Enterprise Risk Management and Board of Directors

What is the role of the Board of Directors with regard to Enterprise Risk Management? I recently addressed the Board members of Island Health, our local health authority, to answer this question.

The Board has already been given advice by the Healthcare Insurance Reciprocal of Canada. HIROC characterizes health authorities as “high reliability” organizations, meaning that any particular failure can have much larger catastrophic effects.

I suggested the following Board duties:

  1. to review the rigour, quality and efficacy of the enterprise risk management regime itself;
  2. to review the content, i.e., results of the risk assessment process, as applied to strategic plans – the risks that were identified; the mitigation plans created;
  3. to ask critical questions regarding any element of the risk management practice, make suggestions, advise and guide the executive.

Similar to audit, the Board must maintain its independence. Unlike audit, which uses specific criteria and checks for compliance, each Board member formulates questions and criticism by drawing upon his or her unique individual background and expertise.

Eventually, the risk culture should mature so that a common understanding is developed among management, staff, and the board itself of how corporate values and risk ownership are understood and applied.

Read More

ERM: Solve Business Problems

Enterprise risk management —  correctly implemented — has an immediate practical benefit: to solve chronic and intractable business problems.

That might sound surprising, as many conceive of ERM as a compliance exercise, with purported eventual benefits, such as reduced volatility, managing strategic risk and lowering the cost of capital. But the value should be evident right away. How does ERM solve chronic and intractable business problems? Only if there is a very sharp, comprehensive and rigorous risk identification and assessment process. The trouble is that most embarking on risk ID use either a conventional approach (limited to, say, hazard risk, or “exposure to assets”) or use an ad hoc, informal approach, with no guidelines.

The challenge of developing high quality risk information (see my intro video) is the first concern when desigining an ERM program. If one pays attention to that, then magically the body of risk information is transformed from  a lifeless, inert heap of re-hashed management complaints into an incisive and insightful analysis of the most critical business problems.

I have experienced this time and again with clients. Once the rigour and structure is properly introduced into the exercise, the chronic difficulties which had always escaped definition and proper analysis suddenly come to light. The result is people have much more confidence. They now see and understand previously undetected and unsuspected underlying risk, and are prepared to fix these conditions and move the organization forward.

 

Read More

Performance Management and ERM

2017-07-15 / Uncategorized / No Comment

Performance managmement plan as context for risk ID
“A performance management plan is a set of target measures against which actual results achieved by employees are compared. If the system is well designed, it forms a good framework for risk assessment. We can ask, “What is the risk that performance measure X will not be attained?” But this assumes that the target is meaningful.”
Read the rest of this entry »

Read More

ERM books selected as Laval University course texts

2016-12-14 / Uncategorized / No Comment

laval-erm “Solving the Enterprise Risk Management Puzzle: Secrets to Successful Implementation” and companion volume  “Enterprise Risk  Management Tools and Templates” have been selected as course texts for Laval University’s ERM course ASR-4004 Gestion intégrée des risques en entreprise.

Read More

Relationship between Audit and Risk Management

2014-05-27 / Uncategorized / No Comment

based upon notes taken from Ch. 7 of the RIMS text Enterprise Risk Management, edited by Michael W. Elliott, published 2013 by The Institutes.

The Nature of Controls

According to the text, controls are used to assess whether the organization’s actions are the ones expected; to check that the organization’s processes are functioning as intended. Originally connected with detecting errors and fraud, they are now related to organization’s goals, financial reporting and compliance.
Read the rest of this entry »

Read More

Consulting For Lean Manufacturing

2014-01-15 / Uncategorized / Comments Off on Consulting For Lean Manufacturing

In my last post on Lean Manufacturing, I said that there was a broader agenda at stake — namely, the survival of firms in the era of the decline of western manufacturing. Consultant Bill Chambless expresses a similar thought in his book Quantum Profits. He posits that the mastering of short-run customized production is the key to economic recovery.

Read the rest of this entry »

Read More

Lean Manufacturing – New Journey for Risk Managers

2014-01-15 / Uncategorized / No Comment

DiagramShould risk managers delve into Lean Manufacturing, or similar  methods, at all?  One of the key themes in this blog is the necessity for risk managers to expand their view and gain a seat at the planning table. It is only natural, after implementing risk assessment methods, to feel that one might add value by seeking better productivity.

There is a broader agenda here.  The very survival of manufacturing and service industries is continually challenged, and the opportunities for gains are immense, both in administrative and industrial processes.

Planning and Innovation – Small-Medium Sized Enterprise

I am Planning and Innovation Lead for a small-medium sized enterprise in specialty metals manufacturing. Read the rest of this entry »

Read More

The Changing Role of the Risk Manager

2013-07-26 / Uncategorized / No Comment

In the RIMS 2012 report “The Evolving Role of the Risk Professional”, recommendations included that risk managers view risk in a new way that “builds internal alliances, and enhances the strategic decision-making capability”; this in turn would require “specialized communication and technical skills”. According to a Deloitte study, however, risk professionals are still perceived as working in silos, using limited skill sets. This post examines the risk manager’s required competencies.

The Definition of Risk
The definitions of risk given in the standards (e.g., ISO, COSO, AS/NZ) give the basis of my argument. They connect risk with organizational goals and objectives. These definitions imply the expansion of risk management beyond the conventional scope of corporate finance/audit and commercial insurance. New aspects of the risk management function — 6 specific roles — are discussed next. Read the rest of this entry »

Read More