Part 7 | Risk Managers at Risk: 7 Things You Need To Do To Save Your Company…. And Your Job

In our previous articles, we reviewed the data and process elements required for superior ERM performance. As we mentioned, the key to success resides not in the features of the systems used or the competence and sincerity of the participants involved.  Rather it comes the superior integration of the two and can be achieved only when organizations ensure that all of their ERM processes are designed to be Measurable, Accountable, and Distributed (MAD).  

If MAD are the three design principles to build a robust and strategic ERM process within your organization, what are the implications?  And more specifically, what are the actual platform or system requirements that you should evaluate (or may need to reprioritize) when considering a new system or determining how to improve your current one?  And how do these requirements support the underlying processes you need to create?

Our observations here are necessarily speculative, and may of course depend on your individual circumstance, corporate culture, and business strategy.  But the following considerations should always be major decision factors as you think about upgrading your system and process capabilities, both now and as the future landscape continues to evolve.

Here is a quick list of features and an initial assessment of their changing importance in light of our discussion.

HIGH IMPORTANCE

1. Risk Identification, Assessment, and Mitigation
2. Reporting
3. Collaboration Features
4. User Friendly Interface ‍
5. ‍Data Security
6. Updates and Improvements

Clearly any system has to identify, assess, and mitigate risk even to be considered. But increasingly, collaboration features and the user interface should be very high on your consideration list. As you distribute tasks and accountability across the organization and empower risk owners and participants, they need to give and receive feedback seamlessly, thereby refine their outputs to drive high quality and customized reporting.  Tailored data permission and access is highly desired, but as a general rule data should be as freely accessible as possible to all participants. Cloud access is also important for ongoing data security, upgrades, backup, etc.  As with any system, ongoing support and upgrades are essential.

MEDIUM IMPORTANCE

• Integration
• Regulatory Compliance

Although many platforms emphasize their extensive libraries of APIs and ability to integrate your multiple internal or home-grown systems, you may want to consider very carefully whether the benefit justifies the effort.  If the best process is rooted in collaboration of distributed risk owners with highly specific and individualized KRIs, the need to automate the process becomes less compelling.  Better to let the expertise and judgement reside with the Risk Owners and have them make the judgement calls and adjustments.  Regulatory Compliance is acritical capability that organizations (particularly in regulated industries)require, but more likely falls into the realm of GRCs, not Strategic ERM.  Don’t overwhelm your Board and Senior Management team with unnecessary detail that will distract them from focusing on the few critical issues that can threaten the enterprise.  Compliance can become an existential issue, of course, but not every reporting period (we hope!).

EMERGING OR POTENTIAL FUTURE IMPORTANCE

• Scenario Analysis
• Incorporating New Technologies

Finally, some potential features and considerations may need additional time to evolve.  As ERM becomes more sophisticated and nuanced in its approach, Scenario Analysis, Monte Carlo simulations, and What-if assessments will become a more important evaluation factor.  For now, however, this is not a realistic consideration for all but the largest and most sophisticated companies.  But this will likely change when ERM when there is tighter linkage between ERM platforms and processes.  A similar theme is currently unfolding with the incorporation of new technologies in the ERM platform space.  Many vendors tout their emerging AI capabilities for monitoring and analysis. This may prove to be a significant disruptor of existing business practices and processes, but only time will tell.  Blockchain seemed to experience a similar level of enthusiasm previously, but its impact has been minimal in the ERM space.  AI may prove to be different, but it’s unclear for now.  And most companies have neither the data nor the processes to leverage the technology immediately.  Best to stay seated for now, and invest your efforts in building core competencies rather than chasing new technologies.

Recommendation: Carefully think about how to mesh your ERM platform and organizational process to deliver higher level insights and value to your organizations. Redefine the traditional roles of participants and create enabling mechanisms to build and reinforce the new required behaviors.

Don’t settle for the status quo and continue with business as usual.  Get MAD!

‍

Book a Free, 45-min. ERM Strategy Session Now!

If you’re a CRO, CEO, CFO or COO, please fill out the form below with your name, title*, email, Company name, and phone number. We'll give you a call some time between 8:30AM - 5 PM ET, Monday thru Friday to schedule the session.

*Appointments limited to Senior Managers with Risk Management Responsibility only.

‍

Subscribe to receive alerts when new insurance related thought leadership content is published by our ERM subject matter experts: