WILSON's View on Risk Management

ERM is powerful when designed as a performance-focused activity. It's not an audit, nor a compliance process. ERM manages the barriers that prevent organizations from achieving their objectives.

Author:
Richard Wilson develops Performance Risk Management capabilities for complex organizations. He has helped the largest companies in North America manage the barriers to their desired performance.

richard.m.wilson@ca.pwc.com | (416) 941-8374

Sunday, October 17, 2010

Ensure every action contributes to your objectives


The risk management industry has done itself a disservice. The term ERM usually conjures up images of compliance, assurance, and unwanted processes that slow down productive business activities. Too many CEOs, referring to poorly executed ERM processes, ask: “Aren’t we doing this already?” In my experience what they are really saying is: “You have presented me with a list of risks, but I don’t understand how they relate to our performance, and I think we are managing many of them well already.” Let me explain why the ERM process they have been presented is leading them to this correct conclusion.

The baseline for all well-designed ERM activities is the annual strategic plan, which contains all strategic priorities that the ERM process must support. The question, “What keeps you up at night?” is out-dated as it lacks relevance to the company’s goals. The fundamental question that the ERM program must continually ask is, “For each corporate and departmental objective, what are the barriers that will prevent us from successfully achieving these targets?” Every risk must find its roots in a key objective.

This process of linking objectives to risks challenges the process of traditional risk categorization (e.g. HR, IT, Financial, Environmental etc.). Management teams have been breaking down these types of silos for decades. So why do ERM Teams so often group their risks this way? In my former CEO role, I always insisted that risks be reported alongside the objectives to which they were related. This ensured that the risks were always presented in the context of my company’s performance. In other words, the company’s objectives were the risk categories. It was a continual reminder to all stakeholders that risk management was a performance activity. Simply stated, risks that were not related to corporate objectives didn’t make the list.

This repositioning of the role of ERM has been a revelation to the more than 40 companies that I have worked with and advised over the past decade. A year ago, when I began advising a prominent Canadian CEO about risk, he conveyed a great deal of scepticism about ERM based upon the lack of value he had witnessed to date. After building this performance-focused ERM process, he describes it as, “A significant competitive advantage” for his company. I have since relabelled this methodology Performance Risk Management to help companies appreciate its focus on what matters most – ensuring every action contributes to your objectives.
Posted by No comments:
Subscribe to: Posts (Atom)

About The Author

My photo
Richard is a Director in PwC's Risk Advisory practice with clients in both Canada and the United States.

He is an experienced senior executive with 15 years in a CEO or COO role (publically traded and private firms). Richard has been leading risk management implementations for more than a decade incl. 60 C-level risk assessments, and has led online risk assessments for 30,000 people in 25 countries.

He has advised the largest company in the US on risk management, and he has facilitated a risk assessment for the United Nations. Richard has been published in Compliance Week, Canadian Business, and the Globe & Mail and has been a keynote speaker on the topic of risk at many conferences in both Canada and the US since 2004.