5 Steps to Enable Agile Enterprise Risk Management
It’s a Volatile, Complex and Unpredictable World
Is the world more volatile, complex and unpredictable than it used to be? We may think we face more volatility than our forebears did in the past, but they faced a great deal of volatility too.
People have always managed risk; it’s just that we didn’t call our activities “risk management” until about fifty years ago. One of the first modern risk management publications, Risk Management and the Business Enterprise (published in 1963 by Robert I. Mehr and Bob Hedges) describes how the objective of risk management is to maximize the productive efficiency of the enterprise. Their premise was that risks should be managed in a comprehensive manner, not simply insured. Wise words. Since the publication of this and other early books on risk management, the application of risk management in organizations large and small has become an accepted norm.
Since the foundations of ERM were laid in the 1950s, its adoption has provided many benefits to organizations. Sound structures of risk management have driven good governance through robust frameworks and control environments.
Today’s World Demands an Agile Approach to ERM
Good ERM practices engender a culture of anticipating possible events and planning ahead to maximize our likelihood of achieving successful outcomes. A question to ask now of ERM is, given the increasingly fast rhythm to which the world operates, should its principles be refreshed? Two major characteristics of today’s world are that: 1) circumstances change faster than ever before, and 2) we are more inter-connected than we have ever been.
As a result of these characteristics, an agile approach to ERM must be enabled and maintained, through these five steps.
1) Focus Constantly on Objectives
Managing risk requires a constant focus on objectives (the “why”). Objectives are our reason for doing what we do. The risks we identify to our objectives are what we must focus our ERM efforts on. ERM is about focusing on the risks to achieving objectives and is therefore relevant and useful to everyone in the organization.
2) Create the Proper Work Environment and Culture
The work environment determines how people manage risk. Everyone has their own attitude to risk based on their personality and experiences. Our work environment and organizational culture shape how we are expected to manage risk when we are at work. An agile approach to ERM equips leaders with insights and advice to ensure their work environment and culture nurtures the right approach to managing risk.
3) Be Pragmatic in Managing Risk
Most organizations have a risk framework, perhaps labelled an ERM framework, describing how they manage risk. A fresh look at ERM is an opportunity to ensure all frameworks and procedures use common terms, that they are simple and straightforward to apply, and are designed to help people respond to a dynamically changing and inter-connected world.
4) Track the Value Added by Risk Management
The management of risk needs to be measured to track the value it adds. You are what you measure, so the saying goes. As long as you plan for it, you can quantify risks and the cost of actions and controls that are agreed as required. You can measure the value of actions and controls against the effectiveness of how the risk is managed, and the achievement of your objectives.
5) Continuously Improve
A strong focus of ERM should be to harness knowledge about risks and how they have been and are being managed. As we capture more data than ever before, we should agree how to tell a story with data in a meaningful way, using data analytics in an intelligent way. Insightful information about risks helps to make risk-informed decisions, thereby enabling continuous improvement.
ERM provides many benefits to organizations. Today’s world is being disrupted and is more tightly integrated than ever before. To respond to this, consider focusing your ERM efforts on the five steps outlined above.
Best-in-Class companies implement an integrated and flexible risk management framework to successfully document and assess risks, define controls, manage audits, identify issues, and implement recommendations and remediation plans. Download Aberdeen’s “Operational Risk Management: Building a Framework to Identify, Assess and Remediate” report to learn more.