About Morgan O'Rourke

Morgan O’Rourke is editor in chief of Risk Management magazine and director of publications for the Risk & Insurance Management Society (RIMS).

Intuit Wins 2015 ERM Award of Distinction

CHICAGO—In recognition of its success in building a sustainable enterprise risk management (ERM) program to enable its business lines to identify and intelligently manage the most important risks, software company Intuit was presented with the 2015 Enterprise Risk Management Award of Distinction at this year’s RIMS ERM Conference.

“ERM transformed Intuit’s risk management capability requiring our leaders to think cross-organizationally and cross-functionally to understand the most significant risks and drive strategies to address them,” said Janet Nasburg, chief risk officer at Intuit. “ERM was instrumental in not only providing insights about the company but has also driven changes in the way we align our focus. It is a tremendous honor to be recognized by RIMS for our hard work and to share our ERM experiences with the risk management community.”

Honorable mention for this year’s ERM Award of Distinction went to VIA Rail Canada Inc., the country’s national passenger rail company. As a result of its ERM program, the company developed a risk appetite and tolerance framework based on measurable leading key risk indicators.

“Applying this framework to its key strategic risks strengthened VIA’s ability to assess, monitor, and respond timely to changes in its enterprise-wide risk portfolio, thereby adding value to its decision-making process and enhancing risk oversight by its board of directors” said Denis Lavoie, VIA’s director of enterprise risk management.

“RIMS is delighted to recognize the accomplishments of these two organizations and their risk professionals through the RIMS Award of Distinction,” said RIMS Executive Director Mary Roth. “The Intuit and VIA Rail programs demonstrate the tangible value that ERM brings to their respective organizations for both strategy-setting and strategy execution.”

Judging criteria for the ERM Award of Distinction includes the scope of the ERM program and how it engages different levels throughout the organization; the program’s link or connection to the company’s overall mission; and its ability to create additional value for the organization.

10 Tips to Excel in ERM

05a9ef2CHICAGO—For many risk managers looking to implement enterprise risk management programs, one of the biggest challenges is figuring out how to do it properly. Unfortunately, as Steve Zawoyski, ERM leader at PwC, pointed out in a session at this year’s RIMS ERM Conference, you will never find the perfect ERM program—it’s basically as mythical as a unicorn. But there are certain key steps you can take to increase your chances for a successful ERM program. Zawoyski’s top tips are:

  1. Establish ERM program objectives. One of the common stumbling blocks to a successful program is the lack of agreement as to why you are doing this in the first place. Some may be doing it in order to make better decisions around strategy while others have governance concerns in mind or are simply doing it because the board said so. Establishing proper objectives will allow you create the program that works best for your organization.
  2. Manage stakeholders. There are likely multiple parties that have a vested interest in your ERM efforts from the board to business managers to legal and audit to regulators. You will need to consider all of their specific needs and concerns.
  3. Align risk functions. Risk management is part of every division’s responsibility. Getting everyone on the same page will avoid allowing fatigue to set in over yet another risk management effort.
  4. Align risk and management processes. It is important to understand how the business is being managed and connect to those processes in order to be in a position share information up and down the organizational hierarchy.
  5. Define risk. The traditional definition of risk denotes a hazard or a failure of some process. Make sure you organization understands that risk is merely uncertainty that can have both a positive or negative impact on objectives. It is ok to take on risk.
  6. Give credit. Different functions already have risk management capabilities and processes. Rather than reinvent the wheel, harvest the data and expertise already out there and build off that. Don’t build unnecessary steps into the process when those areas are already being addressed.
  7. Remember that risk is a four-letter word. Risk is an overused, ambiguous word with an often negative connotation. Risks are nothing more than variables that can present opportunities for greater success.
  8. Beware of risk categories. Labels like operational, financial, strategic or technology are overemphasized and not how business units think of risk. It is more effective to talk about risk in terms of management of hazards, compliance obligations or other uncertainties.
  9. Do your research. It is vital to develop a thorough understanding of the business and its drivers, from its capabilities to its competitive advantages to its strategic priorities and objectives.
  10. Simplify risk appetite. Risk appetite should be considered on a risk-by-risk basis and should boil down to a simple question of once risk controls and processes are in place, are you satisfied with the results?

ERM implementation can be challenging. But according to Zawoyski, it is all about keeping it simple for the stakeholders, ensuring that value is created, aligning to the business and evolving over time. By approaching your program in this way, all stakeholders will understand their role and how ERM relates to the overall strategy of the organization.

Risks and Questions Surround 3D Printing Technology

NEW ORLEANS—One of the most promising new technologies to hit the wider market in recent years, 3D printing is poised to revolutionize manufacturing as we know it. Otherwise known as additive manufacturing, 3D printing allows users to print almost anything they can dream up, including toys, machine parts, clothing, food, and prosthetic (as well as actual) body parts. There even companies that can print a lifesize, 3D model of your unborn fetus using ultrasound scans.

Of course, as with any new technology, there are many risks to consider and just as many unanswered questions about how to address those risks. At an educational session this morning at the RIMS 2015 Annual Conference & Exhibition, Cynthia Slubowski, head o f manufacturing at Zurich, Lisa Cirando, and attorney with Jones Day and Toni Herwaldt, risk manager at Kraft Foods, provided a risk checklist, outlining at the wide range of risks and questions facing those in the 3D printing space and those whose industries will be impacted by this new technology:

Product risk. Since 3D printing changes the traditional manufacturing model, industries will need to determine who owns a 3D printed product and in the event of an accident how will liability be apportioned?

Technology risk. Who owns the software and designs used to create products, particularly when users can make endless customizations?

Operations risk. How will 3D printing impact power supplies (the printers generate a lot of heat during operation), and how will the possible toxicity of ingredients and their byproducts be addressed. In addition, what are the business interruption and transportation risks?

Cybersecurity risk. How do you protect you designs and formulas? How do you prevent counterfeiting?

Environmental risk. How do you address exhaust, housing and disposal issues?

Contract risk. What kind of risk transfer or licensing agreements do you want to have in place?

Insurance risk. Do you have the appropriate coverage and where will it be coming from?

Strategic risk. How do you handle reputation and intellectual property issues? What happens to your product development lifecycle management?

Supply chain risk. Does your supply chain risk increase or decrease?

Market risk. What differentiates your product? What happens to your geographical risk?

Risk Management Storytime

NEW ORLEANS—One of the biggest challenges for risk managers has always been how to engage the rest of the company in risk management activities. Too often, risk managers are considered the show-stoppers, feared by other departments for their tendency to be risk averse and shoot down every idea. So the challenge is to find a way to increase their risk awareness in such a way that they start to view risk as opportunity rather than a deterrent. According to Joachim Ademusi, director of IRMS Ltd., the key to embedding risk management into the culture of an organization lies in story telling—basically finding a way to present risk management in a context that they can relate to and even enjoy.

Speaking at an educational and interactive session at the RIMS 2015 Annual Conference & Exhibition, Ademusi stressed that risk is really a performance improvement tool. So with that in mind, it is important to change any negative perceptions about it. Risk managers should create an environment for creativity that allows all company personnel to take advantage of what risk management can do. This creative engagement requires risk managers to understand the needs and concerns of other departments and find ways to inspire them to consider risk and exchange ideas. This can be accomplished by changing the narrative that risk management is somehow bad. Ademusi recommended creating a contest among all employees to identify the risk management angles in a given scenario, with the winner receiving a gift card or some other monetary award. Or simply meeting with various individuals over lunch in an effort to better understand their concerns.

Ultimately, the idea is to make risk management less intimidating. By using stories, proverbs and parallels that don’t necessarily rely on risk terminology, risk managers can gain the trust of their colleagues and foster the understanding that good risk management will improve performance and benefit the entire organization. And once the organization embraces risk management and proactively seeks out their risk manager’s advice, Ademusi said that your career with truly become something special.