external ERM resource

What to Look for in an External ERM Resource or Consultant

Extending on our theme from last week on the people side of ERM, I want to outline some things I think organizations should look for in an external ERM resource (a.k.a. “consultant”). Although I outline the skills and personal qualities of an effective ERM professional in a prior post, there are special considerations when looking…
Read More

Relationships: A Common but Fatal Mistake of Risk Management

The majority of articles on my blog focus on the process side of enterprise risk management. I’ve discussed at great length subjects like setting up an ERM program, risk identification, risk assessment, and more. However, the process and technical skills is only part of what goes into a successful, value-enhancing ERM program. If you’re like…
Read More
implementing ERM

The Hazards of Implementing ERM without a Plan

I cannot tell you how many times someone has asked me questions about random parts of an ERM program. The discussions range from basic concepts all the way to advanced topics. What is prompting the jumping between topics? It is typically these two things: Someone looked up ERM and saw some aspects, which looked really…
Read More
risk acceptance

One Tool for Informed and Responsible Risk Acceptance

As part of your daily life, you drive a car, walk down the street, ride in elevators, go swimming, have children. Correct? You live your life. Well, you are accepting risk in all of those things. In fact, having a home or renting an apartment also entails risk…fire, wind damage, snow or ice, tornado, earthquake,…
Read More
risk review

3 Ways to Avoid the Check-the-Box Trap in Risk Review

In both my experience and according to a white paper from PwC, a common ERM challenge is how an annual risk review becomes a check-the-box activity. It shouldn’t be this way… Regardless of the reasons, everyone from executives all the way down to entry-level managers and employees have enough “bureaucratic” burdens as it is. An…
Read More

Key Players for Successful Risk Identification

In order to have a risk management effort that ultimately “creates, protects, and enhances shareholder value,” you must first have a successful risk identification process. I’ve said it many times, and have heard it repeated elsewhere, that risk identification serves as the foundation for the entire risk management process…without it, the entire process is just…
Read More

GDPR Compliance Exposes Huge Interdependencies within Organizations

Now that some of the heat has died down on this topic, I thought it would be a good time to discuss observations about GDPR from an ERM perspective. Last month, the General Data Privacy Regulation from the EU was a hot topic. You undoubtedly received emails from your subscriptions and apps explaining that new…
Read More

Was Organizational Culture the Key Driver in the Collapse of a Major Company?

A large (~5£ billion) publicly traded construction company, Carillion, collapsed earlier this year after months of ignored financial warnings. In fact, because of the size of the organization and how this all went down, the UK Parliament conducted an in-depth investigation into the collapse. The report of the Parliament investigation is quite interesting. It starts…
Read More