I attended the MarcusEvans ERM-Canada Conference first day of a two day conference on behalf of the GlobalRisk Community.
For starters, the attendance was really high and the speakers were insightful and provided useful information for all attendees to take away. There is no doubt that ERM field is here to stay.
Regardless of whether you were on the financial side or non-financial side, it was clear from the discussion in the room that ERM is still evolving. Several participants reported false ERM starts and others were still in the initial stages. To all members of this group, rest assured, you are not alone if you think that you have a lot of work to do in your ERM programs. Your comments on this would be appreciated.
Buy-in from the top and the placement or ownership of the ERM program remains a topic of interest. It appears that ERM programs are most often initiated by the audit departments. As the program moves forward, decisions have to be made on whether it falls under Risk Management or perhaps a split between risk management & insurance and ERM who both report to a Director or CRO. My thoughts on this are that audit definitely plays a part in the ERM process but not the ownership. The role for audit is one of auditing the ERM implementations. Having said this, a CRO with a direct link to the executive team who manages both ERM and RM would be an effective organizational structure. Any thoughts?
There was a discussion of “value”, that is, what matters to your organization, for example, is it making money, health and safety or is about your reputation? As well, what influences that value? In determining this, all organizations have decisions that are well within their control as well as uncertainties that are uncontrollable. Identify, assess and mitigate your controllable and uncontrollable decision in regards to what your organization values. Placing a value that is determined or tailored to your organization is what could differentiate an ERM program from one to the other. An organization’s strategy could assist in identifying and determining an organization’s value. Are there other areas to assist in determining your organization’s value? In preparing your risk register, does your organization tie all risks into your definition of value?
Replies