Mark Beasley, KPMG Professor and Director of the ERM Initiative, is interviewed by Michael Keegan in a “Business of Government Hour” podcast hosted by the IBM Center for The Business of Government. In this podcast, Mark and Michael discuss a number of topics about the state of risk oversight in organizations and opportunities for enhancing the strategic value of ERM. Mark outlines a number of important factors to consider when strengthening the organization’s management of the complex and ever-changing risk landscape affecting the success of their organization.
Listen to the podcast here.
Drivers of Enhanced Risk Oversight
There are both “carrots” and “sticks” that are driving the push for enhanced risk oversight. More rules and regulations (“the sticks”) are emerging that are forcing organizations to think differently about risk management. Ideally, however, organizations should seek enhanced risk oversight because they want to have a more proactive stance for navigating risks before they occur - representing the “carrot” driver of enhanced risk oversight. Mark lays out a number of “carrots” that help explain why risk management is in the best interests of business leaders and their boards.
Importance of an Organization’s Overall Culture and Tone at the Top for Value-Adding ERM
Culture is king in risk management. Without a mindset that embraces the need to understand risks so they can be managed, ERM is likely to be non-value adding for the organization. Risk management needs to be viewed as important and strategic. Pinpointing an organization’s cultural barriers to ERM that may be present and limiting the embrace of risk thinking may be one of the best first steps to take before going too far down the ERM process path. Mark outlines a number of barriers that are worth considering so strategies can be pinpointed for navigating over or around those barriers.
Strategic Value ERM Can Provide
Risk and strategy go hand-in-hand. Organizations have to take risks to realize their strategic vision. Unfortunately in many organizations, there is a disconnect between risk management and strategic planning. Organizations are realizing the importance of integrating risk insights into their strategic planning processes as they realize more risk intelligence provides huge strategic advantage.
Roles of Chief Risk Officers and Risk Management Committees
Value-adding risk oversight can’t happen without executive leadership. The percentages of organizations pinpointing a chief risk officer or senior executive equivalent leader and the percentage of organizations having a management-level risk committee are trending upward over time. ERM needs a champion of the process – not to own the risks – but to advise and coach others on effective techniques to consider and manage risks to the business. Risk Committees are especially important for creating an enterprise-wide view of risks among the senior leadership team. Mark emphasizes the value of having both of these leadership positions in place.
Calls to Action
The podcast ends with a number of calls to action.
- Obtain feedback from senior executives about their perceptions regarding the organization’s current approach to risk management. Figure out what is and isn’t working well.
- Determine whether the leaders of the organization have a good, consensus understanding of the biggest risks facing the organization. A lack of consensus may be the best eye-opener for the C-suite to appreciate the need for enhanced risk management.
- Evaluate the extent to which risk management is providing strategic value for the organization – is it mostly viewed as a compliance and operational process with little strategic value? Consider how ERM can be elevated to a strategic level.
- Identify what metrics are in place to monitor risks proactively.
- Start the ERM journey. Keep things simple, but strategic.
- Remember – Risk management isn’t getting easier over time, just more important for success.
Read ERM articles as soon as we post them
Keep up-to-date with current developments in ERM. Subscribe to the ERM Newsletter.