Successful ERM Implementation-4 Keys

/ October 11th, 2011/ Posted in How to Implement ERM / No Comments »

erm-implementationEnterprise Risk Management implementation – are there proven principles?
Many risk management practitioners are struggling with trying to ensure successful Enterprise Risk Management – ERM – implementation. If you are in that situation, a first step would be to review conditions for success of programs of all types – whether corporate, public policy, IT implementation, or new management practices – that have been demonstrated in the literature in this area. Then see how they apply to your risk management plan.

Four key conditions for successful program implementation

Programs, such as Enterprise Risk Management, have several common pre-conditions to success. Four of these are as follows:

  • senior management support
  • staff support
  • adequate causal model/program design
  • phased implementation

These points look familiar enough, but they really need closer scrutiny. Let’s explore how these principles might be applied to a risk management framework.

Senior Management. The idea of managing business risk in a formal program has by now gained intellectual acceptance among senior management. Whether we think of success as managing project risk in a portfolio, improving corporate governance, or developing risk-based public policy, we can be confident that, at least in theory, ERM is sound and adds value.

Assuming there is no difficulty with initial buy-in, consider the quality of senior support for enterprise risk management. It must have 3 characteristics: 1. demonstrated, 2.communicated, and 3. sustained. That is, the executive and managers must actively participate in the new program and demonstrate their use of risk methods; communicate results; and maintain meaningful participation and funding over the long term.

Staff support. This is also a familiar notion, but how to obtain it is not so obvious. What we often see is a superficial exercise to do some quick interviews and gather risks into a list of the “top ten” that turn out to be fairly obvious. People rush to get through what they see as a compliance exercise and back to their real jobs.

Adequate causal model. The need here is to experiment to see exactly how you and your colleagues can apply the risk assessment process. Try conducting a thorough risk analysis to immediate business challenges, and see whether it actually helps you develop solutions. Participants can help refine the process, adapt it to their specific working environment, and so take ownership of the new risk management framework. This means validating an adequate program design: the risk assessment process must be able to solve the problems it is addressing.

Can you conduct a risk analysis with your team on your service plan, business objectives, program, or project, and develop an insightful risk profile that clarifies priorities?  It is the key to gaining staff support, and, for that matter, sincere buy-in and continued support at senior levels. Why? Because truly effective risk assessment helps people develop solutions to real business problems.

Phased implementation. Many programs have failed because managers tried to impose a whole preconceived structure all at once.  Proceeding incrementally means you have a chance to adjust, adapt, and integrate the new methods with your regular management and planning practice.

Executive support, staff support, good program design and incremental implementation: these are perennial features of successful programs.

[Revised. Originally published 05 Nov 2008.]

If you enjoyed this post, make sure you subscribe to my RSS feed!


Leave a Reply

Name required

Mail (will not be published) required