Most ERM Practitioners don’t. They might think they do, but in reality their role and sphere of strategic influence is extremely limited. Is it possible an invisible boundary or glass ceiling as it were, might actually exist for Enterprise Risk Management (ERM)? Why and how do we break through it?
The answer is found in the evolutionary track of ERM itself. When I migrated my career toward ERM in the mid to late 90’s, pioneers like myself were expected to leverage our ERM efforts in ways that produced tangible value for the company. If not, our proposals were quickly dismissed and our ideas for advancing enterprise risk management immediately rejected. At that time, if you attempted ERM without speaking the language of the C-Suite, it was a non-starter; relegated to the specific functional areas from which we came, such as insurance, actuary, legal, audit, hedging, treasury, finance, etc.
In 2002, everything changed. The Sarbanes-Oxley Act (or SOX) both raised awareness for ERM and limited it to a “box”, all at the same time. The rating agencies such as S&P, Moody’s and A.M. Best also got in the game, further boosting awareness. There is no doubt that ERM is now the buzzword at the Board and C-Suite levels, but the understanding of and purpose for ERM at these levels is still extremely narrow. Just check-out COSO’s 2010 Report on ERM. The report’s entire focus is on oversight, risk ownership and the perception of the COSO ERM Framework. This demonstrates that for the most part, the C-Suite still looks at ERM as a compliance exercise or corporate governance issue comprised mainly of “risk registries” and other documentation efforts. Sure, the rhetoric seems supportive. However, if we are honest, few ERM leaders actually find themselves seated at the strategic round table. So, how do we right the ship and secure the influence necessary to be successful?
We must return to a value-based approach to ERM. We must translate our craft (once again) in terms of dollars and cents, ROI, earnings per share and shareholder value. We must speak the language of the C-Suite!
Here are a few tips to help you “right the ship” in your organization:
- Use dollar-terms when at all possible – this is probably the most important tip I can give and the one sure to immediately resonate with senior leaders. Of course skeptics will say that most risks cannot be assessed in dollars terms. The truth is that “Red, Yellow, Green”, “1 to 10/1 to 10” and other qualitative assessment methods are simply safe – very safe, but only enable directional moves, not key decisions. You can create colorful charts and neat matrices using these methods., but run the risk of leaving your audience without actionable information. You might even get a complement on your work, but you’ll likely still find yourself stuck in your box. Why? Because these methods confirm among senior leaders that ERM has a limited application. Neat information, but absolutely no link to their strategic thinking and important decisions. Ironic, considering S&P’s vision for ERM is that it “form a basis for informing and directing the firm’s fundamental decision making.” I’ve been conducting enterprise risk assessments for 14 years and I know there is always a way to quantitatively assess risk in dollar terms. You just need to be determined and willing to find a way.
- Keep it Practical – I think the greatest contributor to the “glass ceiling” is the advent of what is called the “Enterprise Risk Assessment”. These exercises can make a lot of money for consultants, but do very little to help the advancement of ERM. They’re time consuming, resource intensive, often cost hundreds of thousands if not millions of dollars and they typically tell Management what they already know. This can’t possibly position ERM strategically in the minds of the C-Suite! Risk assessment is important; but to demonstrate its true power, you need to deploy it with purpose, e.g. use the process in conjunction with strategic planning or budgeting. How about in a project review? Use it to better evaluate project results or in problem solving. The point is: risk assessments can be powerful if used in a way that generates value; and remember, try to quantify in dollars terms whenever possible.
- Highlight the critical link between risk and performance – the single greatest truth that has been underscored by the ERM movement is the irrefutable fact that “risk” and “performance” are directly linked. Literally, one does not exist without the other. Yet, this powerful and compelling reality is seldom exploited by practitioners and certainly not clearly understood by the C-Suite. So, how do you use this to your advantage? This single fact speaks directly to the heart of the C-Suite lexicon. Use your risk management skills to evaluate results (EPS, EVA, Growth, etc.). Find ways to raise the understanding of how risk works in your company and effects results. Use your risk knowledge to better set objectives and support decision-making.
Without a way to successfully connect to and communicate with senior leaders, in their language, ERM at your firm will likely remain marginally accepted and without meaningful impact. Have the courage to take some bold steps toward value creation. If you do, you just might find yourself seated among decision-makers and “speaking the language of the C-Suite.”
About the author: Gary Bierc is the founder and CEO of rPM3 Solutions, LLC, and the inventor of its patented ARQ™ risk accounting and performance measure. Gary is a respected innovator and published thought leader in the enterprise risk management space for over 14 years.
Copyright © 2011, rPM3 Solutions, LLC. All rights reserved.