The Art of War and ERM – Energy (Part 3)
This is the seventh chapter in Grace Crickette’s series of posts focused on how to gracefully bring together traditional risk management, change management techniques and enterprise risk management concepts by using phrases and tactics to develop strategies devised by Sun Tzu, a Chinese military general, strategist and philosopher.
Art of War Key Principal: Opportunistic Flexibility In Adapting Strategies And Tactics To Situation
The way to capitalize on the endless opportunities created by ever-changing conditions, is to become engaged as a part of a well thought out plan and be flexible in adapting tactics to those ever-changing conditions within the context of each pre-determined strategy.
Chapter V focuses on moving to the Creative or Energy mode, wherein the greatest amount of preparation and ongoing effort takes place in implementing Enterprise Risk Management.
In the prior post I provided a menu of common elements of an ERM Program and we looked at the first element, understanding the organization. Let’s focus on the second element, performing a gap analysis.
A gap analysis involves identifying the characteristics of the desired state and then comparing it to the current state and calling out the deficiencies. This approach allows you to lay the foundation for the actions that need to be taken to get to the current state.
If you’re just starting with your ERM program you may not have a clear or concrete vision of what the desired state should be. In fact, I would propose that in order to be successful with an ERM implementation that you stay flexible and steer clear of stating implicitly what the all of the components will be. Rather, start with documenting the current state and let that shape what your desired state will look like.
1) In Higher Education we write “White Papers” on topics that we want to research and present recommendations or alternatives. You might consider presenting your efforts as research or a “White Paper” rather than labeling it a “gap analysis”.
2) Create a list of departments and people to interview whom you believe may already be performing risk management activities and expand that list as you go.
- Information security – risk assessments
- Human Resources – employee engagement surveys
- Budget – risk identification in the budget process
- Legal – regulatory issues and litigation
- Finance & Treasury – stress testing, monitoring metrics against covenants
- Facilities – project management, deferred maintenance, change orders
- Audit – audit and management agreed upon remediation
- And so on…
3) Conduct your interviews and explain that you want to understand the work that is already being done, how they monitor and communicate out their efforts, and what they would like to improve on. Let them know that the focus of your “White Paper” is to highlight their good work, who the audience will be (it may be that the audience is just you to guide your efforts — remember to fit the audience to your culture), and that they will have an opportunity to review your write-up.
4) As you begin to conduct your interviews and begin to construct your paper you will be surprised at how much risk management activity there is already going on in your organization, though it may be called by another name. Aim to cast the best light on all of the good work that is being done, not a false light, but a positive light. Your paper is a great opportunity to gain allies.
5) Meet again with those you interviewed and review and revise the paper.
6) Next, bring all of the contributors together for a review session and through robust group discussion and brainstorming identify the gaps and the opportunities to improve the enterprise management of risk.
7) Look for ways to leverage the individual efforts. For example it may be most efficient to glean data from the existing information centrally to create your initial ERM risk portfolio, rather than conducting a separate ERM risk assessment.
Key Takeaway: Implementing ERM takes Energy and Creativity and understanding the current state of risk management in your organization requires that you look beyond the obvious. Giving people credit for the good work that they do can help you gain support for your ERM program.
Remember — it’s not Risk Management, it’s Change Management!