No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Risk

Gaining Traction with Enterprise Risk Management

by Jim DeLoach
February 20, 2015
in Risk
Gaining Traction with Enterprise Risk Management

Many efforts to implement ERM are unfocused, severely resourced constrained, and pushed down so far into the organization that it is difficult to establish relevance. The near-term results are “starts and stops” and ceaseless discussions to understand the objective. Risk is often an afterthought to strategy and risk management an appendage to performance management. Ultimately, the ERM implementation runs out of steam and is no longer sustainable.

While there is no one-size-fits-all, the following design principles will help overcome these issues:

  • Define the primary objectives of the risk management process. What does management want to accomplish with risk management? The activities of the risk management process typically include the identification, sourcing, measurement, evaluation, mitigation and monitoring of risk. However, the purpose of the process varies from company to company. One company may seek to improve its governance process. A second company may intend to reduce risk or performance variability to an acceptable level and prevent unwanted surprises. Another company may seek to facilitate taking more risk in the pursuit of value creation opportunities. Still another might want to position itself as an early mover in the marketplace relative to its competitors. The point is, management needs to have a clear view as to what ERM is intended to accomplish so the “why” question can be addressed effectively.
  • Integrate the process with the core business activities. Regardless of how the process is designed, its effectiveness and relevance diminish greatly if it isn’t integrated with core management activities such as strategy setting, annual business planning, performance management and budgeting. Effective integration can result in risk management becoming more integrated with the rhythm of the business so that it can make value-added contributions to establishing sustainable competitive advantage and improving business performance.
  • Determine whether the organization’s culture will help or obstruct the implementation process to ascertain the extent of needed change. Even the most well-intentioned risk management process can be compromised if dysfunctional organizational behavior exists and is allowed to fester. If the CEO is not willing to pay attention to the warning signs posted by the risk management function, if the reward system is not sufficiently balanced with the long-term interests of shareholders, if the board is not asking the tough questions about the assumptions and risks underlying the strategy, or if risk management is so mired in the minutiae of compliance that it is not focused sufficiently on strategic issues, it is not likely risk management will have an impact at the crucial moment when a contrarian voice is needed. Every effort should be made to transition the organization’s culture to one that encourages open communication, sharing of knowledge and best practices, transparent risk reporting, continuous process improvement, and a strong commitment to ethical and responsible business behavior. Transitioning to such a culture takes time.
  • Determine the enhancements to infrastructure that are needed. Given the nature of the organization’s risk management process, the core management activities with which that process is to be integrated, and the strengths and limitations of the organization’s culture, is the organization’s existing infrastructure sufficient to accomplish the desired objectives? By infrastructure, we mean the company’s policies, internal activities, organization, reporting and systems related to managing risk. If the answer is “yes,” then we move on to execution. If the answer is “no,” the next question becomes: What changes are needed? Changes could include any combination of things, including a risk management policy, more explicit dialogue around risk appetite, a risk management committee, a chief risk officer, improved risk reporting, a crisper delineation of board and management responsibilities, and more reliable systems and data.
  • Align the analytical assessment approach with the unique characteristics of the risks the company faces. While risk maps, heat maps and other traditional risk assessment approaches may provide a quick overview and ranking of risk, these tools can lose their value and grow stale over time once their novelty wears off. Why subject risks with different characteristics to the same assessment methodology? For example:
    • Strategic risks warrant the use of a contrarian analysis approach applied to the critical assumptions underlying the strategy.
    • Operational risks require an assessment of the various components along the value chain within which the organization’s business model is applied to assess exposure to loss of key suppliers, major customers and logistics, among other things.
    • Financial risks are more susceptible to the use of measurement tools as they relate to cash flows as well as market, credit, currency and other related risks.
    • Compliance risks require analysis of the organization’s conformance with specific laws, regulations, internal policies and/or contractual arrangements.

The point is, use the appropriate analytical framework according to the unique characteristics of the risks, rather than the same analytical grid that can leave many managers wondering what to do next.

  • Assign ownership of the risk assessment process to the managers who are best positioned to achieve expected actionable results. Engage the appropriate managers who are best positioned to own the risk assessments as well as the appropriate responses to act on the assessment results. Holding these managers accountable for driving and owning the risk responses is fundamental to any effort to integrate risk management into strategy setting, business planning and performance management. Often, ownership will vary for strategic, operational and compliance risks.
  • Support the ERM implementation from the top. The above design principles define what executives should be looking at when evaluating the role and effectiveness of risk management within the organization. They give way to this last principle: Support the implementation effort from the top. Without that support, it’s game over.

One final observation: When implementing ERM, there should be a strong bias toward keeping things as simple as possible and to leveraging existing processes and tools.


Previous Post

Stop the Conversation

Next Post

Advising Clients to Pursue an Honorable Course

Jim DeLoach

Jim DeLoach

Jim DeLoach, a founding Protiviti managing director, has over 35 years of experience in advising boards and C-suite executives on a variety of matters, including the evaluation of responses to government mandates, shareholder demands and changing markets in a cost-effective and sustainable manner. He assists companies in integrating risk and risk management with strategy setting and performance management. Jim has been appointed to the NACD Directorship 100 list from 2012 to 2018.

Related Posts

no right answer

That ‘Do the Right Thing’ Mug? It’s Missing Some Fine Print.

by Vera Cherepanova
May 20, 2025

Ethics isn’t a slogan; it’s a practice

doj sign front

Assessing the Business Risks of the Trump Administration’s ‘Total Elimination’ Strategy

by José Cortina and Jennifer Christian
May 20, 2025

As cartels increasingly participate in mainstream economic activities, traditional due diligence practices become inadequate to address new material support risks

drug cartel soldier camo

Leveraging Human Rights Frameworks to Combat Emerging Cartel Risks

by Nate Lankford, Matteson Ellis and Nisha Sawhney-Murkett
May 19, 2025

As enforcement priorities shift to cartels and foreign terrorist organizations, established human rights processes can identify and mitigate emerging legal...

You are now registered!

Webinar: What Employee Experience Reveals About Your E&C Program

by Corporate Compliance Insights
May 16, 2025

11 a.m. - 12 p.m. ET Tuesday, June 3 Are your ethics and compliance metrics capturing what really matters? Programs...

Next Post
Advising Clients to Pursue an Honorable Course

Advising Clients to Pursue an Honorable Course

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights