John Tartt, assistant vice president of Enterprise Risk Management at Atrium Health recently spoke with NC State ERM Initiative Executive Director Bonnie Hancock about the organization’s ERM initiatives.
Based in Charlotte, North Carolina, Atrium Health is an integrated, nonprofit health system with more than 70,000 employees serving patients at 40 hospitals across over 1,400 care locations.
During the conversation, Hancock posed a question she referred to as the ‘holy grail’ for ERM professionals, “How did you get your enterprise risk management program integrated with strategy?”
Tartt’s response introduced two key insights, as well as a 3-pronged approach to integrating ERM with strategy.
Insight #1: If at first you don’t succeed… try again.
After a decade of unsuccessfully attempting to integrate ERM with organizational business strategy, Tartt found a serendipitous opportunity to engage the CEO in a conversation about ERM when working on a presentation for the company’s board. They agreed that, with the leaders around the table, the time was finally right to “make it happen.”
Insight #2: For some people, ‘risk’ is a four letter word.
“Don’t use the word risk,” said Tartt. It’s not a four letter word, but risk puts people on the defensive. Better word choices include “obstacle” or “barrier,” or even explaining “what is not going to allow you to accomplish your goal.” We’ve had much better success with alternative language.
- Create an ERM Executive Council
This team, comprised of the CEO and several other C-level executives, provides high-level support to the ERM team by layering the “strategy lens” on top of ERM initiatives before they are put in front of the board. In Atrium’s case, the council is co-chaired by the chief legal officer and the chief strategy officer to further integrate risk management with strategy.In a recent conversation with Yvette Connor, an ERM Practice Leader with Grant Thornton LLP, she referred to this as the “Musketeer team.”
- Operationalize the ERM + Strategy Connection at all Levels
Once the executives are championing the integration of ERM and strategy, identify key places within the organization where the functional teams must collaborate. At Atrium, the risk division includes professionals across ERM, compliance, privacy, internal audit and legal teams. The risk division operates a formal “risk council,” and the strategy division a “strategy council.” Each now includes representatives from the other to share new perspectives and keep open lines of communication. - Embed ERM into Strategic Planning and Operational Processes
Tartt offers a few specific examples from Atrium:
-
- Atrium includes a risk assessment as a component of any strategic initiative that enter’s Atrium’s budget approval process. “If you’re working on one of our strategic initiatives… say our carbon footprint… before that move forward for funding, there’s a risk assessment involved.”
- Atrium is building ERM toolkits for operational leaders to be introduced along with the strategic planning process. “So, as they set goals and objectives for the year… they’ve got some resources.”
- Tartt and his team have also partnered with the HR team to develop some “risk expectations or cultural norms around risks that we want to educate those leaders on on a regular basis.”
Interested in this topic?
You may also like this article, Integrating ERM and Strategy, featuring video insights from Yvette Connor, Principal and Risk Advisory, National Strategic and Enterprise Risk Practice Leader with Grant Thornton, LLP.
