It’s everything enterprise risk management here at the first annual RIMS ERM conference in San Diego. One of the first sessions of the day focused on new research by APQC (a business research firm) and IBM on the evolution of ERM into a critical discipline that helps to clarify and fortify strategic decision-making.
Speaking on the topic of ERM were Grace Crickette, chief risk officer of the University of California and Rob Torok, executive consultant of IBM Global Business Services. Both risk management professionals stressed the importance of ERM within any organization and any industry, stating that the CRO’s main responsibility is to identify potential events that could affect the company. “You, as a CRO, can’t say ‘that can’t happen to us,'” said Torok. “You must keep a broad view of all possible scenarios.”
And, as both speakers agreed, you must “make friends” with the sometimes-dreaded internal audit.
“Risk management is how management stays out of trouble,” said Crickette. “You are married to internal audit and yes, you will need lots of marriage counseling.”
APQC’s research found two examples of internal audit interplay and integration:
- Marathon — audit plan is crafted with full view of enterprise risk and mitigation goals.
- Intuit — risk committee membership consists of the chief financial officer, general counsel, vice president of internal audit and the chief risk officer.
While successfully implementing an internal audit process is important, it’s also important that a company not only have one, single definition of risk when it comes to ERM, but that it also has one, single definition of “impact” in terms of how an possible risk will impact a company. “With the definition of impact, there’s high, medium and low,” said Torok. “Well what do you consider high, medium and low?”
And in terms of companies successfully using online ERM platforms, there are a few standouts:
- Intuit’s ERM software (internal use only)
- The University of California’s Excel-based risk assessment tool (publicly available here)
- Caterpillar’s voting tools and simplified reporting requirements (internal only)
(In our November issue, we ran an ERM case study involving Caterpillar, which you can view here.)
Stay tuned for more to come from the first annual RIMS ERM Conference.