This summer, I took a six-day motorcycle trip through Montana and Wyoming. While touring some of the most beautiful parts of the country, it struck me that operating a motorcycle and implementing ERM have a lot in common. On the road, the continuous monitoring of your speed, body posture, the weather and road conditions, the lane you are traveling, other vehicles, and the surrounding landscape can help you clear your mind and focus, allowing you to achieve a sort of Zen-like state where both you and the motorcycle are in tune.
ERM offers a similar peace of mind that risks and opportunities are being addressed, that you are moving the company forward with a specific focus, and building an organizational risk culture that employees, clients and shareholders will appreciate. For the best ride, on both a motorcycle and while implementing ERM, it is critical to:
Hone your instincts. Your senses are keener on a motorcycle. While riding, you can smell the freshly cut hay of a farmer’s field, feel the vibration as a train rumbles alongside you and generally notice the little things that might be missed in a car.
ERM provides a similar experience, giving you an enhanced ability to laser in on details that can be missed with a more traditional risk management approach. ERM professionals often become more in tune with their company’s views not just on risk, but on the underlying business direction the company wants to take and, in turn, they develop a heightened awareness of opportunity and risk surroundings.
Plan ahead. There is a great deal of planning that goes into a motorcycle trip, including mapping out your route (always allowing for the unexpected), identifying the locations of fuel and resources along it, packing appropriate clothing for the weather, and ensuring you have emergency items and a motorcycle repair kit (i.e., duct tape and WD-40).
ERM also requires intense planning. Where are we going? How long will it take to get there? Is this journey with a group or are you going it alone? Do we have alternative routes mapped out? Have we planned where to get our resources? When and where will we stop along the way to review where we have been and if we are still on schedule? To be successful, both ventures require planning and adjusting the plan according to change.
Follow the law. On my ride this summer, I was pulled over for going 40 mph in a 30 mph zone. I broke the law, though the forgiving police officer in Thermopolis, Wyoming, thankfully let me go with a warning.
Just as motorcycles are not exempt from the rules of the road, ERM also has to abide by applicable regulations and laws. Sarbanes-Oxley risk assessments, New York Stock exchange audit committees for risk management, rating agency requirements for risk evaluation, ISO 31000 ERM rules, and innumerable industry-specific regulations are all part of ensuring that you and your company adhere to the rules of the ERM road. Just as importantly, internal company bylaws and compliance rules for ERM must also be implemented and enforced.
Embrace (some) technology. Newer motorcycles are equipped with GPS trackers, enhanced anti-lock braking systems, Bluetooth connectivity, sensors for stability control and helmets with voice-activated command response. Similarly, technology advances for ERM can also assist and enrich the experience with dashboards that automatically populate as new assets, personnel or products are added, smartphone apps that deliver ERM data, and wearable technology for employee activity tracking.
While these advances are beyond valuable for both motorcycles and ERM, technology can also be a distraction. Always believing what our eye-catching spreadsheets tell us can be hypnotic, and new bells and whistles can distract you from watching the road, scanning the horizon for sharp turns, seeing stumbling blocks or cracks in your path, and being ready to adjust speed and braking. When driving a motorcycle or steering an enterprise risk management program, technology can be an important component, but should not be the sole focus.
Stay in your lane. Identifying, analyzing, prioritizing, dashboarding, reporting—the day-to-day tasks of running an enterprise risk program can make the ERM road pretty wide. At times, it can be easy to veer into another department’s lane. Compliance, legal, operations, governance, internal audit and accounting all have their own lanes with perceived lines of demarcation. ERM has to ride close to those lines but should not routinely cross over. Conversely, those same departments also have to know that risk management is heading in the same destination and may sometimes have to veer into their lane to keep traffic moving. But just as on a motorcycle, you have to pass with caution and purpose, signal that you are coming into the lane, and be sure to thank them when you leave.
Use your mirrors. When riding a motorcycle, it is almost as important to know what is behind you as it is to know what is in front of you. You have to adjust the mirrors each time you get ready to ride, make sure nothing is in your blindspot, and check regularly for approaching 18-wheelers. In the world of ERM, blindspots can be fatal to the enterprise, so checking them is critical for risk managers as well.
Knowing where you came from is also important in the ERM process. The long road that got you here will also help shape where you are going. Most importantly, you need to see what risks, issues and opportunities may be coming up in your rearview mirror—even risks you thought were behind you can come back quickly, and a look back can be a lifesaver.
Ride with others. You do not have to go it alone. Most motorcyclists enjoy riding with other bikers or passengers. It offers a sense of belonging and of sharing an experience. Those who ride motorcycles recognize one another on the road and even have a biker wave when passing one another. It is motorcycle camaraderie and we support one another.
ERM leaders know that same feeling of camaraderie. We know that we can share similar experiences, management roadblocks, new exposures, failures and successes with other ERM road warriors. When ERM professionals need help or advice, they turn to others who are on the same journey and have had similar experiences. They attend the same conferences and routinely counsel one another. Perhaps they will even develop a secret handshake of their own someday.
Be patient. The famous philosopher St. Augustine said, “Patience is the companion of wisdom.” On a motorcycle, there is no denying the thrill of going “full throttle,” but the real joy is cruising at an even pace while you anticipate the next view or opportunity around the corner. Patience breeds the wisdom to wait two seconds after the light turns green to avoid getting hit, or to wait for a clear lane to pass a farm tractor on a two-lane road.
Enterprise risk managers must have patience as well. They need patience for the company to recognize the vital role ERM plays and the wisdom to show stakeholders the rewards. There are times you must wait on resources, board approval, access to data and the green light to move forward. ERM does not happen overnight; it requires the patience and wisdom to know that you are in it for the long haul.