Enterprise Risk Management (ERM) is both art and science. While the science of ERM has developed over the past two decades, the art of managing risks has always been around. As the breadth and complexity of risks increases, companies realize it is prudent to manage enterprise-wide risks in a structured manner. The Top 500 companies by market capitalization in India are today required by SEBI’s Listing Rules to invest in a formal risk management committee of the Board. A recent proposal to move this requirement up to the Top 1000 has been welcomed.
If you are an organization who is investing in a formal process for managing risks within your organization, this is your go-to article!
First things first, the two big rocks — Sponsorship and Resourcing
Both sponsorship and resourcing matter to your ERM program success. Ensure these are committed before you begin.
Sponsorship — See who is most comfortable supporting risk-based decisions in the organization. Is it your CFO, CEO or perhaps even the Board? Identify a willing sponsor among them. Use the most supportive authority to be your sponsor — cascade key expectations using their support.
Resourcing — If the initiative is adequately resourced, then you know it is going to succeed. You can allocate a part-time resource to get started and quickly transition him/her to a full-time position — invest further as required. Here, demonstrating and aligning on the value of ERM is imperative. Historical losses are a great source of what risks have played out and may likely continue for your organization. Besides being great conversation starters, the information can secure necessary alignment on the need for managing risks. Your finance and business teams will tell you more about them.
The multi-year path to organizational success with ERM
A mature ERM process offers strategic advantages to organizations since several value levers get unlocked along the journey. The following four milestones are usually part of that multi-year journey.
Your first year?
Are you just getting started? Here are your first ten steps, that will help you get started on a meaningful ERM journey. Are you already on your ERM journey? Ensure you have the following points taken care of:
Before you begin: Cannot emphasize enough
0. Dedicate a resource for ERM from business or operations
- Get yourself a Sponsor from Cxos
Quarter 1: Use the first few months to set up a relevant baseline for risk conversations
2. Consolidate risk knowledge within the organization from external and internal audits, management presentations
3. Research peer information for lead insights from annual reports, filings, and consulting publications
4. Align assurance (e.g., Audit, Compliance, EHS, Quality) teams on risk information, also other domain experts
5. Formally (and informally) build rapport with the domain experts
Quarters 2 and 3: Invest in alignment on relevant enterprise risks
6. Build rapport with business teams, and identify key matters of risk and risk-based decisions taken
7. Develop a framework/taxonomy appropriate to your Organization’s lingo
8. Build a multi-year value-based plan, ERM is clearly a multi-year journey
Quarter 4: Set up an enabling infrastructure for a successful ERM journey
9. Setup/Operationalise a management risk committee for value-based guidance
10. Train/Orient your organization teams on risks and your ERM program
Once you have these started, you have an awesome ERM journey awaiting you.