On Thursday, Oct. 6, NC State’s Enterprise Risk Management (ERM) Initiative hosted the fall installment of its biannual ERM Roundtable Summit. The first in-person gathering in three years, the event brought together more than 130 risk leaders from across the United States to network and learn best practices from ERM experts in industry and academia.
Designed to cultivate thought leadership around emergent ERM issues, the event featured sessions on expanding ERM’s global perspective, navigating ransomware events, engaging executives in strategic risk management, engaging leadership across the enterprise in today’s remote and hybrid environments and the growing importance of ERM’s assessment of ESG and climate-related risk issues.
One major theme emerging from the sessions was the importance of leadership, as well as ongoing communication and a culture of trust, in driving ERM forward.
Managing global risk with leadership buy-in
In a session on expanding ERM’s global perspective, Mike Burns, director of enterprise risk at Corning, Inc. and a member of the ERM Initiative’s Advisory Board, explained how Corning’s chief operating officer (COO) played a key role in strengthening the company’s risk management efforts. The majority of the company’s manufacturing occurs in China, which makes managing its global risk important – especially as the rate of global change accelerates.
“Looking at China in the context of our strategy, our COO said, ‘I want to have no regrets that we missed something from a risk standpoint. So what do we need to do differently?’ That started this journey of thinking more about our risk in China – and globally,” Burns said.
In a gap assessment, Corning evaluated its risk management efforts using the five components of the ERM framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). “We took our honesty pills and were brutally honest with each other, identifying opportunities to do more and improve our alignment with COSO’s framework,” Burns said.
With these insights, as well as others from benchmarking, Corning was able to establish new operating structures to drive more action and accountability in the organization, strengthen the overall link between ERM and strategy and implement new methods – including an emerging themes tracer and quarterly whitepaper – to be more proactive about identifying risk down the line.
“One word that drives me crazy is monitor. As risk people, we talk so much about monitoring. That’s great to a point, but when something happens, you have to do something about it and drive action,” Burns said, showing a video to drive his point home.
“So now, we’re having these conversations much earlier in the process, which gives us the ability to see around the corner. When we took our honesty pills, we realized we weren’t doing great at this before. We were much more reactive, seeing something in the news and then wringing our hands. We realized we needed to do a better job of identifying things that wouldn’t just hit us next week, but next year,” he continued.
For Burns, Corning’s journey in managing its global risk illustrates the importance of having buy-in from senior leadership. “The difference for us was having our COO’s support behind us. That was invaluable and we couldn’t have accomplished what we did without him.”
Building trust with executive leadership
Larry Baker, chief risk officer for American Fidelity Assurance and a member of the ERM Initiative’s Advisory Board, and Mike Leonard, associate vice president of enterprise risk management for American Fidelity Assurance, agree that the support of executive leaders is indispensable. In a session on engaging executives in strategic risk management, they shared that this support is key to successfully driving ERM within an organization – and that this support starts with trust.
“Once the executive team trusts you, you can [integrate] ERM and strategy – rather than having ERM be something that’s over here and strategy something that’s over there. But without trust, you can’t have that kind of collaboration and communication,” Baker said.
To successfully engage executives and build trust within their own organizations, Baker encouraged participants to focus on the company’s strategic goals and the big, long-term risks linked to these goals. Baker also recommended adopting the same language that executives use – rather than using risk jargon that executives are less familiar with – and to take one practical step forward at a time that executives can follow and understand. Additionally, he emphasized that risk professionals ought to be good listeners – paying close attention to what stakeholders are saying and doing what is best for the company.
“Listen and then listen and then listen again – and then do something different in response to what you’ve heard. Whether it’s the chairman of the board or the president, if they’re asking questions or challenging your process, you better step back and listen,” Baker said.
Navigating ransomware attacks and security breaches
Strong communication and leadership are also key to weathering storms like cyber attacks, according to Brian Bark, executive vice president and chief information officer for Sinclair Broadcast Group and a member of Poole College of Management’s advisory board. Reflecting on a ransomware attack that hit Sinclair nearly a year ago in his session on navigating ransomware events, Bark explained that leadership and communication – along with collaboration and partnership – were essential parts of Sinclair’s response strategy and what allowed the company to remain resilient in crisis.
With security breaches on the rise and cybersecurity at the top of many companies’ risk agendas, companies can proactively respond by strengthening these four components. And focusing on leadership, in particular, is critical.
“Leadership was paramount to the success of our response. When something like this happens, it’s chaos. Our leadership promoted organizational composure and understood cross-functional impacts. We had people at Sinclair who had been there for decades – so they knew the importance of understanding the dependencies of our different business areas,” Bark said.
By providing executive teams with daily updates during recovery, activating communications platforms to reach the total employee population, mobilizing a central control center (or, as Bark calls it, a ‘war room’), regularly engaging key industry partners and employing guidance from financial, legal and insurance entities, Bark said that Sinclair was able to successfully respond to the attack.
Accordingly, Bark emphasized the importance of reviewing and rehearsing incident response plans and ensuring leaders have clarity around their roles and responsibilities. “This seems easy. It’s not easy. It’s very difficult and you need to get extremely organized in order to prioritize your response. When you have an event of this magnitude happen, prioritization is absolutely essential.”
Continuous learning for a changing world
Roundtable Summit participants also learned about Poole College of Management’s new Master of Management, Risk and Analytics program from director Ericka Kranitz and the three dimensions of team leadership from Brad Kirkman, General (Ret.) H. Hugh Shelton Distinguished Professor of Leadership.
Additionally, participants had the opportunity to hear a panel discussion on embracing and expanding expectations related to environmental, social and governance (ESG) and climate risk disclosures moderated by Bruce Branson, associate director of the ERM Initiative. Panelists included ERM Initiative Advisory Board members Christopher Geiger, director of enterprise risk and sustainability for Lockheed Martin; Christol Bordovsky, enterprise risk advisor for Marathon Petroleum; Bob Caston, senior credit executive for Bank of America; and Kelli Santia, assistant director of strategic risk management for General Motors.
“It was such a privilege to gather in-person again with risk professionals across the country,” says Mark Beasley, director of the ERM Initiative. “Like the university itself, the initiative aims to inspire leaders to ‘Think and Do’ – and having these spaces where leaders can share their knowledge and expertise with one another is one key way we drive that mission forward. Our hope is that risk professionals, equipped with valuable insights, can make strides forward in connecting risk and strategy within their organizations and building resilience in uncertain times.”
Subscribe to ERM Insights
The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.