Companies should have ERM aligned with the company’s strategy as much as possible, although it can be a loose alignment.
Companies have been coming to the realization that good enterprise risk management actually puts the emphasis on “enterprise” and have thus tried to be as comprehensive as they can be regarding risks across the company. Still, one area that is often overlooked is aligning with corporate strategy.
At a recent NeuGroup Corporate ERM Group meeting members discussed the many approaches – and impediments – to achieving a successful alignment with strategy. One member told of how simply being near the strategy and planning team was effective in knowing, monitoring and contributing.
Other approaches get a bit more deliberate in their integration of the groups by ensuring ERM has a “seat at the table” for all strategy and planning sessions and including ERM in the core strategic executive planning processes. One member circumstantially benefits from the ERM leader having an M&A background. This benefit resulted in strategy and ERM being discussed simultaneously in strategy meetings of the board.
Impediments to this alignment include a number of issues such as:
- a lack of examples where ERM changed a strategy as a result of identified risks;
- clarity on whether business units own strategic planning or corporate does;
- a “tone at the top” that doesn’t value ERM
- competing priorities among business units; and
- a belief by business units that they already manage their risk effectively.
Getting around some of these impediments then might be more politics than policy, requiring ERM heads to have a lighter touch and to be more diplomatic in their approach. One member highlighted his company’s position that ERM be as non-invasive as possible with no new processes or forums, but to leverage and amend what is already in place. This is almost an internal auditor’s approach in that the key goal is to ensure there is buy-in to the key risks and ownership clearly assigned.