We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

ERM: Doing it, and doing it right

user-pic
Vote 0 Votes

ROI eBookJeffery Reynolds' article in ABA Banking Journal, "ERM: Getting it, and getting it right", equates the definition of Enterprise Risk Management with happiness.

"Before you start with ERM, you have to define it. If it were only that easy to nail down the definition of ERM--but it is not...Defining ERM is like defining happiness. Happiness is not the same for me as it is for you. Nor is it the same for me today as it was 20 years ago. And what drives happiness today will likely not be what defines happiness in a year or two."

Although Reynolds makes key points about the "interconnectivity" of ERM and its misinterpretation as a check-the-box activity, ERM is not like happiness. ERM is an action. You either do it, or you don't.

Organizations do not need to do Enterprise Risk Management the same way, focus on the same goals, or follow the same best practices. But those best practices - a root cause approach, the iterative steps of identify, mitigating, and monitoring - do not require discovery. They are known, and they can be implemented at any organization of any industry or size.

Consider GAAP, a set of accounting standards that can be used in any given jurisdiction. GAAP includes rules, standards, and conventions that assist in the creation of financial statements and help accountants do their job well. GAAP is to accounting what ISO, COSO, and other such frameworks are to ERM. Your accounting department uses a general ledger software to turn these best practices from a good idea into practice. The general ledger is to accountants what ERM software is for risk managers. It makes their work real, their results actionable, and ensures they follow best practice.

Reynolds argues that the process of moving through a discovery phase and discussion of risk creates value because ERM becomes, like happiness, a mindset that can drive strategic decision making.

The problem with relying on the discovery process is that the very value that Reynolds's recognizes in the process cannot be made actionable without tools that make the "interconnectivity or risk" transparent for risk managers and executives alike.

Have you ever been in a meeting with a fantastic exchange of ideas, but watched helplessly as those ideas floated off the second each stakeholder stepped out of the room?

ERM software is designed to capture those ideas by linking what your organization is doing, the controls, metrics, policies and so forth, directly to the risks and goals being identified. Without that link between good ideas and concrete activities, a mindset is just a mindset, and boards make decisions based on metrics, not mindsets.

The "interconnectivity or risk" that Reynolds correctly identifies as the value or ERM cannot effectively exist as a mindset, it requires a taxonomy. In trying to define happiness, Reynolds says that people "seek the counsel of experts and 'gurus'... They attend seminars, buy books, and hear testimonials."

He's right. Those activities don't create happiness, nor would they generate value for an ERM program. The value is made in executing the steps of an ERM process, and utilizing the correct tools to connect those results to the strategic goals of your organization.

ERM Software is much more than dashboards and communication. Read our Whitepaper on the ROI of ERM & ERM Software to see how LogicManager makes your work as a risk managers more valuable to the board and senior leadership.

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives

Blogs

ADVERTISEMENT