Effective Implementation

Having highlighted the pitfalls, let's look at what needs to go right—focusing on what methodologies are most effective for successfully implementing an ERM system.

A Proven Method

Let's proceed on the basis that a company's CEO is fully supportive of moving forward with the ERM initiative. Whatever the impetus—perhaps urging from the board of directors or the audit committee, or learning a hard lesson from failure to see some critical risk, or simply recognizing the many benefits of ERM—the CEO and senior management team are committed to developing an effective ERM process.

For guidance on how to proceed, we can look to COSO's ERM report, which is based on significant experience with companies that have implemented ERM in their organizations. Drawing from that guidance we can outline the basic steps to ERM success.

  • Core team preparedness. A core team is established with representation from business units and key support functions, with a common understanding and language providing a foundation for the ERM program's design.
  • Implementation plan development. An initial plan is created setting out key project phases, including defined work streams, milestones, resources, and timing. Responsibilities are identified, and a project management system put in place.
  • Current state assessment. The core team considers how and the extent to which the company currently identifies and manages risk across the company, and assesses existing risk-management capabilities ...

Get Governance, Risk Management, and Compliance: It Can't Happen to Us—Avoiding Corporate Disaster While Driving Success now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.