Willis and Towers Watson have merged. Visit willistowerswatson.com

It is not uncommon to find well intentioned enterprise risk management programs launched with all the requisite senior level support and funding gradually deteriorate over time into form-filling exercises. In order to achieve sustainable success that consistently delivers value, ERM implementation should include:

  • Risk assessment processes robust enough to regularly surface unknown or emerging risks
  • Incremental rather than all-at-once implementation
  • Going beyond qualitative risk assessment to quantitative measurement where appropriate
  • Securing ownership and buy-in of ERM at the operational level
  • Linking the measurement of risk, particularly in qualitative risk assessments, directly to the critical variables that most affect the organization’s performance, as further explained below

CONNECTING TO THE ORGANIZATION’S KEY PERFORMANCE INDICATORS

Assessing the likelihood of losses and their impact on your organization’s performance indicators directly connects each risk to strategic and business unit planning and ultimately to business unit budgeting. This establishes ERM’s immediate relevancy to decision making in a very clear and meaningful way.

Once risks are assessed in relation to key performance indicators, decision makers can see the causes of performance volatility deserving the most attention.

This page includes an illustration of risk assessment output relating to two key performance indicators (price competitiveness and supply chain continuity). Individually rated risk scenarios are measured against the risk tolerance for each. Risk scenarios that are above the tolerance level require priority attention in business planning and budgeting.

GETTING STARTED

Because effective ERM breaks down silos and works across an organization, clear and visible commitment from the top is a must. Those directing the ERM program should establish key objectives and deliverables and determine how the value of ERM activities will be measured. Early activities should include an analysis of the current organizational approach to risk management, an evaluation of the organization’s risk tolerance and an initial risk assessment to establish the existing risk profile.

  • Copyright © 2017 Willis Towers Watson