ERM Case Study – Part 3/5

Entrepreneurial universityThis is the next post in the Enterprise Risk Management implementation case study of Camosun College, B.C., Canada.

Project Approach – Key Players

As mentioned previously, the idea for enterprise risk management came from the Board of Governors, who were keen to participate in the provincial government’s foray into the new practice. While many public sector executive seemed at least intellectually to accept the idea of applying risk methods to strategy, the Board wanted to see it done and effect some real changes.
Read the rest of this entry »

Read More

ERM Case Study – Part 2/5

Entrepreneurial universityThis is a continuation of the Enterprise Risk Management implementation case study of Camosun College, B.C., Canada.

Impetus to ERM: Compliance or Improvement?

The impetus towards risk management came from the Board of Governors. They were aware of BC Government’s initiative, led by Risk Management Branch, to incorporate enterprise risk management into regular planning and management across the provincial public sector (by 2004, already well into the implementation phase).
Read the rest of this entry »

Read More

ERM Case Study – Part 1/5

Entrepreneurial universityThis is a case study in successful implementation of enterprise risk management — the first of five parts of the case of Camosun College.

Two key aspects of ERM; viz., a good risk identification/ assessment process, and the proper approach to program implementation, are emphasized in this case study. They apply to the implementation of ERM in any organization.
Read the rest of this entry »

Read More

Successful Enterprise Risk Management Plan

2010-05-07 / How to Implement ERM / 1 Comments

Formal Aspects

Each instance of successful ERM implementation is unique, and really depends on interpreting principles, not a fixed format. However, a sample risk management plan is typically a copy of the process steps from a standard, or a list showing the formal elements:

  • Communicate and promote the program;
  • Select an appropriate standard;
  • Define the governance structure;
  • Create policy to apply risk management steps to the business;
  • Establish tools, resources and a training plan.

Although those steps come to mind, I don’t take a bureaucratic approach when I work with clients. I find people have often done their homework on the formalities, and instead need help to get the program started. Proving the risk process at the front end is a low-risk way to proceed. Let’s look at a particular case.

ERM Case Study: Camosun College

When Camosun College first called me, they were bound to implement ERM following instructions from the Board, had a project manager engaged to lead the effort, and had studied the ERM framework.

They asked: where do we start? I asked in turn: where are the most pressing challenges in your planning and operations? I wanted to identify a pilot group with whom we could try risk identification and assessment – whether at the department (operational) level or executive (strategic) level.

The project lead set up a session with the college president and the senior executive, and I facilitated the identification and assessment of risk for the college’s multi-year strategic plan. Our aim was to demonstrate the risk methodology to the executive group, and see what kind of results it would give.

We prepared the session with a fairly short, but carefully defined context paper. We reviewed the templates and criteria we would use. The project lead explained to me: ‘Edward, we like your templates, but we have changed some of the terminology to “Camosunize” them.’ I was glad, because this meant the risk management team was adapting the method to their own working culture.

The session was a team building exercise, because controversial matters found resolution, not arbitrarily, but based on their own criteria, such as strategic direction and professional values. It resulted in a comprehensive risk profile and an agreed risk mitigation blueprint, involving plans to build up certain programs, attenuate others, and take other pro-active administrative steps.

At that point, executive had no problem in mandating a roll-out to other administrative and academic departments, one-by-one, to test and improve the process gradually.

Camosun set up an exemplary Enterprise Risk Management regime within18 months. They liked the results and presented them to the Canadian Association of Community Colleges. The CFO Peter Lockie tells me he regularly gets calls to speak about Camosun’s ERM experience and share materials.

Principles of ERM Implementation

I started out by saying that successful ERM implementation depends on principles. Here are important tenets of program implementation that Camosun paid attention to:

  1. Gain senior executive support; not through lip service, but through active participation;
  2. Gain staff and participant support through encouraging ownership and adaptation of tools and language to suit the organizational culture;
  3. Demonstrate value: work with participants to prove how the new management practice (i.e., risk ID and assessment) solves critical business dilemmas, builds consensus and helps them get their jobs done;
  4. Resource the project adequately in order to support a phased implementation;
  5. Proceed incrementally, with a low-tech approach, and allow feedback and improvement – avoid a monolithic and wholesale imposition of new system;
  6. Integrate the new practice into existing planning and management regime as an improvement, not as an administrative burden.

Check a similar case involving the Alberta Urban Municipalities Association (AUMA-AMSC).


Read More