policyIQ creates Efficient ERM

We want to thank everyone who joined us this week for our latest training session, Enterprise Risk Management in policyIQ.  In this 60 minute webinar, we highlighted how to apply the policyIQ technology to your ERM program.

Check out the recording of the session, download the slides, or keep reading for a brief summary.

ERM – A Six Phase Approach

RGP’s Governance, Risk and Compliance practice has developed a six phase approach based on years of working with companies around the world to implement effective Enterprise Risk Management.  In policyIQ, we use the same six phases to organize and structure ERM.

Enterprise Risk Management Sustainable Process

Enterprise Risk Management Sustainable Process

Use policyIQ Technology to add Efficiency Every Step of the Way

In this training session, we covered ways that clients use policyIQ within each phase of the ERM process.  For more information, reach out and schedule some time to talk about your ERM needs!

Preparation: Corporate Goals & Objectives and Cultural Evaluation

ERM should be implemented to support corporate goals and objectives, so ensure that you have those goals clearly documented and made available to all employees.  Remember – policyIQ provides free read-only access, allowing you to easily make that information available to all at no additional cost!

And if you aren’t certain whether your organization is ready for ERM, use policyIQ to survey your employees and better understand the current risk environment.  Perhaps you’ll find that most employees are risk adverse, while you may later find that your corporate goals require an aggressive risk approach.  Knowing that there is a disconnect allows your team to provide additional training, tailored mentoring or even to think about some new hires in key positions.

Phase 1: Risk Inventory

Before you can start prioritizing your risk, you need to really understand all of the risks that impact your business.  We discussed two possible approaches:

a. Use a standard list of risks and ask employees to tell you if the risks apply

b. Start with a blank slate and ask employees to think of all of the risks that keep them up at night.

In either case, policyIQ aggregates all of the responses, including aggregating the contents of Excel files that might be sent out to capture risks in that “blank slate” approach.  And remember – don’t just survey your executives and senior management!  Employees at all levels of the organization will provide different insight into risk, and asking a cross-section of individuals will help to identify risks that you may otherwise not be aware of.

Enterprise Risk Management - Risk Gathering

Ask employees to tell you what “keeps them up at night” – and aggregate responses from multiple spreadsheets into a single report.

Phase 2: Consistent and Specific Risk Measures

When prioritizing risks, be sure that the measurements used are specific and consistently applied.  Ranges of dollar amounts, for example, represent the impact of a risk.

Phases 3 & 4: Clear Risk Appetite Statement and measurable Risk Tolerance

Effective ERM requires a clearly articulated Risk Appetite Statement, describing the amount of risk and kinds of risks that the company is willing to accept.  Are you risk adverse?  Risk Aggressive?  Do you accept some risk, but have zero tolerance for others?

High level Risk Appetite Statements can then be broken down into specific and measurable Risk Tolerance statements.  Risk Tolerance is something that can be measured, tested and adjusted for a certain type of risk.

Enterprise Risk Management - Risk Appetite and Risk Tolerance

Define your Risk Appetite and break down specific and auditable Risk Tolerance measurements.

Phase 5: Reviewing Risk KPIs / Auditing Risk Tolerance

Regularly review actual performance against those Risk Tolerance measures.   Document your audit results in policyIQ, remembering to include the data that was tested as attachments to your test results.

Enterprise Risk Management - Audit Risk Tolerance

Document the testing and conclusions.  Be sure to upload the data tested.  If risk is not being managed appropriately – too little or too much risk being taken – document your remediation plan and assign it with deadlines, reminders and follow-up directly in policyIQ!

Phase 6: Incorporate ERM into the rest of your business 

Finally, it is critical that your ERM program doesn’t exist in a silo.  Risk management is happening all around your business, and the results are feeding your ERM program.  Link those lower level process risks and mitigation procedures to your ERM program, giving full visibility into all levels of risk management.

 

We are looking forward to working with many of you to implement Enterprise Risk Management into policyIQ!  Contact us to schedule a meeting – no cost and no obligation – so that we can discuss the specific aspects of your ERM program that can be improved through technology.

This entry was posted in Solutions, Training and tagged , , , , by Chris Burd. Bookmark the permalink.

About Chris Burd

Chris is the Managing Director of the policyIQ group at RGP. She gets geeky about compliance and technology, and gets to spend every day working at the crossroads of the two. With policyIQ since 2005, Chris has worked with hundreds of policyIQ clients to implement technology and enhance their internal compliance environment. In the past few years, she's focused on enhancing policyIQ's offering as a Conflict Minerals and Anti-Corruption tool. In past lives, Chris worked as a system implementation consultant, a e-commerce specialist, a customer service call center manager, and - for one short but memorable summer during high school - a machine operator on midnight shift in a plastics factory. In her free time, she spoils her nieces, volunteers at her local food bank, and spends more time than she should taking photos of her cats. She would like to be a rock star when she grows up.

One thought on “policyIQ creates Efficient ERM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s