In previous posts, we addressed ways to integrate risk management and strategic planning. In this post, we outline the necessary steps required to implement a risk-aware culture and how these measures, once properly implemented, can help sustain Enterprise Risk Management (ERM) throughout an organization.
“Culture is live, strategy is on paper”- Adrian McGinn.
An organization must manage risk to achieve and report on its objectives, therefore leadership should consider risk strategies when developing organizational objectives and the overall organizational strategy. By making risk the cornerstone in strategic decision making and planning, the organization will realize the benefits of ERM and successfully achieve its objectives.
However, the question remains; how can an organization create risk-awareness within its internal structure? To answer this question, we must first consider ERM implementation which underscores that an organization must transform its culture to become risk-aware.
The transformation of an organization’s culture is essential to the sustainability of a successful ERM strategy. No matter how well planned and implemented the ERM strategy may be, its efficacy and sustainability are dependent upon the people within the organization. Implementing change is difficult in any organization, and implementing change that involves risk-awareness can be even more challenging if not approached correctly.
How Can We Help
MorganFranklin helps organizations overcome the challenges of creating a culture of risk awareness through various approaches to include, but not limited to:
- Gain an understanding of leadership’s view of the organization’s risk appetite, risk tolerance, and risk threshold.
- Determine the ERM environment that leadership desires.
- Reinforce the need for leadership to set a “Tone at the Top” throughout the organization.
- Work with leadership to create an accountability matrix based upon the organizational structure.
Take a Pulse Check, Analyze Results, and Report
- Measure the current risk awareness level throughout the organization using various methods such as surveys, interviews, roundtables, and opinion polls.
- Draw conclusions on the Pulse Check through data analysis methods such as: cross-tabulating, qualitative and quantitative analysis, repeat observations, and multiple mathematical measurements.
- Determine conclusions and present the results to leadership in a useful and solution-driven report.
- Utilize buzzwords to provide insight into ERM.
- This can be accomplished through flyers, news feeds, and internet postings.
- Accentuate the positive benefits about ERM to increase participation throughout the organization.
Share Transparent, Timely and Realistic Plans with Stakeholders
- Involve all relevant stakeholders on the long journey of becoming and sustaining a risk-aware organization.
- Through soliciting feedback and encouraging engagement before, during and after implementation, we can shape the understanding of why change is necessary, and provide the appropriate tools and training to enable a positive transition.
- Create initial and continuous training plans which are designed to meet client needs across different organizational units.
- Continue to improve the program by addressing areas of concerns through integrating risk management lessons learned into communications, education and training.
- Develop, coach and cultivate a team within the organization to expand ERM awareness and implementation, and leverage resources.
Embed Risk into the Current Support Environment
- Examine current policies, procedures, systems, and other documentation and align these with the overall cultural change of risk awareness.
- Incorporate consideration for risk within change management models.
Recognize Incremental Improvements
- Use methods such as progressive elaboration or rolling wave project management to establish incremental “wins” achievable within a short-term timeframe.
- Recognize the short-term “wins” to enable a continued feeling of success and move the organization toward the long-term goal of a maturity risk model.
Manage to the Mature Risk Model
- Track progress towards the greater goal of a fully risk aware organization with a mature risk model, to understand how well the organization is adopting a risk-aware mindset to reach a sustainable ERM program.
Although the road may seem long, MorganFranklin is well suited to make the journey possible for organizations to achieve a sustainable risk aware culture.