ERM is an organization-wide effort that requires significant time and resources in order to develop the requisite talent, policies, processes, and systems. The key question for board members, corporate executives, and regulators is this:
How do we know if the ERM program is working effectively?
The purpose of this chapter is to answer that question. The key lies in establishing an objective performance feedback loop for ERM. The feedback loop is essential for starting a new ERM program or enhancing an existing one. Based on my work in ERM, I strongly believe that this is a critical missing link to which many companies do not pay sufficient attention.
In the last few chapters, we have discussed ways in which companies can measure risk, evaluate performance, and track where they stand in relation to strategic objectives. While risk policies articulate processes and requirements for ERM, the board and management still need information and feedback in order to ensure that ERM programs not only remain on track, but continue to evolve and improve. The solution to these issues lies in the assurance processes established by the organization, which include monitoring and reporting to the board, independent assessments, and objective feedback loops.
This chapter will discuss how feedback loops permit effective evaluation of risk management performance,1 provide critical risk information to boards and senior management, and offer actionable data ...