Collecting and prioritizing risk data is only valuable if your organization has a way to transition this knowledge into action. Many companies struggle to go to the next step of making their Enterprise Risk Management (ERM) programs actionable.
ERM drives your biggest risk into plans, ones that align with and support your strategic goals. Plans are assigned an owner and provided a repeatable process that insures root cause risks that make up the plan have controls, the controls have owners and the activities that support controls are clear so they can be effectively implemented and monitored.
Monitoring of controls, effective reporting on progress and establishing relationships that allow for efficiencies among plans and other important business processes are what drives action.
Business Continuity & Continuous Improvement
Some ERM plans have a limited scope for a specific purpose and others are on-going. On-going plans address an important aspect of your business that requires continuous focus. These on-going plans are the organizations opportunity for business continuity and continuous improvement.
ERM plans provide formal documentation on what is currently happening; who owns the activity that is taking place and supporting details on the activities. The objective is to not lose any momentum during times of disruption.
Continuous improvement works best when everyone is in the know and able to contribute. Formalized ERM plans give both the birds-eye view and details for all stakeholders involved to enable them to effectively review and provide their perspective. Collective Risk Team input and participation is what drives collaborative efforts and best use of available resources.
Action is Everything
Two questions drive to the core of ERM – #1 What is the value of your organization and #2 What could kill that value. Foundational to ERM is a risk assessment process that identifies risk and missed opportunities that could kill the value.
There is no progress if the identified risks and opportunities do not transition into plans. The ERM Plan is the consistent and repeatable process to make what is most important, actionable.
Best practice plans force accountability and supports plan owners meeting their objectives. They include clear and concise descriptions on purpose, effective ranking displayed through heat maps and a summary of controls attached to each risk. They also include reasoning for the scoring that takes place, feedback on what could go wrong as well as details on what actions are required.
Apples to Apples
When organizations have multiple plans it can be challenging to determine which plan/which focus is most important at any given time.
Scoring on Impact, Likelihood and Assurance feed from each risk within each plan and aggregate up to both Inherent and Residual Indexes which allow for educated decisions on resources both among and within plans.
Author Mark Bennett, Founder of Risk Innovation Group (RIG), is dedicated to helping large employers face the complexities of risk through innovative Enterprise Risk Management (ERM) practices. ERM programs don’t just help large employers manage business risks more effectively; a well-developed ERM program can protect and create value as well as improve business performance and generate a strong competitive advantage. Contact: email@example.com