In the previous post ERM Implementation – Platitudes? I drew a distinction between the bureaucratic or formalistic side and the practical value side of any program or initiative. I thought I would post an ERM pdf – Implementation Tool focusing on just this aspect of enterprise risk management implementation. It is a diagnostic tool containing criteria that you will be able to apply to your organization.
Avoid confusion: people should recognize enterprise risk management as distinct from enterprise resource management. For example, resource management at NetSuite.com, a cloud computing technology leader, offers an application to help ensure the efficient allocation of resources within the organization. The roll out of cloud computing applications is discussed in the online course Managing IT/Cyber Risk. [Disclosure: ERTechnical receives an affiliate fee for NetSuite link.]
Here is a preview of some of the elements from each of the two sides of ERM methodology, with editorial comments in each category:
Selection of Risk Management Standard:
[Select an appropriate risk management standard in order to give uniformity to language and definitions. The standards more or less converge on similar concepts and order of steps. However, it will require interpretation in order to make it meaningful in the context of your work. You can't rely on it as an implementation guide as it stands.]
Documented Corporate Policy:
[This is the outline of the application of the standard to your organization. The danger here is that it is much too long, with too much extraneous theory and especially advice that has been written in advance of practical trials.]
PRACTICAL VALUE SIDE
Investigation and Trials of Risk Identification Methods: at the Operational Level:
[These criteria are at the heart of the matter. An effective risk ID and assessment process, both at the strategic and operational level, is essential to successful enterprise risk management. This will ensure value and engaged participation. These points are covered in detail in the risk management online training course: How to Conduct High Quality Risk Assessment.]
Risk ID Methods Developed to Target Specific Work Functions:
[It is unlikely that a rigid and uniform risk methodology will work across all departments. Involving staff to develop and refine the methods, while observing compatibility across the organization, is a good way to make risk ID useful to them.]
The last part of the ERM tool is the assessment: to compare the formal and practical sides. The idea is not to discard the formal aspects altogether, but determine whether they are being used excessively. Perhaps you agree that it is better to lead with the second list; the practical work elements.
Rather than lead with too many formal aspects, you can develop them incrementally to support the proven practical work. This results in higher utility, sustainability and credibility of your ERM framework implementation.
Those wishing to study further the principles of program implementation, as applied to ERM, may be interested in a new Risk & Insurance Management Society online course to be launched later this year. It is called Special Case Studies in Risk Management. It includes a module called Overcoming ERM Resistance, with a 40-minute presentation, case study, and a more elaborate implementation tool with 24 criteria. I will post an announcement.