Risk Insider: Grace Crickette

The Art of War and ERM

By: | August 7, 2014

Grace Crickette, a leader in enterprise risk management, is special administrator, Finance and Administration for San Francisco State University. She can be reached at [email protected]

This is the first chapter in Grace Crickette’s series of posts focused on how to gracefully bring together traditional risk management, change management techniques and enterprise risk management concepts by using phrases and tactics to develop strategies devised by Sun Tzu, a Chinese military general, strategist and philosopher.


Chapter I – Laying Plans (Estimates): What Is Our Value Message?

Now to be clear, I am a peaceful person. But implementing an ERM program can at times feel like a battle. I have long been a fan of Sun Tzu* and his Art of War, and have used selected Sun Tzu phrases and tactics in workshops to help others develop strategies for implementing ERM programs. The first step in winning the battle is the laying of plans.

There are many important themes developed by Sun Tzu that can be applied to ERM challenges.

Strategic planning and rational analysis: Planning based on rational analysis of the best quality information available. Not the “perfect” data, not “all” the data, just the best data that you have. Rely on estimates in developing your plan as this allows you greater flexibility as to time, cost, impact, etc. How many times have we had a great idea, but did not execute because we felt we did not have all the information or support that we needed only to miss the window of opportunity. Perfection is the enemy of progress! Start simple: mission, tactics, and value statement.

  • Mission: Adoption of ERM throughout the organization
  • Tactics: Define, track and communicate the value of ERM
  • Value statement: Enterprise Risk Management allows us to protect our resources and reputation and focus on delivering on our promises

Change is accomplished through putting vision into action, which often starts as a project, and projects if successful become programs. There are five reasons to start a project:

  • Resolve an issue
  • Mitigate a risk
  • Improve a process
  • Change a relationship
  • Become something next

Most projects combine two or more of these reasons. Answer the question “why are we doing this?” will lead you to developing and refining your value statement.

Study the Past, Analysis, Develop and Maintain An “Edge”

This leads to knowledge, which, if properly focused, can lead to success. Strive to become the superior force in more than mere numbers. This is achieved through focused knowledge and experience, which, in turn, is gained by studying and observing situations, conditions, people, and events. So, let’s look at how others have expressed the value of ERM…

Common ERM Value Statements1ERM_sidebarCreate A Custom Value Statement To Fit Your Organization

  • Resolve an issue — We need to protect our assets
  • Mitigate a risk — We are having budget constraints and need to reduce our cost of risk
  • Improve a process — We want to be more efficient
  • Change a relationship — Departments are implementing shadow IT Systems we need to manage this across the enterprise
  • Become something next — We will be the first in our class to get an improved credit rating based on our ability to manage risk through our ERM program

Key Takeaway: Develop your plan based on the best information that you have, don’t wait for the perfect time to implement as it may never arrive.

ERM & laying of plans: Implementing ERM is a process and starts with developing: a mission, tactics, and a value statement

Remember — it’s not Risk Management, it’s Change Management!

Read all of Grace Crickette’s Risk Insider articles.


More from Risk & Insurance

More from Risk & Insurance