WILSON's View on Risk Management

ERM is powerful when designed as a performance-focused activity. It's not an audit, nor a compliance process. ERM manages the barriers that prevent organizations from achieving their objectives.

Author:
Richard Wilson develops Performance Risk Management capabilities for complex organizations. He has helped the largest companies in North America manage the barriers to their desired performance.

richard.m.wilson@ca.pwc.com | (416) 941-8374

Thursday, May 26, 2011

The importance of measuring ERM performance

In my experience I have found that a key challenge companies face is motivating various departments to adopt the ERM process. The root cause for this is often that ERM teams layer their processes and tools on top of the business, rather than integrating them into existing processes. A good example of this is risk mitigation planning. For illustration purposes consider the Customer Retention department. A VP of Retention has just confirmed her annual plan with Management, and has a list of initiatives that her department needs to accomplish this year. Human Resources has also confirmed her performance metrics and bonus structure based upon this annual plan.

A week later, the ERM team facilitates a risk assessment workshop that includes the risks related to Customer Retention objectives. The VP of Retention is asked to document a mitigation plan based upon the outcome of the workshop. ERM provides her a standalone ERM Mitigation Form. She completes the form and submits a copy to the ERM department. At the end of that year the VP of Retention successfully completes all initiatives in her annual plan and receives her bonus. The risk mitigation plan, which was not incorporated into her annual plan, remains incomplete. Not surprisingly, the VP of Retention focused on the initiatives upon which she is measured.

This inability to motivate participation in the ERM process is a very common situation. My advice for ERM teams is to work diligently with the Strategic Planning department to integrate risk mitigation plans into department leaders’ annual plans. This annual plan already contains the key initiatives that they need to complete, and risk mitigations are simply additional initiatives that require equal focus and attention.

Bottom line, people do what they are measured upon.
Posted by No comments:
Subscribe to: Posts (Atom)

About The Author

My photo
Richard is a Director in PwC's Risk Advisory practice with clients in both Canada and the United States.

He is an experienced senior executive with 15 years in a CEO or COO role (publically traded and private firms). Richard has been leading risk management implementations for more than a decade incl. 60 C-level risk assessments, and has led online risk assessments for 30,000 people in 25 countries.

He has advised the largest company in the US on risk management, and he has facilitated a risk assessment for the United Nations. Richard has been published in Compliance Week, Canadian Business, and the Globe & Mail and has been a keynote speaker on the topic of risk at many conferences in both Canada and the US since 2004.