Back in February I started a blog post about the need for risk management to get simpler, in order to be more valuable. I stated that at it’s core enterprise risk management is about answering three critical questions:
1. What are the risks that could impact my goals and objectives?
2. What are we doing about those risks?
3. Is what we are doing effective?
I promised at the end of that blog that I would continue with this line of thought by explaining that all risk, regardless of industry, type, impact or scale follows a simple, 6-step process. By following this process you ensure you effectively and thoroughly manage the risk, identify improvements and ensure compliance. This 6-step process is the foundation of enterprise risk management and the process which enables companies to have confidence in their risk management capabilities, and allows them to focus on improving their organizations.
The 6-Step Enterprise Risk Management Process
1. Risk Identification
2. Risk Assessment
3. Current and Future Risk Control Determination
4. Control Implementation
5. Process Improvement
6. Monitoring and Reporting of Performance
That’s it. Every risk in your organization needs to go through each of these steps to be properly managed. There is nothing less, or nothing more. Follow this process, and you are doing Enterprise Risk Management.
Now, we all call this process many things. There are hundred, thousands of methodologies which can be applied to each step, and additional, specific items you can add to each step if you like. But at the core, all risk management processes, theories, methods or techniques follow this basic process.
The key with this process is that it is department neutral, silo independent, and applies to all industries and types of organizations. With this process you ensure you know your risks, you know their impact on your goals, you know what you are doing about them, and you know if what you are doing is working. This process builds confidence, builds credibility and helps expose areas of opportunity and advancement.
More and more organizations, executive and board members are realizing they need to get back to the basics related to risk management to make it valuable again. Focusing on what really matters to you is the first starting place, and then working to simplify the enterprise risk management process to its core components is how you build and deliver value.
How complex is your process? Maybe it should be simpler!