Having presented to the Project Management Institute (PMI) Great Lakes Symposium this week, enterprise risk management (ERM) as a discipline of project management is reaching a crisis state. Even worse still, executives seem to be at odds in terms of what ERM means and how to implement practices in the organization – even though its importance is indisputable.
The past 24 months have seen a number of man-made and natural disasters bring risk management demands to the forefront of executives and board directors. Whether these have been natural disasters such as the Japanese tsunami or man-made disasters such as the Gulf of Mexico oil spill or the euro-zone liquidity crisis, fat-tail risks that have a low probability, but a very high impact to the organization have been front and center, creating a renewed interest in enterprise risk management (ERM) practices. Although demand for these practices and the discussion level for their use is high inside the C-suite of many corporations and private enterprises, studies have shown that there is a discontinuity of both talent and practice in Western economies.
Consider two studies. A recent study of executive priorities conducted by The Economist Intelligence Unit Survey, (Ascending the Maturity Curve, March 2011) revealed that a majority of those surveyed believed that ERM is of strategic importance to their organizations. Yet a parallel survey released by the McKinsey Global Survey, (Governance since the Economic Crisis, March 2011) studying those same executive opinions found that overwhelmingly there is dissatisfaction with ERM program performance and results. To add to this apparent discontinuity, a third study conducted by global systems integrator Accenture (Report on the 2011 Accenture Global Risk Management Study, February 2011) suggested that executives believe that ERM practices are very important, but those same executives have very little understanding based on their own responses of the risk portfolio facing their own organizations
Sources: Discontinuity of risk management practices, in terms of demand, satisfaction, and board level understanding (various sources: The Economist Intelligence Unit Survey, Ascending the Maturity Curve (March, 2011); McKinsey Global Survey, Governance since the Economic Crisis (March, 2011); Report on the 2011 Accenture Global Risk Management Study, (February, 2011)
The implications for these three very different studies coincidentally released within weeks of each other are staggering. Practical knowledge of risk management concepts and principles are needed in the corporate environment as never before, and executives have created demand for this knowledge. How this knowledge is crafted into ERM practices, standards, and guidelines inside of corporate policy is open for revision. Meanwhile, there is a huge need for education around what those practices are and how they should best address operational risk management (ORM) areas — or the functional application of risk management from strategy to the operational areas of a company. The ability to craft the right processes, information metrics, and decision-making capabilities to support ERM across all facets of the organization represents this call to action.
Our friends at SAP have improved the BusinessObjects Risk Management 10.0 solution which advances and best practices address the information and decision-making needs for enterprise resource management (ERM) inside the enterprise today. In my new GRC Expert article, I look at how SAP BusinessObjects Risk Management 10.0 can shape ERM corporate policy, touching on critical operational areas and providing a broad framework of what an ERM program should consider in terms of best practices garnered by SAP over the past year.
Read the full article here (subscription required). Thanks to Bruce McCuaig from SAP for collaborating on this article.