Spring 2013 ERM Roundtable Summit: Key “Take-Aways”

Overview of Spring 2013 ERM Roundtable Summit

Our Spring 2013 ERM Roundtable Summit held in Raleigh, NC on April 19, 2013 brought together risk leaders from all over the U.S. to dialogue about emerging best practice approaches they can use to strengthen their enterprise-wide risk oversight.  Over 180 executives traveled to Raleigh, NC to hear insights from the following presentations:

Embedding ERM in Strategic Planning: Lessons from Johnson Controls
John Sibson – Vice President of Corporate Strategy, Johnson Controls

Overview of ERM at Humana: The Risk Identification Process
Jennifer McCallister – Consulting Leader, Internal Audit Consulting Group, Humana

Using Multiple Dimensions to Rank Order Risks: Risk Assessment at Dell
David Chavez – Director of ERM, Dell

Executive Perspectives on Top Risks for 2013
Don Pagach – Professor of Accounting, Poole College of Management

Communicating ERM Effectiveness
Jim Fitzmaurice – Senior Director, Corporate Executive Board

Each of these speakers provided an overview of approaches to enterprise risk management (ERM) and provided in-depth illustrations of tactics they have used or observed to identify, assess, and manage an organization’s top risk exposures.  A number of practical suggestions were identified that participants took with them to strengthen their organization’s ERM processes.  A number of key best practice “take-aways” were offered:

• Effective risk oversight requires a focused, explicit risk management effort.  Often business leaders push back on the need for enterprise risk management based on their belief that “we think about risk management all the time as we do our normal management duties.”  Collectively, all of the Roundtable Summit speakers demonstrated clearly that explicit, robust, and repeatable processes are necessary to help management and boards truly focus their attention on the most important risks likely to impact the success of their strategic objectives.  Casual, ad-hoc, and unstructured approaches to risk oversight are likely to lead to significant events that may blind-side boards and executives.

• The key to effective ERM is positioning risk management processes using a strategic lens.  Each of our speakers emphasized that the objective of their organizations’ risk management process is to help management and the board understand and manage those events most likely to impact their organizations’ strategic objectives.  Our speakers helped participants understand the critical importance of centering risk management efforts in the context of the business model and strategic initiatives of the enterprise, with the goal of identifying emerging risks most likely to impact the achievement of the organization’s most important objectives.

• Risk ownership and assigning accountabilities should occur at the business unit level.  While each of our speakers is responsible for leading their organization’s ERM process, each of them illustrated how responsibility and ownership of the management of key risk exposures is assigned to the business unit leader where the risk resides.  Our speakers shared practical approaches of how they engage business unit leaders in the risk identification, prioritization, and management of key risks to the business.  A key theme noted was that the ERM leader’s role is facilitation and consultation with key business units in how that unit is managing its major risk exposures.  Risk ownership is not at the ERM leader role.

• Board and executive management engagement is critical to moving ERM up the maturity curve.  In all of the organizations represented, the board of directors and executive management is very interested and engaged in overseeing management’s ERM process and the key risks being identified by that process.  Regular board reporting about top risk exposures is occurring across all the organizations and the level of interest and dialogue between management and the board about ERM has been a significant factor in driving ERM maturity.

• A variety of approaches are used to identify and assess risks.  Our speakers shared insights about techniques they are using to identify and assess top risks.  Some are using interviews of key executives to gather information about potential risk exposures, while others use risk workshops or surveys to identify top risk issues. Survey tools tend to be used as organizations expand the number of business unit leaders to include larger number of management personnel.  Workshops are used within business units to pinpoint risk concerns across a number of business unit personnel.  In those cases, speakers noted that they do use anonymous voting technologies to strengthen the transparency of disclosures of key risk concerns.

• Providing guidance to prioritize risks is common.  Each of the speakers shared insights about the processes they use to rank order risks.  All of them have explicit guidelines that they share with business leaders to help those leaders assess the likelihood and impact of each risk. Some are pushing executives to consider other risk dimensions, such as the speed of risk and the organization’s overall preparedness in addressing each risk.

• There is no one-sized fits all approach.  Participants benefitted from the insights shared across all the speakers.  One of the key messages from the collection of presentations is that there is more than one way to approach ERM in your organization.  Each of the presenters shared unique implementation ideas that were effective within their organization.  Participants were able to see how a number of different tactics can be used to accomplish the same over-arching objective to identify and manage the entity’s most significant risks.  The key is that the approach has to be customized for each entity in light of that entity’s culture and leadership style.  As long as the ERM process is centered around pinpointing the top 10-15 key risks to the organization’s business model and strategy, then the manner in which the organization gets to that point can be flexible.

• Blending both top-down and bottom-up approaches can lead to rich risk insights. Organizations often struggle in their launch of ERM to know where to start.  Most begin with a top-down approach to risk identification whereby top executives identify and assess what they see as the organization’s most significant enterprise risk issues.  As organizations move to strengthen their risk oversight, they are finding benefit in complimenting the top-down risk identification with a bottoms-up approach that involves leaders from key business segments across the enterprise. Conducting both types of analyses with comparison across both groups can provide significant insights about potential emerging risk concerns.

• As organizations continue to evolve their ERM processes, periodic self-assessments and critiques of ERM maturity can be effective in pinpointing opportunities for improvement.  For those entities that started down the ERM path a few years back, a number of them are now in the process of evaluating their organization’s relative ERM maturity.  The Corporate Executive Board (CEB) shared a number of examples of how organizations are conducting self-assessments to evaluate opportunities for improvement in their risk oversight.

• Concerns about increasing regulations and the economy consistently top the risk concerns for 2013. While organizations face a variety of potential uncertainties that trigger risks for them, a common theme across organizations of different sizes and industries consistently rank two risks at the very top of their concerns for 2013. Regardless of industry or size of company, most are significantly concerned about the potential impact increasing regulations and regulatory scrutiny may have on their ability see growth in revenues from their sale of products and services.  Likewise, they are concerned about existing economic conditions and the forecast of slow to moderate growth on their business models.

Participant feedback from our ERM Roundtable Summit events is very strong.  They consistently comment on the practical, real-world applications that are shared by speakers that participants are able to take back to their enterprises to implement.  Don’t miss out on these events.  Mark your calendar for our Fall 2013 ERM Roundtable Summit to be held in Raleigh, NC on Friday, November 15, 2013.