ERM Challenge #2: ERM Reporting; Why Management Cannot Relate to the Reports they See
ERM Objective:
Create a high degree of relevance between risks and key stakeholders within your company (i.e. The board, executive team, and middle management)
The Trap:
ERM team report lists of risks that have been separated from their strategic priorities (See Challenge #1). As a result management regards the risk reports as a “disembodied list of reasons why the organization will fail”. Most companies report their risks under siloed categories such as IT, HR, or Safety. Management works hard to break down silos, so why do we report risks by them? It’s a reporting flaw that prevents ERM from being strategic.
The Solution:
Risks are always reported beside the objective, process, project, IT system, or supply chain element that they are related to. As a result risks are correctly regarded as a natural part of the strategic focus of the organization.
Integrate your risks into your balanced score card. This continually positions the risks within the context of the strategic plan. Management can view the entire landscape as follows:
Strategy | Target | Risk | Risk Response = Performance
Tuesday, October 18, 2011
Subscribe to:
Posts (Atom)
About The Author
- Richard Wilson
- Richard is a Director in PwC's Risk Advisory practice with clients in both Canada and the United States.
He is an experienced senior executive with 15 years in a CEO or COO role (publically traded and private firms). Richard has been leading risk management implementations for more than a decade incl. 60 C-level risk assessments, and has led online risk assessments for 30,000 people in 25 countries.
He has advised the largest company in the US on risk management, and he has facilitated a risk assessment for the United Nations. Richard has been published in Compliance Week, Canadian Business, and the Globe & Mail and has been a keynote speaker on the topic of risk at many conferences in both Canada and the US since 2004.