ERM Is Not Just ‘Our’ Problem
Jack Hampton recently wrote, “Risk managers have a staggering problem on their hands if they are ever going to make enterprise risk management inroads across the full Academy. There is no other way to see it.”
And he’s right. Risk managers will always have a staggering, even insolvable problem, on their hands as long as they are the ones responsible for developing and implementing ERM at their institution. The same holds true for any business.
I’ve recently come back from the Higher Education Compliance Conference of the Society of Corporate Compliance and Ethics (SCCE).
There, I was heartened to hear presentations from multiple institutions where a team of senior leaders across the institution lead the ERM process.
As we know, engaging senior leadership in the ERM process helps to ensure the success of the program by placing the risk ownership across the institution, rather than allowing the perception of ownership to sit in Risk Management.
As we know, engaging senior leadership in the ERM process helps to ensure the success of the program by placing the risk ownership across the institution, rather than allowing the perception of ownership to sit in risk management. The most mature and robust programs fully integrate the compliance, ERM, traditional risk management and internal audit functions.
The risk management burden, as Jack points out, is endless and ever varying. We will never be able to stop the rogue employee from breaking the rules, including the grumpy professor trying to make a point by publicly illustrating gaps in our systems.
We may seldom be able to stop the determined assassin before he strikes.
However, an ERM program can protect the institution or the company from the consequences of these actions while boosting resiliency and resources if it enables us to develop processes that will
- Put organizational structures in place to identify and manage risk across the enterprise (including compliance risks);
- Create codes of conduct, policies and procedures in place to guide people on what to do;
- Educate and train our community so they know what they are expected to do;
- Give our operations managers tools to self-monitor their risk management and compliance activities and audit the operations as necessary;
- Develop a clear reporting and investigation processes for claims and complaints;
- Discipline those that willfully break the rules; teach those that accidentally break the rules; and
- Investigate and remediate systemic problems and risks.
So, how do we engage leadership in embracing and leading ERM? We talk about it, frequently and to anyone who will listen.
Practice your one-minute ERM elevator speech and use it on faculty, deans, all of your director-level peers and especially senior leaders.
Meet with key risk partners and share the benefits of an enterprise-wide approach.
Be a thought leader on your campus and tie the ERM process to the academic mission.
Gates Garrity-Rokous, vice president and chief compliance officer at The Ohio State University recommends relentless optimism.
Help your senior leaders and administrators understand that using the ERM process will make their lives easier, because ERM will help the institution allocate resources by highest need. Tell them how the ERM process will make our campuses better through improved awareness and clearer communication of risk issues.
It’s easy to feel discouraged in the face of constant stories of tragedies and malfeasance. But there are silver linings.
The students at UCLA were prepared and knew how to shelter in place so that casualties from the Mainak Sarkar shooting were limited. We’re getting better, we’re doing more with less and finding continual improvement.
Find your inner optimist, share your successes with your peers, keep calm and carry on.