With summer officially underway and the 4th of July holiday closing in, hopefully you’re getting some well-deserved time to step away.
Besides some vacation time, this lull before strategic planning resumes sometime in the early fall is also a great time to pause and reflect on the contributions of your company’s ERM program – past, present, and future.
As I’ve discussed before, ERM is not just another department like Legal, Accounting, Purchasing, Marketing and so on, but instead should be considered more like an internal consulting firm. As such, ERM doesn’t have ownership of risks except for a few possible exceptions like certain IT security needs, vendor, or supply chain risks to name a few.
A robust ERM process will play an important role in shaping the company’s strategic plan, but unlike other departments, ERM won’t be highly visible in implementing these plans.
This fact is something risk managers need to be comfortable with.
While the ultimate goal of any risk function is to contribute to the company’s growth and success as a whole…
Time must be taken to develop a strategy for how ERM will meet the company’s needs over the long-term.
Now this is not to be confused with the framework or other technical elements of an ERM program. There’s a plethora of resources available for setting this up. This is instead about asking and answering the “why of ERM.”One of the reasons why ERM programs fail is because they tend to focus on the past and present.
Strategy, on the other hand, is about the future.
Although speaking about the company as a whole, the following definition from the book Strategic Impact: A Leader’s Three-Step Framework for the Customized Vital Strategic Plan is helpful for understanding what this concept is:
Strategy is the process of making choices about the business you’re in, what you’re delivering, as well as what your organization has no intention of providing. Strategy is a framework for making decisions about how goals will be accomplished and deliver value and competitive edge, for which customers or service clients are willing to pay.”
This is especially important for ERM since again it is really more of an internal consulting firm. Clients in this case include various business functions throughout the enterprise.
With this in mind, a strategic plan for ERM is not meant to be as exhaustive as strategic planning for the company as a whole.
ERM’s strategic plan is meant to be a vehicle or blueprint for making significant changes and advancements to how you approach and support other areas of the company.
Most programs will only tinker with processes over time without making substantive changes that are needed. Incremental changes will ultimately result in failure, especially in today’s fast-paced world.
What would transportation today look like had automakers only pursued incremental changes? How about smartphones and the Internet? Would transformational breakthroughs like these have occurred without thinking then making big changes?
Again, from the book Strategic Impact…, a basic strategic plan is going to include a review of the external environment, a description of where things currently stand, where you want things to go within the next X number of years (usually 3+), plus specific and measurable goals.
Besides providing risk insights and perspective to the company’s strategic planning process, what are other areas ERM can add value? Examples can include:
- Identifying ways to help the company improve its day-to-day operations.
- Improving the prioritization of ERM’s resources.
- Improving processes executed by ERM and/or other business units. (As I previously discuss, process optimization can be tremendously valuable in identifying and pursuing opportunities.)
- Integrating ERM into projects and processes to help ensure timely and successfully completion.
- Identifying additional opportunities to provide data and insights to other departments or upper management.
As you pinpoint these opportunities and thus refine ERM’s internal strategic plan, one important point to remember is to make sure ERM is not using resources allocated for implementing the company’s strategic plan. Otherwise, you are likely detracting from the success of the company.
In the end, ERM’s strategic plan should revolve around the company’s objectives. If your ERM function is not focusing on these key ingredients to a company’s success but rather focusing on inconsequential things like having to use a specific standard or framework or trying to make a square peg fit in a round hole, it will ultimately be cast aside as another “check-the-box” activity that provides little value to the organization.
To avoid this outcome, take a little time during this summer before strategic and annual planning for next year gets underway to reflect and think strategically about how the risk function can ensure its contribution to the company’s long-term success.
On what areas should your ERM function focus in its internal strategic plan?
To share your thoughts about how your ERM program supports the company’s long-term success, please don’t hesitate to leave a comment below or join the conversation on LinkedIn.
If you prefer to share your thoughts privately, you may do so by emailing firstname.lastname@example.org.
And last but not least, if you’re struggling to determine the right direction for your ERM program and need help identifying how it can better serve your company, please reach out to me either through my contact page or my online calendar to discuss your specific goals and potential options for achieving them.