What is the key to an effective ERM program?
That’s according to Diana Del Bel Beluz of Risk Wise, Inc. Her session at the 2012 RIMS Canada Conference focused on the culture of an organization and how it can make or break a company’s ERM program.
“What is enterprise risk?” she asked. “Events or circumstances that could influence either the organization’s ability to achieve its mission or strategic objectives or its reputation, strength and viability.”
The purpose of risk management:
- Establish strategic context
- Monitor and review risks
- Respond to risks
- Identify risks
- Assess and prioritize risks
“We do these things to communicate and align to risk appetite,” said Del Bel Belluz.
She stressed that corporate culture is the actions of leaders — observable artifacts, shared values and tacit assumptions. It is this culture, she says, that is the number one ingredient for effective risk management
But what is risk management? “The culture, processes and structures that are directed towards realizing potential opportunities whilst managing adverse effects,” said Del Bel Belluz.
To her, the traits of a healthy risk culture are:
- Accountability — “It’s not about blaming, it’s about understanding why it went right or why it went wrong.”
- Open and inquiring
- Performance oriented
- Prepared and ready
- Adaptable and resilient
“To implement sustainable risk management you need to create a plan, have a strategy, create buy-in
and have implementation — leadership, communication, for example, educating, listening, coaching,” she stressed.
There are three sources of resistance, however. They are:
- Rational 20% — the business case (costs, benefits)
- Emotional 60% — self-interest, fear, comfort, attachment
- Political 20% — shift in power structure
Del Bel Belluz then breaks down the categories of resistance:
- Establish urgency
- Form guiding coalition
- Create vision
- Communicate vision
- Empower employees to act
- Generate short term wins
- Consolidate gains and produce more change
- Anchor new approaches
“You have to revert down to the bottom of the hierarchy when dealing with emotional resistance,” said Del Bel Belluz.
To best explain political resistance, Del Bel Belluz referred to a famous quote from Niccoló Machiavelli, which states:
There is nothing more difficult to execute, nor more dubious of success, nor more dangerous to administer than to introduce a new system of things: for he who introduces it has all those who profit from the old system as his enemies, and he has only lukewarm allies in all those who might profit from the new system.
Whether you fully agree with Del Bel Belluz or not, one thing is certain — culture most definitely plays a part in establishing an effective enterprise risk management program. How much of part depends on the company. But those who feel culture is insignificant to ERM may find, sooner or later, that their program is deeply flawed.
- Hans Lessoe Shares LEGO’s Risk Management Strategy at the 2012 RIMS Canada Conference
- The Evolving Role of the Risk Professional: A Panel Discussion at the 2012 RIMS Canada Conference
- 2012 RIMS Canada Conference: A Photo Essay
- Author Dan Gardner Talks Risk, Decisions and Psychology at the 2012 RIMS Canada Conference