Programs, Architecture & Analytics

Justifying the transition to an ERM Model for Senior Management

The business case for Business ResilienceEnterprise Risk Management (ERM) has been a hot topic for years and for many people in risk based professions we have seen the value in consolidating risked based operations and sharing information to paint a better picture of risk and exposure for our respective organizations.

Most risk based functions still operate in silos and there is a perception that consolidating or increasing collaboration will decrease the effectiveness of the operating silos and increase overhead (politics aside).

We are all Risk Managers and as so, we must introduce the benefits and promote the vision for an ERM model to our Senior Management.  Framing the vision to highlight the benefits of increased organizational effectiveness, elimination of gaps and inefficiencies is important to gaining Senior Management support.

Starting this conversation with Senior management can be difficult so I would recommend that the initial conversation starts with a brief introduction & overview of ERM, identifying current challenges, discussing the change in structure & vision and clearly stating the benefits of ERM.

The conversation/agenda would be as follows:

  • Enterprise Risk Management Introduction/Overview
  • Current Organizational Challenges
  • Risk Restructuring / Future Vision
  • Benefits of Change

The high level introduction/overview of Enterprise Risk Management (ERM) should contain the basic methodology and theory behind ERM which is inherently a risk based approach commonly documented will well adopted industry standards.  The basics of the ERM strategy are provided below.

  • The underlying premise of ERM is that every entity exists to provide value for its stakeholders.
  • All entities face uncertainty and uncertainty presents both risk and opportunity, with the potential to erode or enhance value.
  • ERM enables management to effectively deal with uncertainty and associated risk and opportunity, enhancing the capacity to build value.

The ERM core methodology/components are built upon a strategy, tool/program and culture change which needs to be embraced by the organization.  The following items will help communicate value and provide the answer to the “Why or What’s in it for us?” which will be asked.

  • Value is maximized when management sets strategy and objectives to strike an optimal balance between growth and return goals and related risks, and efficiently and effectively deploys resources in pursuit of the entity’s objectives.
  • ERM encompasses
    • Aligning risk appetite and strategy
    • Enhancing risk response decisions
    • Reducing operational surprises and losses
    • Identifying and managing multiple and cross-enterprise risks
    • Seizing opportunities
    • Improving deployment of capital

Next, it is important to discuss the core components of an ERM management system and the scope.  Depending on your industry it is recommended that you use a supporting framework like ISO, COSO etc. to push a best practices approach.  The following items are a standardized set of ERM components taken from multiple frameworks.  All frameworks deploy these requirements in some form which should then be applied to your industry specific operations.

  • ERM Management Components:
    • Internal Environment
    • Objective Setting
    • Event Identification
    • Risk Assessment
    • Risk Response
    • Control Activities
    • Information and Communication
    • Monitoring
  • A coordinated and normalized ERM approach is geared towards achieving improvement in the following areas:
    • Strategic
    • Operations
    • Reporting
    • Compliance

The ERM model is designed to quickly and easily adapt to changing business environments.  Major industry trends such as the following are addressed or mitigated through the ERM model.

  • Consolidation of legacy systems, data and operations (e.g. Shared Services).
  • Increased Client & Customer needs.
  • Increased regulations
  • Cost pressure
  • New digital and mobile channels have put demands on businesses to adapt quickly and cheaply.
  • Media highlighting operational failures and potential exposures.

The benefits of ERM have mainly been supported by research within the Financial industry.  Be prepared to justify or provide proof of the validity of ERM to your management. If you are not in the Financial industry then be prepared to give examples of how the ERM components will deliver the same results when applied to your industry.  Research within the Financial industry has found the following:

  • Better risk data management and reporting can increase a firm’s ability to meet strategic goals while reducing earning volatility and ultimately lead to improved profitability.(1)
  • Firms with more mature risk management practices outperform their peers financially.(2)
  • Firms with mature risk management practices generate the highest growth in revenue giving them a clear competitive advantage.(2)

(1) Harner, Michelle, Potential Cost and Value of ERM, The Conference Board, March 2013.

(2) Ernst & Young, “Turning Risk into Results: How Leading Companies Use Risk Management to Fuel Better Performance,” February 2012.

In addition, firms with mature risk management generate the highest growth in revenue among peers.

ThinkGRC_Risk_ERM Compound Annual Growth

Figure. Ernst & Young, “Turning Risk into Results: How Leading Companies Use Risk Management to Fuel Better Performance,” February 2012.  *2011 YTD reported as of November 18, 2011.

EBITDA = Revenue – Expenses (excluding tax, interest, depreciation and amortization)

The benefits of ERM are believed to be realized via the following:

  • Better financial performance among peers.
  • Increased competitive advantage.
  • Cost savings via risk reduction and improved decision making.
  • Improved operational insights for Management into operational risks and exposures.
  • Improved risk management measures via consolidation, metrics, administration, and compliance.

The best way to identify how these benefits will be realized is to highlight and/or examine areas of improvement in the following areas.

  • Inconsistent approach to capture and assess risk across the organization.
  • Multiple and manual risk management processes.
  • Risk related operations seems to be “reactive” not “proactive”.
  • Inability to produce a consolidated risk portfolio for the organization.
  • Lack of centralization.
  • No driving committee/coordinated effort to consolidate Risk based operations.
  • Lack of confidence that all risks are being identified and maintained accordingly.

To help your management, provide a visual understanding of the organizational and operational structure for ERM.  A sample of an ERM organizational/operational configuration has been provided.  It is recommended that you provide a similar visual representation of how your risk based organization/operation will be realized.

ThinkGRC_Risk_ERM Structure

For Senior Management the concept of restructuring operations to streamline risk based operations should have a low barrier of acceptance (politics aside).  The greater challenge will be to establish the vision and gain acceptance in using ERM as a tool in “Strategic Planning”.  Risk based decision making is inherent in all thinking and business decisions but for most organizations the method of assessing those risks is less formal and mainly developed along operational lines.

The goal of ERM is to develop a comprehensive and strategic approach to consolidating risk based information into a cohesive view of the decision point.  The cohesive point which could be referred to as a Risk Portfolio or Risk Assessment can quickly and easily be applied to Strategic Planning operations.  A Risk Portfolio at any given point in time will provide Senior Management with the most up-to-date risks that have been presented on the subject.  In addition, a Risk Portfolio will ensure that all decisions are made with a standardized risk approach which will reduce the overall risk to the organization and improve organizational performance.

Integrating ERM into Strategic Planning will provide the following benefits:

ThinkGRC_Risk_ERM Performance

The move to an ERM model in general will be implemented in phases or overtime.  Many organizations are organically moving to shared services models where an ERM model is a natural progression of organizational structuring.  It is also important to remember that the ERM model can create challenges for the organization.  When presenting the justification always make sure to promote the positive aspects and identify the potential hurdles that will need to be address with the move.  Make sure to keep the following points as primary considerations when developing your ERM transition roadmap.

  • The move to an ERM model should be framed around improving organizational performance, with a focus on strategic planning and decision making.
  • ERM can increase the scope or volume of data to be captured maintained and analyzed as part a risk management program.  A value assessment should be done to ensure that data of value is being captured for your objectives and duplication or non-valued data eliminated.
  • Always start with defining the program focusing on process, procedures and people.
  • Software is not a solution, it is an enabler and should only be used where there is a clearly defined program that requires support.

Have fun and good luck!

Download the associated presentation or view on SlideShare.

Download the Presentation:



Print Friendly, PDF & Email