Enterprise Risk Management: How Project Managers Can Start To Make Their Way
By definition, a risk implies future uncertainty about deviation from expected earnings or expected outcome.
Businesses and their patterns are evolving with a high frequency and so is their tendency to incur risks. This situation calls for the adoption of a holistic approach to risk management known as “Enterprise Risk Management” or ERM.
Let’s look deeper.
What Is Enterprise Risk Management (ERM)?
Enterprise risk management (ERM) is termed as the process of planning, organizing, leading and controlling the activities of an organization in a way that minimizes the effects of risk on an organization's earnings and capital.
Enterprise risk management does not only involve risks associated with accidental losses, but also financial, strategic, operational as well as other risks.
According to a recent survey by the American Institute of CPAs (AICPA) and North Carolina State University, only 28 % of companies have established a complete ERM process. Moreover, less than half of companies have a partial ERM process.
Who Needs ERM?
Risk management is not limited to a specific industry or company size. Rather, risk impacts everyone on every level. ERM can provide inevitable value to large and small organizations alike. It is important to address risk in a structured manner if organizations plan to create and maximize value for their shareholders and stakeholders.
The recent years have witnessed an escalated need for risk management, given the complex and ever-evolving processes and competition. Industrial and government regulatory bodies, and investors have begun to scrutinize companies' risk-management policies and procedures more aggressively.
In some organizations, the Boards of Directors are required to review and report on the adequacy of risk-management processes. Financial institutions can especially benefit from effective ERM.
Enterprise Risk Management For Project Managers
Although there are wide applications for ERM, Project Managers need to have a documented risk management strategy in place.
This ensures any impediments and project-related risks are addressed in a streamlined manner, with only the team members concerned with the risk being engaged to address it while the rest of the team performs for timely handover and delivery.
How To Ensure The Successful Implementation Of ERM?
Every organization is different. Based on size and industry, each organization needs to assess their own requirements for an effective ERM.
Whether you plan to utilize an existing enterprise risk management software or need to get one developed in accordance with your company policies and requirements, here are some steps organizations need to take to ensure effective implementation for long-term success:
1. Support On All Levels
It is important to implement the concept of risk management on all levels in an organization. Especially, the management should be involved in the planning, implementation and managing phase for an ERM.
In a “Best Practices in Risk Management” workshop, RSM US LLP’s Sudhir Kondisetty stated that managing risk can only be successful if it is implemented in every phase of your systems, policies and processes. This means it is not just about one stage or phase, rather a part of the organizational strategy.
2. The Right People In The Right Role
While implementing an ERM, it is important to recruit the right professionals.
According to ERM expert Carol A. Williams, for successfully instilling an effective ERM, your ERM team members should have the right skillset and should complement each other to make ERM effective. These skills may include facilitation, being detail-oriented, being able to look at the big picture, being organized, and people-oriented.
3. Build Risk Awareness
Building risk awareness throughout the organization is a key step to successful risk management. Each level should be aware of the potential risks and how they are being addressed.
4. Understand It’s An Ongoing Process
ERM implementation is not a one-time process. Instead, it comprises a long-term procedure that needs to be followed up and refined with time. It is crucial to understand that.
Steve Zawoyski, Minneapolis-based partner and enterprise risk management leader at PricewaterhouseCoopers L.L.P. states, “We see over and over where organizations start out really strong and have executive support, but then, they don't continue to steadily grow the risk management process at their organizations”.
How do you go about documenting, managing and mitigating project risks as a Project Manager? Let me know your thoughts in the comments below.
