The Art of War and ERM – Energy
This is the ninth post in a series from Risk Insider Grace Crickette on how to gracefully bring together traditional risk management, change management techniques and enterprise risk management concepts. The series is inspired by strategies devised by Sun Tzu, a Chinese military general and philosopher.
Make ERM, Not War
Art of War Key Principal: Opportunistic Flexibility In Adapting Strategies And Tactics To Situation
The way to capitalize on the endless opportunities created by ever-changing conditions is to become engaged as a part of a well-thought-out plan and be flexible in adapting tactics within the context of each pre-determined strategy.
The fifth chapter in Sun Tzu’s book focuses on the Creative or Energy mode. Our application is that this is where the greatest amount of preparation and on-going effort takes place in implementing enterprise risk management.
From our menu of common elements of an ERM program, let’s move on to the fourth element: Form multidisciplinary groups focused on ERM and specific initiatives
In my last post, I advocated for independence, but strong collaboration and sharing of information between various groups in an organization. The ERM program can become the framework that brings the various activities together and provides the forum to create integration and collaboration.
Now, let’s get “the band” together.
Who is in the ERM “band” and what they are tasked to do, has varied greatly throughout my career. It was influenced by the type of organization, the organization life cycle, leadership’s directives and for what purpose the group was formed.
In all cases the ERM groups were productive and helped to elevate the organization’s understanding of risk. This happened not because of the type of group that they were, but because there specific objectives and the activities that were made very clear.
I would advise not getting too hung up on having your top leadership in the band — it can be great if that happens, but don’t put off forming a group if you don’t get the CEO to chair. Here are some examples:
Risk Management Committee: Made up of middle managers with a focus on a narrower band of risk, but with an ERM lens on understanding that operational risks have an impact on reputation, finance, compliance, etc. as depicted:
ERM Panel: Executive sponsorship with membership at all levels of the organization focused on supporting the ERM administrative team with implementation across the organization.
Board Risk Management Committee: The company’s board forms a risk management committee (or committee by another name) and the risk manager reports into that board on the progress of ERM — or the risk manager reports to the full board (or both).
Audit, Risk and Compliance Committee (ARC): Executive sponsorship with formal charter and with members from middle management to executive management, with reporting in by various individuals and groups under an ERM framework.
Workgroups: Groups formed under a larger committee, panel, or board committee as described above, to address a particular issue or area of risk; or as an independent long standing group that reports into the ERM department.
Example: Establish Workgroups
The ____ committee/office may sponsor standing work groups to collaborate on projects and programs that have benefits to the organization. This structure will allow for expansion and contraction of groups as needed and reduce the number of groups and meetings required to address the wide variety of risks that the organization must address.
The workgroups will not be formed without clear written process and expectations for these work groups. The goals of any workgroup formed will include:
- A. Produce work products that improve the effectiveness of the organization in delivering on the strategic plan;
- B. Provide a forum for the exchange of professional ideas;
- C. Allow participants to share common experiences and solutions related to a particular focus specialty, i.e., safety, financial controls, continuity planning, security, etc.;
- D. Act as subject matter expert advisor to the _______committee/office;
- E. Review challenges common to the organization and recommend a course of action;
- F. Review new or updated regulatory requirements and recommend action plans;
- G. Review new and emerging technologies.
Key Takeaway: Implementing ERM takes Energy and Creativity, forming groups exponentially increases the energy around your ERM Program.
Don’t get too hung up on what your groups’ structure and membership looks like — just get the band together and start making some music.
Bands are notorious for losing members (mostly drummers!!), so accept that your ERM band will change over time, and Rock On!
Remember — It’s not Risk Management, its Change Management!