ERM for the Non-Risk Manager

Presented by:Lisanne SisonDirector, ERMBickmore

What is ERM?

“Enterprise Risk Management (ERM) is “a process, effected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”

- Committee on Sponsoring Organizations Enterprise Risk Management Integrated Framework, 2004

What is ERM?

“[ERM is] a structured, consistent and continuous process across the whole organization for identifying, assessing, deciding on responses to and reporting on opportunities and threats that affect the achievement of it’s objectives.”

- The IIA – UK and Ireland

What is ERM?

ERM is an integrated systematic process of identifying major risk to achieving the specific goals and objectives of the organization. These risks should be analyzed by likelihood and impact and mitigated to an acceptable level of risk.

- The IIA Research FoundationContrasting GRC and ERM, Perceptions and Practices Among Internal Auditors, 2013

Einstein’s* explanation

ERM is a process that helps manage diverse organizational risks and supports successful achievement of objectives

ERM Life Cycle

Internal Environment Event Identification

Risk Response

Control Activities

Objective Setting

Information & Communication

Risk Assessment

Monitoring

Culture

Identify and prioritize risks

Evaluate options

Evaluate Performance

Goal setting

Confirm next steps

Implement

Start with Why…

Simon Sinek’s Golden Circlehttp://www.youtube.com/watch?v=_I-_0cnj_xQ

Internal Environment Event Identification

Risk Response

Control Activities

Objective Setting

Information & Communication

Risk Assessment

Monitoring

Opportunity Cost

• Every decision can be weighed in terms of costs and benefits

• Decisions can have multiple options• Compare both costs and benefits• Only realize the benefits of one

Internal Environment Event Identification

Risk Response

Control Activities

Objective Setting

Information & Communication

Risk Assessment

Monitoring

Failure Mode Effect Analysis

• Review a process for what can go wrong• Assess and prioritize• Identification factor (Likelihood error will

be caught)

Internal Environment Event Identification

Risk Response

Control Activities

Objective Setting

Information & Communication

Risk Assessment

Monitoring

Tippy Tap

• http://youtu.be/Qdpd3roZjYw

Internal Environment Event Identification

Risk Response

Control Activities

Objective Setting

Information & Communication

Risk Assessment

Monitoring

ADKAR

Internal Environment Event Identification

Risk Response

Control Activities

Objective Setting

Information & Communication

Risk Assessment

Monitoring

Internal Environment Event Identification

Risk Response

Control Activities

Objective Setting

Information & Communication

Risk Assessment

Monitoring

Plan Do Check Act

Six Sigma (cont’d)

• A clear focus on achieving measurable and quantifiable financial returns

• Increased emphasis on strong and passionate management leadership and support

• Clear commitment to making decisions informed by data, rather than assumptions

• Developed by Motorola in 1986

Six Sigma

Covey’s 7 habits

Internal Environment Event Identification

Risk Response

Control Activities

Objective Setting

Information & Communication

Risk Assessment

Monitoring

Be Proactive

Seek first to understand,

then be understood

Think win-win

Sharpen the saw

Begin with the end in mind

Put first things first

Synergize

1989!!!

Lean

• Problem: Overtime every day because people were coming in 30 min before their shift to re-organize their ambulance the way they like it

• Solution: Standardized ambulance set up• Communication and training to enable

the change

Case Studies

Case Study – Raley’s

Non-Risk Manager ERM Checklist

• What are you trying to accomplish?• What are the realities/barriers?• What needs to be addressed immediately,

soon, later, or never?• What is the best, most efficient way to

overcome this challenge?• How do we prepare people to accept this

change?• How will we measure success?

©Lisanne Sison, Bickmore 2014