July 28, 2021
Refreshing ERM or ERM Needing Refreshing?
The social and economic disruption this past year has prompted many organizations to take a fresh look at their enterprise risk management (ERM) process to address new, unplanned risks including changing customers and employees behaviors, volatility in the investment market and much more. Organizations recognize that prior risk assessments helped identify business continuity risk prior to large-scale work from home. Whatever may cause an organization to review or establish their ERM processes, there is no better time than now.
A Refresher: What is ERM?
The Committee of Sponsoring Organizations of the Treadway Commission defines ERM as: “a process, effected by an entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”
Approach
The success of an ERM program is rooted in the buy-in of executive management and an approach that is adaptable to changes in business strategy and environment. A well thought out ERM plan and continued assessment and improvement is key to a business integrating risk management into daily operations.
Getting Started
Finding a starting point can be a difficult task. Below are questions we often ask clients to understand their current approach to risk management and evaluate where we should focus our efforts.
Are you getting a wide-range of input on risk identification?
Either by survey or workshops, getting more of the organization involved in the risk identification and assessment process drives awareness. This also creates the opportunity for all groups to think about the most critical risks that face their area.
Are you sharing risk information in your organization?
Everyone across the organization should have an understanding of risk. Finding ways to communicate the result of the ERM process is important, like when discussing company strategy and direction. Risks that may not have previously been front of mind are now able to be considered as staff execute their jobs.
Have you established risk owners?
Assigning ownership of risks and delegating risk management responsibilities means monitoring can be an easier task. Risk owners are usually closer to the root-cause of risk and better equipped to mitigate.
Now What?
Whether you are in the ERM infancy stages or have a process that needs refreshing, there are tools available to help you get to where you want to be. Johnson Lambert’s consulting practice has developed an ERM Toolkit and related services that can help you through this ERM’s labyrinth. If you are interested in learning more about our services, please contact us.