An article I recently wrote on enterprise risk management (ERM) is the cover story in the current issue of The Federal Credit Union magazine. While ERM is a topic that probably doesn’t have much appeal beyond financial services, I think much of what I gleaned from the experts I spoke to applies not just to risk but to change management as well.
ERM is first and foremost a process that everyone in the enterprise must embrace, from top to bottom. It’s all about creating a risk culture that supports and aligns with the organization’s mission.
In reviewing the 10 tips I compiled for a sidebar, I can’t help but think most of these apply to any organization that’s attempting to change its culture. Here are those tips (wherever you see the word ERM, just think change!):
- Walk before you run. “Appropriately set expectations,” advises Andy Vanderhoff, CEO of Quantivate. “ERM is a journey that takes quite a few years. Take steps slowly and surely to get there.”
- Don’t shove it down people’s throats. “ERM doesn’t mean that you throw away everything that’s already been done,” says Vanderhoff. “Build on the effective risk culture that got you to this point. Don’t dismiss it.”
- Start at the top. “ERM may get assigned to a midlevel management person,” says Jeff Owen of the Rochdale Group, “but it needs to start with the CEO and board. They should set the tone and embed the ERM culture across the institution.”
- Give everyone a voice. “IT, business continuity, information security — these are functions that may feel like they don’t have a very big voice in the organization,” says Vanderhoff. “Make sure their voices get heard.”
- Get the right people on board. “You want people on your committee who can be allies of ERM,” Vanderhoff says. “Pick people who will help you create and support the ERM culture, not resist it.”
- Leverage the work you’ve already done. “You don’t need to reinvent the wheel,” Vanderhoff says. “You may already have an internal audit function and a compliance department. Leverage and integrate those to drive the process.”
- Think through your data collection needs. “The last thing you want is another data silo,” cautions Vanderhoff. “There should be a valid business driver behind the data you collect.”
- Get the process down before you automate. “Process precedes automation,” Vanderhoff states. “If you’re looking for software, ask in-depth questions about what kind of process is included.”
- It’s not a one-time thing. “ERM isn’t a once-a-quarter, once-a-year thing,” notes Department of Labor Federal Credit Union CEO Joan Moran. “It’s something that you should be doing all the time.”
- Learn as you go. “Don’t be afraid of the process,” suggests Margie Johnson of SAC Federal Credit Union. “It’s a work in progress, and we’re always learning.” Adds Vanderhoff, “With ERM, you want to enjoy the journey, not just the destination.”