ERM from the Top

Russ Banham


April 1, 2014


Since its founding in 1895, Lincoln Electric has been a top-down driven company. John C. Lincoln launched the business with a capital investment of only $200 and a focus on electric motors. In 1911, Lincoln and his younger brother, James, hit upon the product that would define their future—the world’s first variable-voltage, single-operator, portable welding machine.

Today, Lincoln Electric is a Fortune 1000 company that manufactures welding products, arc welding equipment and robotic welding systems. That original $200 has more than paid off—sales in 2012 were a record $2.9 billion.

When the company’s risk manager, John Hach, saw an opportunity to move Lincoln Electric to an enterprise risk management (ERM) platform, he knew he needed company leaders to champion the project.
This interview is part of a continuing RIMS Q&A series spotlighting ERM practitioners. For more, visit the RIMS Strategic and Enterprise Risk Center at

RM: How was the ERM process launched at Lincoln Electric?

Hach: We’ve been doing ERM since late 2007, right before the financial crisis hit, so we had some of this in place before the crisis took hold. The way to get things done here—and I suspect in most places—is to have it driven from the top. If you don’t have board or top management buy-in, the effort is not worth pursuing. It would be a waste of time. Fortunately, the directors had already heard about ERM from the other boards they sit on, their own companies or articles they had read.

RM: Was there any pushback?

Hach: The current CFO is a strong proponent of ERM. The CEO didn’t buy into ERM immediately but, after a few months, he also thought it was a good idea. One of the major obstacles, though, was management. Since ERM assigns people responsibility for risks and holds them accountable for the management of those risks, they were not exactly supportive of the idea. Having top management’s support of ERM was instrumental for us to roll it out globally.

RM: How does the ERM process function today?

Hach: We initially executed a risk map that identified 70 different risks, which we then narrowed down to a dozen to focus on. The determinants were frequency, severity and velocity—how fast these risks were moving. We put together a dashboard that defined our risks and listed the various metrics we would use to monitor them. It’s a typical dashboard with red, yellow and green “traffic lights.” The dashboard is a key component of our approach to ERM that we review, to varying degrees, at every board meeting. We also send the board a substantive, written ERM update prior to the meeting that covers the key issues.

RM: What kinds of risks does the dashboard capture?

Hach: The dashboard is mainly for execution risks. The top of it, for instance, says “Operational Risks.” Things like business continuity and supply chain risks are also on the dashboard. We do examine strategic risks, but we don’t necessarily document them on the dashboard. They are discussed at the board meetings, however. At these meetings, we have five different segments globally, and each respective leader gives a presentation regarding how they have embedded risk discussions in their business plans and what they’re reporting on. Having the dashboard and the risk discussion embedded in management presentations incorporates ERM into the company’s normal, on-going management and governance processes and doesn’t treat it as a separate compliance exercise.

RM: Can you provide an example of how it works?

Hach: A key operational or execution risk is new product development. We divide this into four areas—intellectual property development, time to market, relative investment in R&D (how much we are spending) and innovation effectiveness. These are the four headings on the dashboard. If we’re doing these things right, we essentially have good new product development.

In each of those four categories, we have different metrics, like the percentage of U.S. patents issued in the last five years under “intellectual property.” That tells us if we have products that are going to be unique. We also have a metric indicating where our welding products are ranked and another indicating where our patents are cited. The latter may mean someone is trying to copy us, which tells us we have a good product that will be in demand.

RM: In this example, how do the “traffic lights” alert you to a risk?

Hach: A green light indicates that the percentage of our total U.S. patents issued in the last five years is greater than 30%, yellow is 20% to 30%, and red is less than 20%. We also have a benchmark column that shows what third parties, like a rating agency or a composite of our competitors, would consider “good.” The dashboard is a great way to communicate with the board and shareholders what our risks are. It helps us decide which operational risks we want to avoid, which we want to chase, and what we’re doing about it.

RM: After going through it, how do you think ERM can benefit an organization?

Hach: Risk is unavoidable in every organization, so why not plan and manage it across the business? That’s what ERM tries to do. Through an organized risk assessment, you can establish a risk appetite, and ERM tells you what is and isn’t tolerable.

The risk awareness gained through ERM is its biggest value for an organization. I wish I could say there is a definite ROI from ERM—that our overall performance improved because of it—but I can’t. The problem is that we can’t know what our performance would have been without it. But my gut feeling and common sense tell me that, if you improve risk awareness across management, if people are more cognizant of risk and their risk responsibilities are clarified, you’re moving in the right direction and improving the probability of successful achievement of the organization’s goals.
Russ Banham is a veteran business journalist and author based in Los Angeles.