The traditional siloed view of risk management has evolved over many years of its development as a discipline, but there is increasing pressure to move more towards an enterprise view of the world.
This session discusses the differences between a siloed approach to risk management versus a true enterprise-wide view, in terms of the characteristics but also the problems that we're trying to solve. Where is the value-add? What value does a true enterprise risk management approach bring?
This blog includes the responses to the live polling and highlights from the Q&A session. View the entire webinar and slide pack here.
Poll responses: people are transitioning to enterprise, but integration remains partial
A majority of respondents say that their risk approach is mainly or fully enterprise-wide, but it’s only fully integrated for 8%:
Only 19% of respondents have failed to integrate their risk management with strategy and objectives at all, but only 19% have managed to integrate completely:
Central risk taxonomies are growing in importance but the majority of respondents still don’t have one:
Only 14% of respondents are using a dedicated ERM system, although a majority are now using some kind of specialised software rather than relying solely on Excel sheets:
Questions:
Do you think an organisation should talk about risk culture, or should risk be an integral part of the overall culture?
People talk a lot about risk culture. The first issue is that risk culture is part of the overall organisational culture. It is not different to the organisational culture. Now, culture to us is what people do when no one is looking. Organisational culture is effectively how they behave when no one is looking. Risk culture is how they behave with respect to risk management when no one is looking.
If you think about our children at home, your organisational culture is how your kids behave at home. Risk culture is how they behave with respect to risk. Do they go and put their helmet on when they go and ride their pushbike or not when mum and dad aren't looking at them? To me it is simply part of organisational culture.
Organisations that are not mature speak about risk separately. As you mature, it will become part of the wider organisational culture. At Protecht, we have a risk culture dashboard, which is built into our system that monitors the behaviour of all our staff with respect to risk, and that gives that subset. But as we are working with some clients, they're opening up to also capture the wider organisational culture.
Can project delivery execution risk be contained within ERM?
Yes, the project execution risk can absolutely be included. It depends on your methodology, but a lot of this is about looking at risks in the future – forecast risk positions. You've got all the risk details currently. It's a matter of forecasting forward to go when you deliver this change into the business, what will the risks look like in the future. It's basically a forecast risk profile. My belief is that it should be part of ERM.
Our full Enterprise Risk Management: Moving from a Siloed to a True Enterprise Approach webinar is available for you to watch on demand. Register and view the webinar here.