unknown knows.