Putting Strategy Into Risk Management
Author: Darius Delon, CCIB FCIP CRM, AVP Risk Services, Mount Royal University
There is a lot of talk about risk management, enterprise risk management and strategic risk management. There is a lot of advice on how you should develop the risk framework in your organization but not much is said on what strategy you should consider when you implement risk, enterprise risk or strategic risk
To be the most efficient and effective in implementing your strategy( change management) you need be open to changing that strategy when you are not getting enough traction (most impact in the shortest amount of time). Don't be fooled into thinking that just because you have buy-in that your advocates/management/board don't want immediate measurable results.
The first thing everyone will tell you is that the senior executive needs to be bought in - ideally they need to be bought in but if they are not you could always manage ERM with what a friend of my mine likes to call Stealth ERM. All the same work goes on but you don't have it as a strategic directive because sometimes executives have other issues that take priority - or - they don't see the value in ERM, yet! You need to prove to them, and everyone else, that what you are doing helps each department operate better - whether it is1% or 100% better.
Stealth ERM requires you to engage front line staff with the logic embedded in risk - what we do makes sense - use relevant examples with your front line staff that shows the past errors and the future potential successes. Incident examples have a lot of weight with people, especially if they are internal examples, gather these examples and be prepared to mention them often to prove to people that these incidents have happened in the past and can happen again.
Even when you have senior executive buy-in or even the board - you may still have problems getting traction from various middle managers. We have all heard about the Director that is against a project but their assistant gives your valuable insight into the department because they think risk management is awesome. Sometimes you need to go to the front line staff to get buy-in and more importantly operational changes. It takes more time to talk to all of the front line groups, but in the end it is worth it.
One of the biggest buy- in methods for a successful strategy is talk. One person at a time, one hour at a time, one advocate at a time. People will not buy-in to ERM just because they read something you put in front of them or heard at a large forum. Talk to them, work with them, get small wins, change how they perceive managing risk, and help them make positive changes in how they manage their activities without the quintessential NO that is associated with risk management.
ERM is just a tool for making better sustainable decision for the organization.