Climate change, the COVID 19 pandemic, financial crises and geo-political instabilities are just the sort of hard-hitting topics that make organisations question their collective abilities to navigate a successful path through the risks and successfully achieve their strategies.
This doesn’t mean that a business can hope to mitigate the wider effects of climate change or the pandemic, but it can lessen the effect on itself. This can be achieved through the development of a pro-active risk management plan, a framework, that enables risk to be identified, ownership of said risk to be established and mitigations put in place to lessen the impact or severity where possible.
A pro-active approach will allow you to “shut the gate before the horse has bolted” rather than after.
Your own organisation may well have a framework in place but often to be universally accepted, and thus effective, a technology solution is necessary.
If you are at the beginning of this journey, what do you need to consider prior to an implementation?
1. Is the framework accepted?
You don’t want to start a technology implementation to then have stakeholders start to question the methodology. Get the framework agreed and stakeholders bought in before beginning.
2. Is your IT team on board?
Many ERM solutions are externally hosted to make support easier and to offer a greater level of resilience. Are IT happy with externally hosted solutions? Are there questions around security that need to be addressed before the implementation?
3. Do you have authority over the project?
A not uncommon problem is that an ERM implementation, which has the potential to impact upon various other facets of management, becomes “owned” by another department, for example IT or Finance or Audit/performance. This can often dilute the requirement set out by the Risk team and can affect the implementation (see point 1).
4. Do you have senior management buy in and support?
I appreciate that I am stating the blindingly obvious but without a senior sponsor it is unlikely that the implementation will be successful. The key here is to get them to articulate what data they need to do their jobs better or how ERM will improve the bottom line, reputation, provide competitive advantage or achieve strategy?