What’s Needed for the Successful Implementation of ERM?

MorganFranklin Consulting's avatar

by MorganFranklin Consulting in Federal Financial Management | Public Sector Market 

MorganFranklin Consulting is an international services firm that delivers business consulting and technology solutions to public companies, fast-growing private companies, and government clients.

With the highly anticipated release of the new OMB Circular A-123, the AGA ERM and Internal Controls Forum in Washington, D.C. provided a full day of interactive discussion on implementation and enterprise risk management (ERM) from a variety of experts from OMB and GAO, and industry leaders. A group from the MorganFranklin Public Sector team was onsite and engaged in panels, breakout groups, and discussions on this timely topic.

There are many factors to consider for the successful implementation of ERM solutions across an organization. Our top ten key takeaways help focus on what matters most:

  1. As a first step, establish a strong foundational understanding of risk and risk management, and agree upon the definition of ERM so that everyone can be aligned.
  2. Identify and create a position statement on the organization’s approach to risk to effectively communicate with external parties.
  3. Establish a culture that is aware of risk and open to change. Think of this culture made up of three parts: (1) a genuine “tone at the top” with leadership, (2) the right “mood in the middle” and (3) “boots at the base” to get change done.
  4. Eliminate the fear of retribution for people raising risks. It isn’t easy to expose weak spots, but creating an open space can lead to empowerment and change.
  5. Take stock of existing risk management processes and leverage them. It’s ok to start with a small base and expand over time.
  6. Select an ERM lead or team with a cross-cutting view to define objectives and ensure there is consistency in how risks are scored and activity is communicated efficiently to leadership.
  7. Utilize technology to increase transparency on risk information, so that it can be viewed and understood by others across different areas of the organization.
  8. Employees who have ownership of the risk should be responsible for the risk profile, not the Chief Risk Officer or ERM group.
  9. Share risk information any time a decision is presented to senior management.
  10. Lastly, don’t let the pursuit of perfection get in the way of action.
Commenting is not available in this channel entry.