You have been told to put together an enterprise risk management program. Oh, and by the way, they want X, Y, and Z in 3 months. After picking your jaw off the floor, your head starts spinning with the impossibility of meeting those expectations. What do you do?
You think that there is only one opportunity to get it right, and if it fails, the program is dead in the water. You dread the negative feedback from executives, the bored looks from management, and the phone surfing during a conversation. You cringe at the thought of presenting an idea to the board and having it thrown back in your face; or, the incredulous looks from people when we start asking them to spend time on this new thing.
Who wouldn’t? I certainly did….
A person’s natural inclination, especially risk management professionals, is to plan the detailed steps of how the program will work because you want the launch to go perfectly. You have a timeline of activities, a memo from the CEO drafted, a board presentation created, everything. So where did it go wrong?
You are now on year 3 of 2 (yes, that was intentional), and the program isn’t going as fast as the executives expect. This extended timeframe is starting to hurt the support of the program and has people questioning you and the value of ERM.
The reality is that ERM at any company or non-profit will take years to mature. No matter how supportive the executives are or how many people you have on the ERM team, it will take time. So regardless of where your ERM program is in its maturity, whether infant or teenage, you will need to manage the expectations of all people involved in the ERM processes for the life of the program.
How do you manage executives? Well, first of all, you aren’t managing the executives, just their expectations! The key to doing this is telling them the realistic timeline of when actions will be accomplished…again, and again, and again.
Making the unrealistic turn to realistic
When doing your planning, if you think an activity will take 2 weeks, are you being realistic with yourself about people’s calendars? What about the follow-up communications and activities? What is the typical turnaround time for responses?
There is a good rule of thumb, but it varies based on 2 things: how well you know the company and how optimistic you are in general. The rule of thumb is: if you think it will take 2 weeks, make it 3 weeks. With the variation in mind, if you are generally more optimistic, then you might want to make it 4 weeks.
When communicating timelines to people, be sure to include the caveats about depending on people’s calendars, other priorities, etc. If ERM is a top priority for the executives, then you could even ask the executives to work with their management teams to put ERM requests at the top of the pile for a short time.
Ensure that the executive sponsor(s) of the ERM program, whether the CEO, the Chief Risk Officer, the CFO, or another executive, understands the time that goes into ERM. Not just during “meetings” but all of the behind-the-scenes activities. For example, you could say that for every 1-hour meeting, we work for 5 hours doing analysis, follow-up communications, and reporting.
And above all…repeat the information in multiple presentations, so they hear it in different settings, different times, using different words. Once they hear it a few times, it should start to sink in…
How have you managed the expectations of the ERM program at your organization?
I would love to hear from you. Please share your thoughts in the comment field below, or join the conversation on LinkedIn.
Do you want someone to guide you through the process? Are you struggling to get your risk management initiative off the ground or back on track? Contact me to discuss your program today, or continue browsing ERMInsightsbyCarol.com to learn more.