The Art of War and ERM – Energy (Part 2)
This is the sixth chapter in Grace Crickette’s series of posts focused on how to gracefully bring together traditional risk management, change management techniques and enterprise risk management concepts by using phrases and tactics to develop strategies devised by Sun Tzu, a Chinese military general, strategist and philosopher.
Make ERM Not War
Art of War Key Principal: Opportunistic Flexibility in Adapting Strategies and Tactics to Situations
The way to capitalize on the endless opportunities created by ever-changing conditions, is to become engaged as a part of a well thought out plan and be flexible in adapting tactics to those ever-changing conditions within the context of each pre-determined strategy.
Chapter V, focuses us in on moving to the Creative or Energy mode, wherein the greatest amount of preparation and on-going effort takes place in implementing Enterprise Risk Management.
In the prior post I provided a menu of common elements of an ERM Program. Let’s focus in on the first element, understanding the organization.
Understand the Organization
In addition to understanding the processes and procedures and basic “ins and outs” of your organization, you need to learn its culture. There many studies on organizational culture, what it is, how to improve it, how leaders impact culture, etc. I’m of the belief that culture is like the weather, it is always there and is not static. You take the weather with you wherever you go — meaning that while an organization through its mission, vision and values, governance and accountability efforts can provide the foundation and cornerstones for encouraging a particular
culture, there are still micro-climates within divisions, units, departments, and even individuals.
Every individual has their own micro-climate that extends beyond themselves and impacts others based on their experiences and paradigms. For the ERM Practitioner simply understanding the organizations culture is not enough. ERM is about change, and change requires developing relationships and influencing others. You have to understand the various micro-climates through-out the organization.
One approach to understanding the micro-climates in our organization and connecting with people is to conduct a risk assessment to find out what risks individuals and groups are facing in your organization, but proceed thoughtfully.
Particularly for an initial implementation of a risk assessment, try and avoid sending out a survey or file for people to complete, rather meet with people in-person, or at least via web or phone and have a conversation (which you will document and use to populate your assessment framework).
Also, really think about how you want to approach the discussion. If you want to drive a risk aware culture, then try and avoid a risk adverse approach, both in your assessment process and in your conversation. One technique is rather than asking people “What keeps you up at night?” try asking “How do you know you are managing your area of operations well?”
The answer to “What keeps you up at night?” could be anything from a large earthquake to workplace violence to currency devaluation. All serious concerns, and surely ones that need to be mitigated and monitored, but this type of questioning often gets a response that is not very telling and does not reveal the issues or drivers that are impacting current strategic and operational activities.
How do you know if you are doing well?
- My continuity plan is up to date and when we tested it, we found that it worked well, but we need additional processes around who has access to purchase cards.
- When we retain good employees. But I can’t get adequate data from our HR IT systems to figure out what the drivers are.
- Our customer satisfaction survey shows improved scores, but I have noticed that our employee satisfaction results have been headed the opposite direction.
When you ask an “upside” question, you tend to get a response that informs you about the day-to-day concerns, and the issues raised are much more actionable. You get a better sense of how people are feeling about the workplace, and how they are achieving success and managing challenges.
With an “upside” question, people tend to be much more open and will volunteer information, even about what is not working well. You start to understand if the climate is sunny or stormy. This approach creates an opportunity for you to help solve a local problem and then leverage that success to engage a broader audience in identifying and mitigating risk across the enterprise.
Key Takeaway: Implementing ERM takes energy and creativity, understanding your organization’s culture requires that you engage with the people. Taking a creative approach to conducting a risk assessment can help you to understand the challenges your organization is facing and reveal opportunities for you be of assistance. Get away from you dangerous desk and connect with people!
Remember — it’s not Risk Management, it’s Change Management!