Our firm, RGP (Resources Global Professionals), has been on the road presenting in cities around the country on the “Keys to Success in Enterprise Risk Management”. We’ve had some terrific conversations with Risk, Finance, Legal, Compliance, Security and Audit professionals and facilitated conversations drawing from everyone’s experience to address the hurdles that different companies are facing. These exchanges and new partnerships are invaluable!
Among the keys to success, one that has been identified is the value that technology can bring to several phases throughout the ERM implementation process. If you’re a reader of the policyIQ blog or are a part of the RGP community, you have likely heard that policyIQ is often used for Risk and Compliance documentation, audit, policy management and related process automation. This includes Enterprise Risk Management!
Capturing the full ERM cycle of information in one place helps to ensure that everyone has easy access to the information—the ability to grab a pulse on various aspects of the program in real time from anywhere. This is also of chief importance to a successful program: keeping ERM accessible and an ongoing part of every strategic conversation.
To give some examples:
Questionnaires or surveys
policyIQ provides tools to make the administration of any collection of information more efficient. At your fingertips, you can see who you have heard from, who still has a questionnaire outstanding and you can automate the reminder to those with outstanding surveys or questionnaires.
With that, our tool is utilized to help organizations better understand their risk culture by gathering opinions from strategic members of the organization by conducting a survey—one that might even allow anonymous submission of responses to encourage the most candid feedback possible.
This same functionality is applied to gather an initial and to capture principals’ thoughts on the priority of risks.
Key Documentation and Support
It is critical that a solid ERM process include a number of discussions and agreements among the organization’s risk owners as a matter of course. What conclusions were drawn from the culture assessment? What risks bubbled up to be considered the most critical? What definition (thresholds in dollars, numbers, events, etc.) did you give to your rating of those critical risks? What are the parameters for acceptable (or unacceptable) risks that you use to define your organization’s risk appetite? And the agreed upon considerations or limits for risk tolerance?
Assess, Adapt, Monitor, Measure
In addition to providing a place to collect and gather all of the key pieces of information, policyIQ provides excellent reporting ability. You can zero in on a specific metric in cases where you have a concern and you can schedule delivery of information on a routine basis to aid in ongoing monitoring of performance.
Without a doubt, technology will help any organization to more effectively and efficiently manage their ERM program. We have presented some ideas in broad statements here. Contact us to see and discuss, in more detail, how policyIQ will help your organization to mature your ERM program to the next level.