Gerry Grimstone, keynote speaker at the IIA’s recent conference in London, has a message for senior executives.

“You can’t easily blame a board member for not knowing something,” Grimstone said. “But you can blame a board member for creating a culture where he doesn’t know something.”

Grimstone spoke at length about the latest example of poor board oversight, Volkswagen’s recent side-steps in ERM and increasingly costly emissions scandal. “Do you really think there weren’t people who didn’t know that was going on?” he asked. “This wasn’t something that one rogue trader did on a Friday afternoon – this is much more extensive than that.”

To foster an environment in which key risks are identified and mitigated, what processes must be put in place to effectively manage risk?

The truth is that even the most robust Enterprise Risk Management programs will suffer if they’re not supported by a sustainable infrastructure. An organization can, and often must, conduct hundreds of risk assessments over the course of a year. Without a method of standardizing and relating front-line input, assessments become little more than an organizational survey, hiding valuable insights in disparate spreadsheets.

8028239900?profile=originalGrimstone also discusses the “tone from the top;” a need for an organizational culture where assumptions are challenged and ethical risk management practices are acclaimed, not neglected.

Organizations can measure their adherence to proven risk management principles with tools like the RIMS Risk Maturity Model(RMM). The RMM’s framework asks risk managers to assess a company’s ERM program by comparing it to best practices, such as whether risk management competency is part of performance reviews or the degree to which the company promotes internal self-governance.

Boards cannot be scouring the front lines for unreported risk, so it’s the job of risk management to be diligent in the risk assessment process and notify senior leadership if the program lacks the necessary maturity. A mature ERM program is a safety net. It protects boards and senior leadership from accusations of negligence by demonstrating a clear dedication to uncovering risk. It also provides transparency and assurance of on-time and on-budget achievement of corporate performance objectives.


For more information about what elements compose a mature ERM program, visit our solutions page or watch our webinar, “5 Steps to Improve Your ERM Program.”

Votes: 0
E-mail me when people leave their comments –

Steven Minsky, CEO and Founder of LogicManager, is a recognized thought leader in risk management. Steven is well known for his precinct abilities to guide organizations through future risk events. Steven is a frequent speaker in the Energy, Financial Services and Cyber industries. While the first wave of COVID-19 caught many organizations by surprise, Steven predicted the pandemic impacts in January of 2020 and swiftly published action plans to help organizations prepare.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!