It’s everything enterprise risk management here at the first annual RIMS ERM conference in San Diego. One of the first sessions of the day focused on new research by APQC (a business research firm) and IBM on the evolution of ERM into a critical discipline that helps to clarify and fortify strategic decision-making.
Speaking on the topic of ERM were Grace Crickette, chief risk officer of the University of California and Rob Torok, executive consultant of IBM Global Business Services. Both risk management professionals stressed the importance of ERM within any organization and any industry, stating that the CRO’s main responsibility is to identify potential events that could affect the company. “You, as a CRO, can’t say ‘that can’t happen to us,'” said Torok. “You must keep a broad view of all possible scenarios.”
And, as both speakers agreed, you must “make friends” with the sometimes-dreaded internal audit.
“Risk management is how management stays out of trouble,” said Crickette. “You are married to internal audit and yes, you will need lots of marriage counseling.”
APQC’s research found two examples of internal audit interplay and integration:
- Marathon — audit plan is crafted with full view of enterprise risk and mitigation goals.
- Intuit — risk committee membership consists of the chief financial officer, general counsel, vice president of internal audit and the chief risk officer.
While successfully implementing an internal audit process is important, it’s also important that a company not only have one, single definition of risk when it comes to ERM, but that it also has one, single definition of “impact” in terms of how an possible risk will impact a company. “With the definition of impact, there’s high, medium and low,” said Torok. “Well what do you consider high, medium and low?”
And in terms of companies successfully using online ERM platforms, there are a few standouts:
- Intuit’s ERM software (internal use only)
- The University of California’s Excel-based risk assessment tool (publicly available here)
- Caterpillar’s voting tools and simplified reporting requirements (internal only)
(In our November issue, we ran an ERM case study involving Caterpillar, which you can view here.)
Stay tuned for more to come from the first annual RIMS ERM Conference.
Similar Posts:
- RIMS ERM Conference: A Q&A on the Future of ERM
- RIMS ERM Conference 2021: Integrating Net Zero Commitments into ERM Plans
- RIMS ERM Conference 2021: Introducing the New RIMS Maturity Model
- RIMS ERM Conference 2021: IRS Receives Global Enterprise Risk Management Award of Distinction
- RIMS ERM Conference Preview: Q&A with Keynote Dr. Andrea Bonime-Blanc
Hi Emily – I work for a risk software company here in Houston, our products are geared more toward schedule risk analysis and project management but I really enjoyed your post. Rob is right, no organization or project can afford to have a “it could never happen to us” mentality. It is better to be prepared for events that in all probability will never happen thereby reducing their impact.
Anyways, thanks for sharing! – Aly