Skip to main content

Five Step Plan for an Enterprise Risk Management (ERM) Program


Enterprise Risk Management (ERM): is a process of planning, organizing, leading, and controlling the activities of an organization in order to minimize the effects of a risk to an organization.  It expands beyond a daily run of the mill operational management! A true ERM program will have its scope expand to strategic, financial, reputational, human resource and business continuity as well as operational and legal risks. Most organizations, as they mature embark on a journey of establishing a robust Enterprise Risk Management (ERM) Program! The 5-step plan outlined here can be used for rolling out any organization-wide change.
Step 1: Organize effort for a successful change
  • Identify your team! Make this group a core part of the ERM work
  • Assess current organizational change saturation and establish a process to address any road blocks
  • Engage the Executive Leadership Team (ELT) for support
  • Have a clear plan of action
  • Ensure that ERM becomes a strategic priority
  • Be flexible when creating an ERM process because it needs to work for your stakeholders! Design with customers and end-users in mind.
Step 2: Establish a framework around risk
  • Customize standard framework to meet your organizational needs
  • ISO 31000 and COSO are good starting points to explore 
  • Capture risks, both prospectively and retrospectively
  • Create a process to link captured risks to strategic planning and organizational decision making
Step 3: Create a profile of top risks
  • Create a process to prioritize top risks in each of your key areas
  • Develop or use organizational risk matrix
  • Use departmental risks to shape organization-wide risk profile of top risks
  • Create a one-page summary for the Board of Directors, CEO and ELT
  • Keep the profile current by reviewing risks on a regular basis


“Top Risks” is the most important list of risks you may ever create! The profile of top risks of an organization allows the CEO and the Executive Leadership Team to focus on the most urgent and burning issues faced by the organization. This may include opportunity waiting to be taped into. These risks usually reside in the red zone of the organizational risk matrix. It allows stakeholders to identify, understand and communicate the significance of the risks for action.
Step 4: Review mitigation plan
  • For each identified Top risk, work out a plan to minimize or mitigate the risks
  • Create infrastructure that supports mitigation plan(s) and promotes actionable environment
  • Keep the plan SMART! (Specific, Measurable, Achievable, Reliable and Timely)
  • Communicate plan(s) and integrate efforts for broader engagement and ERM awareness
Risk mitigation plans, when created using the ERM approach, prevents the organization from falling into the trap of isolated and fragmented risk management. A big part of  ERM program success depends on the effectiveness and execution of mitigation plans for the identified risks. This is the weakest link for most ERM programs for the majority of organizations.
Step 5: Review and take action
  • Make tracking of actions easy and visual
  • Identify gaps or lack of action
  • Set clear accountability structure
  • Empower those who are accountable
  • Coach and support as necessary
  • Ensure that risks remain within defined risk tolerance
Having a plan, which is not actionable is worse than not having a plan at all! The ERM program allows the board and executive team to determine something called “risk tolerance”. It simply means, whether the organization would prefer the status quo or a decision towards reducing the risks. When issues fall above or beyond the risk tolerance, an action is required.


Comments

Post a Comment

Popular posts from this blog

Cannabis & Hemp Conference

Introducing the new Cannabis & Hemp Conference  Registration is Open Register In just a few years, cannabis trading has moved from an underground market to a booming legal business. With medical marijuana legal in 32 states and D.C. and recreational marijuana legal in 12 U.S. jurisdictions, cannabis and cannabinoid producers and distributors have quickly grown to such a size that they need support from a diverse range of financial services companies – including insurance firms. The insurance industry has been wary of covering cannabis-related industries but there is growing interest in the sector and more insurers, agents and brokers are handling business in what they view as a business sector set for a huge expansion. As the cannabis sector and insurers examine the risks inherent in cannabis production and distribution questions are arising on everything from crop coverage to directors and officers liability insurance. In addition, the rise of cannabis as an alte...
Post a Comment
Read more

Risk Leadership 2019 Event

Book Now :    https://ermgovernance.com/Contact-Us
Post a Comment
Read more
Job Alert: Vice-President Prevention & Employer Services – Saskatchewan Workers Compensation Board THE ORGANIZATION The Saskatchewan Workers’ Compensation Board (SaskWCB) has a legislated mandate to deliver workplace insurance to Saskatchewan employers and benefits to Saskatchewan workers if they are hurt at work.    The SaskWCB is governed by a three-person, full-time Board of Directors (BoD).  The Chief Executive Officer reports to the BoD and is supported by an executive team of five. Anchored by the Meredith Principles, the vision of the SaskWCB is  to eliminate injuries and restore abilities .   Their mission is  to be a customer-centric organization that continuously seeks to add value for their customers through a culture of Continuous Process Improvement .   SaskWCB values guide their actions and decisions:  Safety  – we relentlessly pursue Mission: Zero ensuring all employees have the healthy and safe wo...
Post a Comment
Read more