When it comes to integrating Enterprise Risk Management (ERM) into decision-making, people who are managing risk and making decisions know it has to be done – but are not entirely clear about how it should be done in real-life situations. Acknowledging that companies today want more value from ERM, presenter Ramesh Pillai, Chairman of the IERP Board of Governors, pointed out that many in decision-making positions still equated risk management with having risk registers, but “Risk management is not about Risk Registers,” he emphasised. This topic, “How to integrate ERM into decision-making” was in the spotlight at a recent online Tea Talk.
The first step towards implementing effective ERM should be the harmonisation of the organisation’s goals and objectives. Ideally, each department, division, and unit needs its own vision and mission, and to align these with the vision and mission of the organisation. They need the proper strategies and processes for this, for clarity of purpose. When risks are identified, then mitigation plans can be identified in tandem. In the general scheme of things, risk registers are just one of the risk management tools available. Difficulties may also arise if risk practitioners are following the taxonomic, instead of objective-centric approach; the taxonomic approach is not considered current best practice.
From the outset, companies need to determine what they want to achieve, whether it is just to comply with regulations, or go beyond. Ramesh stressed that in the current pandemic situation, there was a need to anticipate not just the New Normal, but the Next Normal. “Transition depends on how we anticipate people’s needs,” he said. “ERM helps us anticipate, and adapt to resources and conditions.”
15 The IERP® Monthly Newsletter December 2021