This past November 1, I started posting an ERM “thought to consider” every day.
Sincere thanks to those who have read and contemplated any of those posts.
I’ve been helped by many people in my 40 year ERM journey and want to do my small part in “passing it on”.
In the November 27th ERM post, I gave my view on two tangible steps I believe are needed to finalize an ERM program, namely:
Step 1.
Secure upper-management (and Board) support and backing for the design and implementation of an ERM Governance structure and Risk Management Framework (RMF), including the ERM program’s agreement on risk ownership.
Step 2.
Install and embed an automated risk register process, centering around an efficient and configurable ERM tool, to drive your unique tactical execution of risk management.
So, now what?
As 2024 draws to a close and 2025 goals begin to be solidified, how about we consider melding together those two steps towards ERM finalization, with the following one resolution:
“I resolve to immediately investigate the possibility of implementing an automated risk register solution that is configurable, straightforward, intuitive and pragmatic.
I will consider elevating my current risk management situation, whether it consists of 1) performing ERM by hand (e.g. excel spreadsheets) or 2) making-do by utilizing an application (e.g. audit, insurance company, claims handler) that may be inflexible and ineffective.
I will emphasize the importance of the risk register to our ERM program by doubling down and securing senior management approval of the three lines of defense specifics, including establishing one risk owner for every exposure in our universe and identifying and monitoring controls for each risk, by line of defense. With this ERM governance structure in place, roles and responsibilities will be defined, accountability will be expected and ERM risk culture will benefit.”
ERM One is a viable alternative worth your consideration. Be brave. Give it a trial run. The tool was designed by a risk manager for risk managers.
About the Author:
Michael Cawley is a risk management executive with a 35-year record of broad and diversified accomplishment in the strategic and tactical elements of corporate enterprise risk management (ERM). He performed day-to-day development and execution of a risk management program that covered all elements in the identification, assessment, mitigation and monitoring of all exposures within the corporate risk universe. Specific experience involved being a corporate risk manager for a service-related conglomerate (15 years) and then a biopharmaceutical manufacturer (10 years) before assuming an ERM governance and disclosure leadership role (10 years, through 2021) for a major worldwide financial entity. Currently, Mike serves as a Subject Matter Expert (SME) in an advisory role for ERM Best Practices for the advancement of DoubleCheck’s new ERM One™ application.
