Good Practices to Create an Outcome-Driven ERM

The need for effective Enterprise Risk Management (ERM) can never be overstated. This requires a comprehensive approach to ERM that extends beyond traditional boundaries. In this blog, we highlight the new-age principles, practices, and rigor that actually work in designing an award-winning ERM strategy. Drawing from my experience, I am outlining key initiatives and methodologies to reshape the risk management framework.

1. Clear Philosophy on ERM Remit

Have a clear philosophy on the remit of ERM to focus on mid-to-long-term risks of the business, using an SME-embedded approach.

2. Positive Change Through Collaboration

Going beyond the charter, policies, and workshops, handhold business teams to develop detailed risk registers during the early stages. Through various collaborative exercises, enable a significant shift in risk culture and ownership.

3. 5-Factor Approach

As a precursor to risk identification, Use a 5-factor approach to have a deeper understanding of the business – It cuts across Category, Consumer, Channel, Brands, and Supply chain. This was followed by discussions on detailed strategic initiatives as part of MTP/AOP sessions.

4. Integrating Mitigation with Key Risk Indicators (KRIs)

Many organizations stop with defining generic mitigation plans, which makes the risk rating a subjective exercise on heat maps. However, measuring the effectiveness by integrating each mitigation into the performance of KRIs (both growth-linked and risk-related) and deriving residual risks enables a dynamic approach.

5. Incorporating Lead Indicators into KRI Framework

Incorporate several lead indicators within the KRI framework. For example, some organizations measure their cyber risk by the number of cyber incidents, but a better approach will be using a set of key lead indicators to measure the proactiveness of cyber-mitigations. Take another example, Innovation % of sales Vs Strength of Innovation pipeline.

6. Digital Enablement

Create digital enablement, using interactive tools that may become a single source of truth across the organization.

7. Risk Analytics and Intelligence

Many organizations stop with defining generic mitigation plans, which makes the risk rating a subjective exercise on heat maps. However, measuring the effectiveness by integrating each mitigation into the performance of KRIs (both growth-linked and risk-related) and deriving residual risks enables a dynamic approach.

8. Measuring the Effectiveness of ERM Strategy

Implement a dynamic framework to measure the effectiveness of the ERM strategy itself. Collaboration across regions/executive management/Risk champions and Board cannot be understated.

9. Interconnectedness between IA and ERM

Constantly advance interconnectedness between IA and ERM, going beyond theoretical standards. For example, if IA selected a conventional security operations area instead of a multi-stream/year digital migration that is expected to be the backbone of the business, the ERM team will challenge this prioritization considering risk implications and Board responsibilities.

ERM is also about enabling opportunities. While there are many more areas covering Innovations to M&A to crisis management, the above are a few enablers you can start with. At Innowave360, we align ERM with strategy setting and execution through risk-intelligent approaches, providing you with tailored risk management services. Reach us at connect@innowave360.com and ensure the best risk management for your organization.

Author

CEO & MD at Innowave360
Experienced Chief Internal Auditor, Chief Risk Officer and Controller – Large US, Europe and Asia listed MNCs

Leave a Reply

Your email address will not be published. Required fields are marked *