Many customers, business owners, executives and Board members ask me about what it takes to implement more robust risk management practices within their businesses. Sadly there is no silver bullet. However, there are things which are required if a company is going to implement Enterprise Risk Management (ERM) properly, and ensure it sticks and is valuable to the business.
Although significantly oversimplified, I will provide a list of the Top 6 things a company must have to effectively implement Enterprise Risk Management.
1. Strong Board and Senior Management Support
- Without strong support from the very top of the business the implementation of Enterprise Risk Management will fail.
- Board and Senior Management must outwardly and continuously communicate the value ERM will bring to the business and ensure any push-back from the business is handled quickly.
2. Practical & Effective Policies and Procedures
- Policies and Procedures need to make practical and logical sense within the business.
- Don’t over-paper your business with rule and policies which don’t add value, and don’t help drive out the goals of an effective risk management program. A rule of thumb is, if it does not help you achieve a strategic goal for the company, don’t do it.
3. Ongoing Cultural and Change Management Activities
- Cultural adoption of risk management as a part of how the business functions is the largest component of success.
- Focus on the impact better risk management will have on the employees, the company and daily life, and the program will run smoothly.
4. Continuous Training & Development
- Risk management is continuous, so too must be training and development. It must be continuous or people will revert to their old behaviors and your new program will no longer be effective.
5. Effective Tools to Support the Risk Process
- Managing risk across an enterprise means managing huge, disparate and often conflicting sets of information.
- Provide employees with effective tools, which make the risk process easier to adopt and manage on a daily basis.
6. Focus on the Goal, not the Stages of Implementation
- When implementing ERM across a business, focus on the end goal, not the individual steps along the way. By focusing on your goals you keep everyone excited and aligned with the value the business will drive from managing risk better.
By ensuring you keep these 6 items top of mind, you set yourself and your company up for a better chance of success when implementing enterprise risk management across your business.