Enterprise Risk Management

DEFINITION OF ENTERPRISE RISK MANAGEMENT (ERM)

Risk can be created by any event or outcome that has the potential to interfere with an agency’s ability to achieve its mission.

Enterprise Risk Management - The discipline and its associated processes of applying a risk evaluation to each agency activity and outcome, identifying root causes of unanticipated or unwanted outcomes or potential outcomes, and determining—as an enterprise—what changes are best to address the root cause, and then monitoring the success of the mitigation strategy. Mitigation strategies can include:

  • Transferring the risk
  • Minimizing the negative outcome
  • Preventing the outcome
  • Eliminating the activity associated with the risk
For example, insurance transfers the possible cost of risk to the insurance company. An early resolution program minimizes the cost of negligence by resolving claims before they become lawsuits. Changing a policy and procedure so that employees know what to do in certain situations can prevent negative outcomes. Abandoning an activity that had resulted in injury eliminates the risk posed by the activity.

KEY ELEMENTS

How do you get there?

  1. Gather a focus group consisting of a risk savvy person from each area (division, department or function) of your agency.
  2. Brainstorm and list any event (risk) that could interfere with the ability to carry out your agency's mission.
  3. Prioritize the risks from high to low.
  4. Identify and develop responses for the high risks first.
  5. Establish an aggressive time line and designate accountable personnel to help ensure the risk responses are carried out.
  6. Identify and develop responses for the moderate and low risks and carry out step 5 above for them.

---When you have completed steps 1 through 6 you have started the ERM process.---

What else can be done to move closer to ERM?

  1. Successful ERM must have the support of top management. Before starting the process above seek the absolute commitment from your agency director and assistant directors.
  2. Establish an ongoing ERM steering committee. Have the committee meet on a regular basis to discuss losses and identify new risks.
  3. Develop an annual risk assessment questionnaire process to be completed by all employees.
  4. If possible create a full-time position for the agency risk manager. ERM requires attention.
  5. Have a process in place to ensure accountability for losses. Require the accountable people to respond to losses with a report on "why did this happen?" and "how can it be prevented from happening again?"
  6. Concentrate on helping the entire organization shift its focus away from crisis response and toward preventative action.

USEFUL RESOURCES