Question asked by
AFERM Experts Say...
One way to generate more active involvement in Enterprise Risk Management (ERM) is to make sure your stakeholders truly have “skin in the game.” As in any human activity, people get involved and stay involved with ERM efforts and practices when they can see personal benefit from the involvement.
People generally perceive benefit in two ways. Some will only see benefit in saving their skins, and such individuals tend to concentrate on threats. Others will see benefit in improving their game and will tend to focus on opportunities. It has been my experience that people with an opportunistic mindset tend to be more engaged than people focused on self-preservation; however, either set of individuals will have personal reasons for being involved and active.
Now, it turns out the amount of skin anyone in the enterprise may have depends on their role in the game. The enterprise defines those roles, either directly and specifically or not, by how enterprise goals and objectives translate to individual strategies and plans. The enterprise also defines how the individuals play the game by the culture it creates and nurtures. A culture that promotes continual improvement, encourages taking appropriate risks, and exercises appropriate accountability and rewards innovation will foster opportunistic thinking. A culture that focuses on maintaining the status quo, on punishing failure, on protection rather than promotion, and does not have clearly defined goals and objectives will foster risk intolerance.
Where does the risk management come in? Remember, the reason for risk management, whether practiced at the enterprise or individual level, is to improve the likelihood of successfully meeting or exceeding our goals and objectives. When an enterprise’s goals, objectives, strategies, and plans are translated to individual stakeholders and they accept their role, they will have something to lose and will embrace risk management practices.
To build a more effective ERM community, consider the following:
- At the top, clearly define enterprise goals and objectives with strategies and plans to achieve those goals
- Actively and regularly scrutinize the enterprise’s goals, objectives, strategies, and plans for the purpose of making them better
- Delegate the strategies and plans to the stakeholders and make it clear that the enterprise expects them to adapt their delegated strategies and plans into supporting plans of their own
- Promote a culture that encourages people to identify and spend more resources on opportunities and fewer resources on threats.