Why ERM? The Rewards of Effective Risk Management
Many comedies begin with a main character proposing some kind of radical or ridiculous new idea to a group. This person then offers a description that puts stars in the eyes of the other characters who should know better and tears of laughter in the eyes of the audience. The scene invariably ends with a statement like, “What could possibly go wrong?” Hilarity ensues, of course, when the rest of the story illustrates every possible thing that could and does go wrong with the new initiative.
This premise can make for enjoyable fiction, but the question of what can possibly go wrong is no laughing matter for a business. Understanding and preparing for potential obstacles isn’t just about managing risk. It’s about positioning your company to turn challenges into opportunities by reacting more quickly and more thoughtfully than your competitors. That’s why Enterprise Risk Management (ERM) is critical for every business. It helps an organization to understand potential hazards in a strategic plan, identify early indicators that a potential hazard is about to become an actual problem, and adjust course early to avoid the hurdle or clear it in stride.
ERM and Strategic Planning
The first step in ERM is a thoughtful, focused look forward. What are the strategic goals for your company and how do you plan to achieve them? These 5 steps highlight the ERM approach to strategic planning:
- Identify the Strategic Goal. If the goal is simply “growth,” you’ll need to dig a little deeper. How much growth do you expect this year and in each of the next 5 years? Challenge your estimates and be sure to come up with achievable numbers.
- Identify the Strategy. For many businesses, the plan is growth through acquisition. If that’s the case, what types of acquisitions will be needed to meet the goals? How many? Are targets identified? Are they amenable to combination or will it be hostile?
- Identify the Most Significant Risks. This step is the heart of ERM strategic planning. In the scene we described above, the question of “What could possibly go wrong?” is a comedic foreshadowing of the troubles to come. In real life, this is one of the most important questions a business has to answer in order to plan effectively. Whether you’re working with an in-house risk management resource, a team of consultants, or both, you need to perform a thorough analysis of your strategy in order to identify the most significant problems that could arise. If your strategy is growth through acquisition, significant risks are going to revolve around integrating the operations—everything from the big picture of culture clashes to the nitty gritty of making sure everyone’s e-mail functions properly.
- For Each Risk, Identify Early Indicators that the Bad Possibility Is Coming to Pass. When it comes to rocky business combinations, some of the early red flags might be a lack of communication between team members from different organizations. As noted above, lack of e-mail functionality and difficulty accessing records across multiple platforms can be a sign that the mechanics of the merger are not going well.
- Implement a Process to Monitor and Report the Risks. If your business goes through the ERM process and understands all of the risks it faces but takes no steps to analyze operations and look for the early indicators as the strategy is implemented, you run the risk of wasting the time and effort invested in the ERM process. Those leading the execution of the strategy need to monitor the situation closely. There needs to be regular touch points with executive leadership, as well as clearly defined open channels to communicate significant changes as they occur. Everyone involved in implementing the new strategy needs to understand the risks and the early indicators and act quickly if trouble starts to develop.
The business that grows through acquisition often provides a prime example. If the plan calls for more than one acquisition a year, leadership can be so focused on the next transaction that they don’t watch the integration process for the business that just came in. Designating a leader to focus on watching for the risks identified and granting that person the authority to act quickly to alleviate the problems is a key component of successful ERM.
ERM and Operations
The last step in the planning process leads right into the second phase of ERM, the integration of risk management into daily operations. When your business has an ERM leader who is in the details focusing on the potential problems that can prevent the company from achieving its strategic goals, the executive leadership can continue to look forward and execute on the overall strategy. The keys to the internal ERM role are not complicated, but way too many businesses fail to execute on them.
- Monitor Feedback. It sounds simple, but it can be so difficult at times. The ERM team needs to watch the numbers and the human resources to see if any of the risks are turning into reality. In the acquisition example, the first signs of culture clash won’t show up in a spreadsheet—they’ll be heard around the watercooler.
- Take Clear and Decisive Action. As noted above, ERM resources need the authority to act quickly, or at least a channel to executive leadership that will get fast approval for proposed solutions. And everyone involved needs to understand that it can be an iterative process—as feedback comes in regarding the initial steps taken, leadership may find that additional steps are needed. If the business continues to struggle, engage outside resources for support. The key is to show everyone that management is hearing their concerns and demonstrating a commitment to resolving them effectively.
The worst-case scenario is a business attempting to create and follow a strategic plan without identifying someone to monitor potential risks and manage them as indicators show that they may be coming to pass. In the case of a business growing through acquisition, imagine how the executives will feel after investing so much time and energy into identifying risks and then failing to watch for them as they became reality. It’s the integration of ERM into the ongoing operations of the business that makes all the difference when it comes to reaping the rewards of risk management.
October 22, 2015