ERM Monitoring & Communication: Two sides of the same coin

Risk is an unavoidable part of business. But as a growing number of entrepreneurs now realise, that isn’t necessarily a bad thing.

The last few years have seen an increase in the prevalence and sophistication of enterprise risk management (ERM) practices in the corporate world. And while organisations have leveraged these programs to achieve operational and strategic success, most fail to factor an important aspect of ERM into their policies – its dynamic nature.

ERM for an Ever-Changing World
The advent of technology has made it more important than ever for risk management strategies to continuously evolve, just like the risks faced by businesses. Though the right course of action in such a scenario seems like a no-brainer, most corporates can still only boast of a static approach to the discipline.

While transitioning to a dynamic ERM strategy, it’s important to remember the value of feedback and the four pillars that support it – measurement, monitoring, communication and evolution. And if you can only incorporate two of these into your brand’s ethos, a robust risk monitoring system and an effective ERM communication program are absolutely essential.

From Identification to Mitigation
It is impossible for an ERM program to succeed without having identified the Key Risk Indicators (KRIs) that can predict the occurrence and intensity of unfavourable events that could adversely affect the organisation. For example, a data leak would be a big hazard for a credit card company, which houses important personal and financial information about its customers. The key risk indicator, in such a case, would be employees falling for phishing scams or accessing customer data on devices that don’t have adequate anti-virus and anti-malware programs.
Since most people learn best from experience, the credit card company might find it effective to run unannounced cyber security drills to gauge how aware its team is. Measures like conducting cyber security workshops, and restricting access to confidential data can then be considered, based on the outcome of the drill.

Once these red flags have been identified, the relevant stakeholders must conduct periodic surveillance of each of the key risk indicators to ensure that the likelihood of the risk does not increase.

Communication is Critical
If identification and monitoring of risks form the backbone of an ERM strategy, timely and clear communication is its beating heart.
What risk management professionals tend to forget is that employees across different verticals may not necessarily be familiar with the risk ecosystem. This makes it essential for top leadership to encourage and initiate open discussions about ERM program design, risk ownership, risk assessment and risk analysis. Not only will this bring clarity to your team, but it will also foster a risk-informed culture, which paves the way for its effective management.

In addition to this, companies must also follow best communication practices, both internally and externally. Right from defining every individual’s role in the ERM process and communicating it to them through the optimal channel, to maintaining comprehensive records of any relevant correspondence, clear exchanges can fine-tune your ERM strategy and boost its effectiveness.

If It Works for the Navy…
When it comes to modes of communication, different things work for each enterprise. While some might find that relaying information face to face works best for their employees, others might choose to circulate a bulletin or email that personnel can refer to.

One of the most noteworthy integrations of communication and ERM came in the form of Carrier Team One (CT1), a risk management system set up by the US Naval Sea Systems Command (NAVSEA). They devised this cross-project set-up to identify, assess, mitigate and communicate any risks posed to the timely completion of the project. While most ERM softwares help managers do just that, CT1 also provided a peer-assist environment for risk managers from different projects to collaborate, discuss their challenges and share their insights with each other. After the one-year pilot for the software ended, feedback from leadership showed that the features they were most appreciative of were its communication tools.

The Final Word
Constant monitoring of risks is crucial to the success of a business, just like open dialogue. Any venture that integrates these elements and incorporates them into its plan of action will find that it not only allows them to survive, but also helps them thrive!