This is a guest post written by Carol Williams, founder and principal consultant of ERM Insights by Carol. Carol helps mid-sized organizations prioritize resources to focus on the biggest threats and opportunities. Grab her free ebook on how enterprise risk management is different from traditional risk management.
All successful endeavours that stand the test of time look at the big picture. History is replete with examples. If Henry Ford did not think about the big picture of mobility and production, would the iconic brand still be around today?
The same principle is true for initiatives within an organization – if you do not consider the big picture of how it will deliver value and achieve long-term goals, the effort has a higher risk of stagnation and even failure.
Organizations setting out to develop an enterprise-wide risk management framework and process often fall into this trap. In order to deliver value, enterprise risk management (ERM) must take the big picture view of the organization’s mission and strategy and how it plans to accomplish these goals. Sadly, according to NC State’s annual State of Risk Oversight report that came out in April, an alarming 19% of respondents felt their organization had a risk management process that is “a proprietary strategic tool that provides a unique competitive advantage.”
Getting bogged down in the day-to-day minutia prevents many organizations from realizing value from their enterprise risk management efforts.
What do I mean by minutia?
It means looking at risks one-by-one as opposed to connecting risks across the business units or carefully
examining barriers to achieving objectives.
It means having random, seemingly endless conversations about some minor operational risk rather than a carefully planned and executed process for identifying, assessing, and prioritizing risks.
It also means overloading executives with so much information that it ends up being useless for making
decisions.
To avoid this trap, risk professionals must keep things “big picture” for ERM to deliver value to the organization.
Most who set out to do something don’t want to be mediocre; they want to be the best they can be. When setting out to develop an ERM framework and process that is the best it can be for the organization, there are several important, big-picture questions that need to be answered. Examples include:
- What is the long-term goal for ERM in the organization?
- How will ERM be able to support the organization’s success?
- What are barriers to achieving the organization’s strategic objectives?
- How can ERM ensure resources are being used most efficiently and most effectively?
Another crucial realization organizations must have is how any actions, whether large or small, impact its reputation. Many organizations fail to recognize the significance of reputation and ERM’s role in protecting it. According to a 2015 study from Ocean Tomo, intangible assets like reputation account for over 80% of a company’s market value.
In the mid-80s, it was less than 1/3!
The speed at which information travels is a major reason why organizations must factor reputation into their risk management process. In the past, a company would have plenty of time to craft their response to negative press, but in our world of instant social media and 24-hour cable news, this time window no longer exists.
Examples of this in action can be easily found, but to illustrate, consider the incident last year of a passenger being forcibly dragged off an overbooked United Airlines flight. Video of the incident quickly went viral. Although United’s CEO later expressed regret, he also maintained the airline was following protocol. Despite intense damage control and apologies, images of the passenger’s bloody face are what people will remember.
Southwest Airlines, a competitor to United, made the decision to end the practice overbooking to avoid similar reputation problems. For more help in this area, ClearRisk has recommended some ways to manage reputational risk.
How technology helps organizations get the big picture view
Getting the big picture view of risks to strategic objectives or the organization’s reputation doesn’t happen by just asking a few questions. You have to figure out the way to analyze all of the information captured from asking those questions.
And spreadsheets are not always the best answer. Trust me.
However, it’s important to note that simply buying a software tool doesn’t automatically translate into success. Many organizations who rush into the technology piece before getting their framework and processes down find that the tool ultimately isn’t useful for them.
Although mindset is the foundation for seeing the big picture and developing a value-enhancing risk management process, technology also plays a big role in several ways. Examples include:
- Get out of the line item mindset of a spreadsheet - Excel spreadsheets can be
useful in documenting risks, but many organizations that use them fall into the minutia trap.
And spreadsheets cannot do certain things, like seeing trends in risk assessments and links
between risks. Technology or software tools designed for risk management help the
organization get out of the row-by-row, one-by-one nature of a spreadsheet. - Focus on the cumulative effects of risk – Technology tools designed for risk
management make it much easier to see the full impact risk will have on the organization.
Understanding this cumulative effect is crucial for ensuring resources are allocated
to their best use. - Help the organization understand groupings of information – Technology also makes it easier
to understand certain groupings or types of risks. With just a few clicks of a mouse or
keystrokes, the organization can better understand all of its financial, reputational, or other risks to
achieve strategic objectives. - Prevent information overload – Although details are important, risk professionals have
to be careful to not overload executives with information. Technology helps ensure executives
have the right information for making important strategic decisions and allocating resources. If
they have too much information on hand, they will not be able to make sense of it.
Getting bogged down in the minutia of risks is unfortunately a common problem for organizations. This problem eventually morphs into the perception that ERM is just another bureaucratic, check-the-box activity that ultimately provides little value to helping the organization accomplish strategic goals.
Therefore, taking the big picture view of what the organization is trying to accomplish and understanding risks to achieve these goals is a crucial part of ERM success. Technology tools play an integral role in ensuring organizations get this big picture view and therefore realize the benefits of having a formal ERM process.
Want to be featured like Carol? ClearRisk is actively looking for guest bloggers on a variety of risk management topics. Send us your great ideas here.
If you found this article helpful, you may be interested in:
Your comments are welcome.