Getting Started with ERM
A Conversation with David Hughes, Assistant VP of ERM and Business Continuity Planning at Hospital Corporation at America (HCA)
In a conversation with Mark Beasley, director of the ERM Initiative, David Hughes, assistant VP of ERM and Business Continuity Planning at Hospital Corporation of America (HCA), shared his experiences and insights about establishing an ERM process within a large organization.
This interview highlights the value of embedding risk management into the broader strategic framework of an organization and the role leadership plays in its success.
Here are our Key Takeaways from the Conversation:
1. ERM vs. Traditional Risk Management
David distinguished ERM from traditional risk management, explaining that while traditional risk management often focuses on avoiding risks, ERM takes a broader, more strategic view. ERM helps identify risks that could prevent an organization from achieving its strategic objectives and emphasizes a holistic approach to risk oversight. David noted that communication across all levels of the organization is crucial for ERM to succeed.
2. Overcoming Perceptions of Bureaucracy
A common challenge organizations face when implementing ERM is the perception that it’s merely another bureaucratic or regulatory initiative. David addressed this misconception by highlighting how ERM provides real value. He shared how HCA’s leadership, including the CEO, found ERM to be a valuable tool for uncovering risks they might not have otherwise identified. This creates meaningful discussions and drives better decision-making at the executive level.
3. Leadership Buy-In is Essential
The success of ERM at HCA is closely tied to strong support from leadership. David shared that HCA had been through several CEOs since starting its ERM journey, each of whom embraced the process. The ongoing buy-in from leadership not only kept the program alive but also pushed the ERM team to continuously evolve and provide more value. David emphasized that having the CEO’s active engagement was critical in making ERM a part of the organization’s culture.
4. Formalizing Risk Oversight
Some organizations may hesitate to formalize an ERM process, relying instead on the expertise of smart people on their board or management team. However, David argued that even the most experienced executives are often surprised by emerging risks they hadn’t anticipated. He suggested starting ERM at a high level to avoid overwhelming stakeholders—and then demonstrating the value through the results. A formal ERM process allows organizations to systematically identify and address risks, helping ensure that nothing falls through the cracks.
5. Creating Value with Minimal Resources
ERM doesn’t have to be resource intensive. David noted that HCA successfully implemented ERM without requiring a large team or significant resources. This is especially important for organizations that may feel hesitant to initially invest in ERM. He encouraged organizations to experiment with ERM, predicting that they will quickly see value through better decision-making.
6. Board Involvement and Emerging Risks
David also highlighted the importance of engaging the board in the ERM process, particularly around emerging risks. He shared that the board’s involvement not only strengthens risk oversight but also ensures that risks reflected in key filings are accurately assessed. Collaborating with legal and SEC teams ensures a more comprehensive understanding of the organization’s risk landscape.
Conclusion
From securing leadership buy-in to overcoming initial resistance, David Hughes brought to life how ERM can transform risk management into a valuable tool for executive decision-making.
