policyIQ creates Efficient ERM

We want to thank everyone who joined us this week for our latest training session, Enterprise Risk Management in policyIQ.  In this 60 minute webinar, we highlighted how to apply the policyIQ technology to your ERM program.

Check out the recording of the session, download the slides, or keep reading for a brief summary.

ERM – A Six Phase Approach

RGP’s Governance, Risk and Compliance practice has developed a six phase approach based on years of working with companies around the world to implement effective Enterprise Risk Management.  In policyIQ, we use the same six phases to organize and structure ERM.

Enterprise Risk Management Sustainable Process

Enterprise Risk Management Sustainable Process

Use policyIQ Technology to add Efficiency Every Step of the Way

In this training session, we covered ways that clients use policyIQ within each phase of the ERM process.  For more information, reach out and schedule some time to talk about your ERM needs!

Preparation: Corporate Goals & Objectives and Cultural Evaluation

ERM should be implemented to support corporate goals and objectives, so ensure that you have those goals clearly documented and made available to all employees.  Remember – policyIQ provides free read-only access, allowing you to easily make that information available to all at no additional cost!

And if you aren’t certain whether your organization is ready for ERM, use policyIQ to survey your employees and better understand the current risk environment.  Perhaps you’ll find that most employees are risk adverse, while you may later find that your corporate goals require an aggressive risk approach.  Knowing that there is a disconnect allows your team to provide additional training, tailored mentoring or even to think about some new hires in key positions.

Phase 1: Risk Inventory

Before you can start prioritizing your risk, you need to really understand all of the risks that impact your business.  We discussed two possible approaches:

a. Use a standard list of risks and ask employees to tell you if the risks apply

b. Start with a blank slate and ask employees to think of all of the risks that keep them up at night.

In either case, policyIQ aggregates all of the responses, including aggregating the contents of Excel files that might be sent out to capture risks in that “blank slate” approach.  And remember – don’t just survey your executives and senior management!  Employees at all levels of the organization will provide different insight into risk, and asking a cross-section of individuals will help to identify risks that you may otherwise not be aware of.

Enterprise Risk Management - Risk Gathering

Ask employees to tell you what “keeps them up at night” – and aggregate responses from multiple spreadsheets into a single report.

Phase 2: Consistent and Specific Risk Measures

When prioritizing risks, be sure that the measurements used are specific and consistently applied.  Ranges of dollar amounts, for example, represent the impact of a risk.

Phases 3 & 4: Clear Risk Appetite Statement and measurable Risk Tolerance

Effective ERM requires a clearly articulated Risk Appetite Statement, describing the amount of risk and kinds of risks that the company is willing to accept.  Are you risk adverse?  Risk Aggressive?  Do you accept some risk, but have zero tolerance for others?

High level Risk Appetite Statements can then be broken down into specific and measurable Risk Tolerance statements.  Risk Tolerance is something that can be measured, tested and adjusted for a certain type of risk.

Enterprise Risk Management - Risk Appetite and Risk Tolerance

Define your Risk Appetite and break down specific and auditable Risk Tolerance measurements.

Phase 5: Reviewing Risk KPIs / Auditing Risk Tolerance

Regularly review actual performance against those Risk Tolerance measures.   Document your audit results in policyIQ, remembering to include the data that was tested as attachments to your test results.

Enterprise Risk Management - Audit Risk Tolerance

Document the testing and conclusions.  Be sure to upload the data tested.  If risk is not being managed appropriately – too little or too much risk being taken – document your remediation plan and assign it with deadlines, reminders and follow-up directly in policyIQ!

Phase 6: Incorporate ERM into the rest of your business 

Finally, it is critical that your ERM program doesn’t exist in a silo.  Risk management is happening all around your business, and the results are feeding your ERM program.  Link those lower level process risks and mitigation procedures to your ERM program, giving full visibility into all levels of risk management.

 

We are looking forward to working with many of you to implement Enterprise Risk Management into policyIQ!  Contact us to schedule a meeting – no cost and no obligation – so that we can discuss the specific aspects of your ERM program that can be improved through technology.

Enterprise Risk Management: Technology, Expertise and Tactical Support with RGP

If you haven’t explored how you can use policyIQ to implement or enhance your Enterprise Risk Management (ERM) program, we need to talk!  policyIQ’s Governance, Risk and Compliance (GRC) platform provides the flexible infrastructure that you need to…

  • conduct risk surveys and assessments,
  • document your risk tolerance and metrics, and
  • capture activities that take advantage of risk opportunities or that mitigate excessive risk, or
  • take action on organizational issues.

RGP’s Enterprise Risk Management Expertise!

RGP’s GRC practice works with companies around the world to implement ERM programs.  In some cases, starting with a complete cultural survey to better understand the real appetite (or perception of appetite) for risk across the organization.  RGP recently presented a webinar, “Enterprise Risk Management: Are you optimizing your ERM program?”  The webinar drew hundreds of attendees from companies around the world, anxious to learn how they could improve their ERM program and confidently answer that question with a solid “YES!”

Alongside GRC Practice Leader Les Sussman, risk management expert and Washington DC office Managing Director, Eric Gerner, provided an overview of a successful, efficient and sustainable ERM process – as well as practical keys to ERM success.

View the recording of that webinar at any time – or share with your colleagues.

Sustainable ERM Process

In that webinar, Mr. Sussman and Mr. Gerner walk through a six phase ERM cycle that provides a sustainable framework in which a company can identify, prioritize, implement and monitor ERM activities.

Enterprise Risk Management Sustainable Process

We have integrated the use of policyIQ into these six phases, ensuring that ERM practices are efficient every step of the way!

Are you working on Enterprise Risk Management initiatives?  Contact us and let’s talk about how RGP and policyIQ can help you to be more efficient, provide visibility into enterprise risk and risk appetite throughout the company, and create an on-going, sustainable ERM process.

RGP Training Opportunities for September

Here are a couple of new training opportunities for the month of September from the team at RGP.  Be sure to sign up for 1 CPE credit during each event!

September 24: Are your Optimizing your ERM program?

While Enterprise Risk Management has been adopted by most organizations in some form, many still struggle to create effective programs. How do you create an ERM program that is effective without breaking the bank? In this webcast, RGP will lead you through the best practices to creating an effective and efficient ERM program, with a focus on distributed responsibility and long term sustainability.

September 30: Financial Reporting Update

Join us for a financial reporting and accounting review and analysis including the latest FASB pronouncements, and SEC and PCAOB standard setting. This session will provide you with what you need to know to comply with these changes and help you to stay a step ahead.

Consider how technology can advance your ERM program

Our firm, RGP (Resources Global Professionals), has been on the road presenting in cities around the country on the “Keys to Success in Enterprise Risk Management”. We’ve had some terrific conversations with Risk, Finance, Legal, Compliance, Security and Audit professionals and facilitated conversations drawing from everyone’s experience to address the hurdles that different companies are facing. These exchanges and new partnerships are invaluable!

Among the keys to success, one that has been identified is the value that technology can bring to several phases throughout the ERM implementation process. If you’re a reader of the policyIQ blog or are a part of the RGP community, you have likely heard that policyIQ is often used for Risk and Compliance documentation, audit, policy management and related process automation. This includes Enterprise Risk Management!

Capturing the full ERM cycle of information in one place helps to ensure that everyone has easy access to the information—the ability to grab a pulse on various aspects of the program in real time from anywhere. This is also of chief importance to a successful program: keeping ERM accessible and an ongoing part of every strategic conversation.

To give some examples:

Questionnaires or surveys
policyIQ provides tools to make the administration of any collection of information more efficient. At your fingertips, you can see who you have heard from, who still has a questionnaire outstanding and you can automate the reminder to those with outstanding surveys or questionnaires.

With that, our tool is utilized to help organizations better understand their risk culture by gathering opinions from strategic members of the organization by conducting a survey—one that might even allow anonymous submission of responses to encourage the most candid feedback possible.

This same functionality is applied to gather an initial and to capture principals’ thoughts on the priority of risks.

Key Documentation and Support
It is critical that a solid ERM process include a number of discussions and agreements among the organization’s risk owners as a matter of course. What conclusions were drawn from the culture assessment? What risks bubbled up to be considered the most critical? What definition (thresholds in dollars, numbers, events, etc.) did you give to your rating of those critical risks? What are the parameters for acceptable (or unacceptable) risks that you use to define your organization’s risk appetite? And the agreed upon considerations or limits for risk tolerance?

Assess, Adapt, Monitor, Measure
In addition to providing a place to collect and gather all of the key pieces of information, policyIQ provides excellent reporting ability. You can zero in on a specific metric in cases where you have a concern and you can schedule delivery of information on a routine basis to aid in ongoing monitoring of performance.

Without a doubt, technology will help any organization to more effectively and efficiently manage their ERM program. We have presented some ideas in broad statements here. Contact us to see and discuss, in more detail, how policyIQ will help your organization to mature your ERM program to the next level.

Twitter-review of the 2015 GAM Highlights

The IIA put on another impressive General Audit Management (GAM) Conference again this year. Below is a quick twitter-review of some 2015 #IIAGAM highlights. Remember that RGP is a Professional Services Firm with expertise in:

  • Human Capital
  • Finance & Accounting
  • Information Management
  • Governance, Risk & Compliance
  • Supply Chain
  • Legal & Regulatory
  • Corporate Advisory & Restructuring
  • Strategic Communications

We are particularly strong in cross-functional support, listening, helping to identify the common threads and root issues, and guiding an organization with a team of experienced professionals who will walk alongside your employees and leave them more knowledgeable and ready to make progress and gains than before we arrived.

Reach out to us and we’ll connect you with an RGP representative in your area.

Now, on to the GAM highlights!

Lots of speakers addressed the more prominent role of Internal Audit in the heavy activity of Mergers and Acquisitions.

GAM_MandA

If they were not already making it a top priority, I’d bet 1,400 audit professionals attending GAM took the message back to their colleagues that they need to give cyber-security more attention

GAM_CyberSecurity

Of course, Risk Management continues to be a hot topic.

GAM_RiskManagement

Don’t underestimate the work involved in preparing to comply with the Revenue Recognition Accounting Standard.

RevRec

These were just a few of the key topics discussed at the GAM Conference this year. You can gather more information from the IIA website, Twitter and other social resources and, you can join the conversation next year! We’ll look forward to visiting with you at the RGP booth!