Integrate risk management with the rhythm of the business
One of my good friends is Jim DeLoach of Protiviti. While he and I may disagree on some things (Protiviti continues – from what I can see – to favor COSO ERM over ISO 31000:2009), we agree on far far more.
This week, a short piece by Jim was published in Corporate Compliance Insights. Integrate the ERM process with what matters gets it 100% right (IMHO). Some excerpts:
- “The relevance of the risk management process increases if it is integrated with core management processes that truly matter. The idea is to integrate risk management with the rhythm of the business so that it can make value-added contributions to establishing sustainable competitive advantage and improving business performance.”
What I like about this is the emphasis on using risk management to improve performance, not just protect value.
- “The scope of integration could include one or more of such core management processes and activities as strategy setting, annual business planning, performance management, budgeting, capital expenditure funding, and M&A targeting, due diligence and integration.”
To get the most value, I believe that risk has to be considered and ‘managed’ as part of the daily process of managing and directing the business.
- “Effective “corporate governance” provides a flexible corporate structure that manages the balance between the entity’s value creation objectives and performance goals on the one hand with the policies, processes and controls it puts in place to preserve enterprise value on the other.”
- “Unfortunately, many organizations do not integrate risk management with strategy development. It is critical to define the soft spots, loss drivers and incongruities that are inherent in the enterprise’s strategic objectives and that could dramatically affect performance and adversely impact execution.”
- “Integrate Risk Management with Performance Management……. KPIs are measures of performance developed to monitor progress toward the achievement of the strategy and the ultimate creation of stakeholder value. KRIs provide lead and lag indicators of critical risk scenarios, resulting in a more balanced mix of forward-looking indicators to complement the usual metrics around customer and employee satisfaction, quality, innovation, time and financial performance.”
Do you integrate risk management with what matters?