Before getting into what works well in ERM implementation, it's useful to highlight where an initiative can get derailed. Managements have often fallen into any number of traps while seeking effective ERM. Having been fortunate enough to work with many companies that have avoided the pitfalls, here I will share those experiences to help those of you looking to embrace ERM in order to avoid similar traps.
Wavering Support from the Top
As noted, the initial impetus for ERM usually does not come from the chief executive. Rather, discussion of ERM often is initiated at the board level, with the full board or audit committee seeking to ensure it is apprised of all significant risks. The immediate question is: “How does senior management know that it has identified the key risks, to be positioned to take appropriate action to manage the risks and to communicate that information to the board?” Typically after a CEO gets past the initial “My direct reports and I run this business, so of course we know what's going on and where the risks are!” the dialogue moves to how to establish the necessary discipline around whatever risk identification and management processes might already be in place.
Why is this so relevant here? Because when a CEO is not the initial driver, and especially when the board initiates a call for an ERM program, senior management may agree to move forward but their hearts might not be in it. That's not always the case—in one large company the impetus for ERM ...