The ERM Journey Continues: Reflections from the Spring 2019 NC State ERM Roundtable Summit
As this spring’s 2019 ERM Roundtable Summit wrapped up, one clear theme emerged—ERM continues to be a journey. Each speaker detailed how their organization had become more sophisticated in its ERM process, and also identified further enhancements that are in the works!
One way that companies are becoming more sophisticated is in how they are connecting ERM and Strategy. Each speaker, from Linda Milburn-Pyle at Advance Auto Parts to Vito Giovingo at McDonalds, to Matthew Dunn at Conagra to Rick Moyer at Stanford University, took time to not only share background about their organization, but went a step further to describe the organization’s strategy or key strategic goals in order to set the stage for describing how ERM is used to further those strategic goals. At Advance Auto Parts, for example, the ERM function is working to ensure there is rich understanding about the implications that particular strategies may have on the organization’s risk profile. At McDonalds, one of the explicit objectives of the ERM program is to enhance strategic decision making. At Conagra, the ERM function supports a risk/ return framework that is used to evaluate alternative courses of action.
Another key step in the journey is the continued improvement in the quality of the conversations around risks. Each speaker emphasized the importance of having a meaningful conversation to tease out key risks and opportunities, and to evaluate risk responses. In order to improve the quality of the conversation, the ERM function may need to simplify the risk information. In this way the focus of the conversation can be moved to the issues that will have the greatest impact on value. Said another way, the conversation needs to shift from “risk list management” to a more action-oriented focus on responding to the key risks. It was also noted that there are still many critical risks that don’t lend themselves to a quantitative measure, and therefore dialogue is necessary to arrive at the appropriate qualitative assessment.
As companies more tightly integrate ERM and Strategy, ethics and compliance still play a key role in enterprise risk management. At Stanford University, the Chief Risk Officer leverages the intersection of ERM, Compliance and Internal Audit to maximize the value added by each function to the risk identification and assessment process and to provide greater assurance that risk response plans are working as intended. At Advance Auto Parts, the Chief Risk Officer and Chief Audit Executive roles are combined which provides opportunities for efficiencies, but can also present some challenges.
Finally, each speaker made clear that the ERM journey would continue for their organization. Each clearly identified process enhancements that were “in the works.” For example, at Advanced Auto Parts, automation of key ERM processes is under way, and resources are being added to provide data analytics. At McDonalds, the journey continues to gain additional perspectives by better focusing risk discussions and continuing to add links to strategy. At Stanford, the ERM function has new goals that include an increased emphasis on the trending of enterprise risks, and enhancements to risk reporting, among numerous other improvements.
Save the Date! Plan to join us at our next ERM Roundtable Summit on Friday, November 8, 2019 as we continue the journey of providing thought leadership on Enterprise Risk Management by facilitating peer to peer sharing of best practices.
As Executive Director of North Carolina State University’s ERM Initiative, Bonnie Hancock works closely with senior executives as they design and implement enterprise risk management (ERM) processes in organizations they serve. That hands-on advising leads to insights about techniques useful in addressing a number of practical challenges associated with ensuring ERM processes are value adding without over-burdening the process. In this article, Bonnie addresses techniques that might simplify the process of prioritizing risks.
