WILSON's View on Risk Management

ERM is powerful when designed as a performance-focused activity. It's not an audit, nor a compliance process. ERM manages the barriers that prevent organizations from achieving their objectives.

Author:
Richard Wilson develops Performance Risk Management capabilities for complex organizations. He has helped the largest companies in North America manage the barriers to their desired performance.

richard.m.wilson@ca.pwc.com | (416) 941-8374

Monday, April 12, 2010

Ask the people on the ground first

Over the past few years I have uncovered a terrific approach to operational risk assessments. There are a few ways in which to gather risk assessment data. The first source of good information can be gathered through online risk assessments with key process owners. This information enables you to look for risk trends across the organization. Try aggregating all of the risk scores from all departments to create a risk profile at the corporate level. Then drill down to see the risk profile of each department. Finally, segment your data by level to see how senior managers score risks versus middle management.

Once you have the broad risk assessment picture conduct an executive-level risk self-assessment (RSA) workshop. Use software, such as Resolver*Ballot, to anonymously gather the impact and likelihood scores for each risk. This risk assessment software allows you to gather that information free from the typical peer pressure and politics that naturally exist in senior level meetings since the results are anonymous.

In the executive workshop gather their first set of risk scores. Then show them how the rest of the organization scored the risks in the online risk assessment. Typically about 75% of the scores will be similar, but there are often a few surprises. If the executive team scored a risk lower than the online assessors then it tells them that they need to take it more seriously than previously expected.

The result of this two tiered assessment is a higher confidence by senior management that they understand the risk profile in the company. It also creates wider buy-in to the risk treatment phase outside of the C-suite.

[Rich]
richard.m.wilson@ca.pwc.com




Posted by
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

About The Author

My photo
Richard is a Director in PwC's Risk Advisory practice with clients in both Canada and the United States.

He is an experienced senior executive with 15 years in a CEO or COO role (publically traded and private firms). Richard has been leading risk management implementations for more than a decade incl. 60 C-level risk assessments, and has led online risk assessments for 30,000 people in 25 countries.

He has advised the largest company in the US on risk management, and he has facilitated a risk assessment for the United Nations. Richard has been published in Compliance Week, Canadian Business, and the Globe & Mail and has been a keynote speaker on the topic of risk at many conferences in both Canada and the US since 2004.