Employees often think of enterprise risk management (ERM) as just another level of bureaucracy they have to deal with. In fact, CEB research has shown that the leader of ERM's greatest fear is typically that it is considered another check-the-box exercise or low-value administrative initiative.However, while most ERM teams strive to enable greater risk-informed decision making in their organizations and align their approaches with strategic objectives, very few effectively contribute to the strategic planning process even when they are involved. In fact, a recent CEB survey found that, while 62% of respondents said the ERM team owns their organization's risk training process, only 25% actually participate.
It is vital that employees at all levels are mindful of organizational risks. These could impact the company's ability to achieve strategic objectives, which in turn may hinder an individual's ability to achieve personal performance-based objectives. As the business environment becomes more interconnected, the importance of understanding the company's risks only increases. Thus, some of the best companies use the ERM team and process to help employees understand what risks the company faces and make risk-informed decisions.
Instead of one-sided training sessions, interactive boot camps can help embed ERM principles throughout the company. At one organization, the ERM team conducts a full-day workshop that consists of three main components. First, a classroom lecture by an ERM representative educates participants on the company's ERM philosophy, framework and application. Next, participants go through a series of simulated decision-making scenarios based on real-life examples. They are asked to create a list of top risks, assess the risks of a specific project and then devise a risk appetite statement that fits their assessment. Finally, the results are compared to what business unit leaders actually crafted. Participants then discuss the merits and pitfalls of their approach, and compare their output to the company's ERM framework and approach to risk-informed decision-making. They also consider what changes would align their decisions with the company's risk management philosophy.
The objective of the workshop approach is to bring about a fundamental change in employees' thought processes and improve overall risk awareness. To institute a similar approach at your organization, there are three key considerations:
Keep it interactive: The most progressive ERM teams create or revise training programs to be as interactive as possible. Developing interactive training exercises will help maximize the impact on decision-making and improve the return on time and resource investment.
Keep it practical: Do not spend a lot of time on ERM theory and how it works in the abstract. Focus on the practical, day-to-day application of this approach. When you teach employees about risk management, make sure you are providing adequate guidance on how to use it in real-life scenarios.
Keep it personal: To make sure ERM is not viewed as just another check-the-box exercise, focus on the value it provides to individual employees, how it will help them do their day-to-day jobs and how, if used correctly, ERM can help them achieve their goals. Basically, focus on why it matters to them.
By using these strategies to plant the seed of risk-adjusted decision-making in employees' minds, ERM can help create self-sustainable risk management capabilities across the business and get everyone to think like a risk manager.