AllBusiness.com

Eight Common Pitfalls of Enterprise Risk Management Implementation

Insurance & Risk Management

Recently I wrote a column on enterprise risk management (ERM), which is an integrated approach to risk management increasingly popular in the United States. Bill Fuller, a general manager at Hudson, a worldwide provider of permanent recruitment and contract professional services, offers his views on ERM and the implementation challenges for organizations contemplating ERM.

Fuller worked in multinational conglomerates and spent time in professional services with PricewaterhouseCoopers completing compliance audits and offering technical expertise. He recently presented in Denver on the common pitfalls of ERM implementation. These are Fuller’s eight common pitfalls of ERM for organizations considering implementing ERM or that have stalled ERM initiatives.

 

1.      Management must accept and choose a risk management framework like The Committee of Sponsoring Organizations of the Treadway Commission (COSO). COSO helped to build a risk management framework for organizations after high- profile business failures like Enron drove calls for increased risk management governance. Using a framework like COSO’s ERM framework is, “The start of a communication tool using common language throughout the organization,” Fuller said and important to ERM success in any organization.

2.      Lack of senior management commitment. “Any initiative will fail if senior management is not committed,” Fuller said. Personally, I don’t know any risk management professionals who would disagree with this statement.

3.      No designated risk management and change-process owners at the senior level or in each business unit. According to Fuller, “There needs to be ownership within the organization at senior- level management with clearly defined roles and responsibilities.”

4.      Organizations must have a plan to move from the current state to the desired state. “With that plan, there must be tasks, roles, resources and time lines. It’s not just a plan that says, ‘Yes, we’re going to do this,’ but steps must be clearly outlined with a way to monitor progress,” according to Fuller.

5.      Fuller believes that measurement tools will facilitate the alignment of activities to the overall business objectives. Then, match resource allocations (capital, operating expenses, people) to those objectives. “Put your dollars where they should be placed based on the risks,” Fuller said.

6.      An organization should formally roll out a communication plan and training curriculum to develop risk management awareness and core competencies in the company. Training to those core competencies is needed, as well.

7.      When a risk management program is in place, reinforce its use by aligning human resource mechanisms to that program. Fuller recommends incentivizing employee participation. Begin the process with qualitative measurements like meeting attendance, Fuller recommends, then add quantitative measures later.

8.      Organizations must develop an ongoing monitoring mechanism to ensure the risk management mandate is implemented. “Every time you identify risks, the organization must develop a strategy to mitigate those risks. These are nothing more than action plans. Someone has to monitor the action plans and report to management and company governance. This is typically internal audit teams.”

Fuller helps clients identify and assess their risk and develop risk management strategies.  He can be reached at Hudson or at bill.fuller@hudson.com

 

Profile: Nancy Germond

Nancy Germond is the President of Insurance Writer, a risk management communications firm located in Phoenix, Arizona.