Modifying ERM to Fit the Organization
One change management technique that I leverage regularly is adaptation: taking what I believe to be the best or “truest” form of enterprise risk management and modifying it to fit the organization.
I recently worked with a group of business leaders in the health care industry that all had a desire to implement enterprise risk management (ERM), but were deeply entrenched in traditional risk management, specifically incident and claims management.
Frankly, they did not have a clear picture of what ERM would really “look like” or how it might manifest in their organizations.
What became clear was that for this group to begin to get any traction with ERM, their program would need to be incorporated into existing programs. The following is what I proposed.
To gain an enterprise view of incidents, events and claims arising out of the organization, develop an ERM approach to evaluate incidents, events and claims.
The channel by which an organization can efficiently and effectively promote a comprehensive framework for making risk management decisions — which maximize value protection and creation by managing risk and uncertainty and their connections to total value — is by integrating risk management practices into strategy.
This concept can be depicted as a tree, wherein the high visibility risk events (i.e., patient injury) are represented as the branches of a tree. It is the underlying systems that give rise to these events which are the root causes (the roots), and the trunk of the tree is the management channel through which the health of the roots flows to either support or weaken the branches.
We place strategy in the management channel (the trunk) and it is through the integration of the consideration of risk into strategy that the tree can be strengthened.
• Human Capital: Recruitment, onboarding, training and retention.
• Technology: IT architecture, security planning, vendor management.
• Legal/Regulatory: Compliance programs, quality review, internal and external audit.
• Operational: Procurement, supply chain, facilities planning, long range development plans.
• Financial: Budgeting process.
• Hazard: Emergency management and business continuity planning.
By integrating the consideration of risk into existing programs and processes rather than having the risk activities outside of those programs, the organization gains efficiencies, and the risk activities add value by improving the likelihood of success by minimizing friction and disruption that ultimately impacts customer (patient) satisfaction.
The role of the ERM practitioner is to support the integration of basic risk management techniques into existing programs and processes and assist management in identifying the problem areas, determine resolution and track and trend progress.
An example of integrating ERM into existing human resource (HR) processes:
Key Takeaway: Gain traction through adaptation.
ERM & Strategy: Explore and understand where strategy and strategic planning lives in your organization and collaborate with others to incorporate the consideration of risk in to those programs.
Remember – It’s not Risk Management, its Change Management!
Read all of Grace Crickette’s Risk Insider contributions.