Enterprise Risk Management made ActionableEnterprise Risk Management (ERM) is on many people's minds these days and for good reasons. Rather than focusing on a single issue, ERM very much takes a top-down view on the enterprise. That is, of course, when it is done properly. After Sarbanes-Oxley, ERM is now driving many initiatives at organizations around the world. While SOX and other equivalent regulations were essentially bottom-up approaches, ERM is inherently different. It is top-down. As a result, it is a much better starting point for broader initiatives. It provides an overview, rather than forcing personnel to drown in details.
With overview comes the need for actionability, if that is a word. The world is full of nice corporate dashboards that give respectable insights into numbers, status and trends. However, the question ââ¬Ånow what?ââ¬Â is hardly ever answered properly. In addition, let's not forget that ERM is very different when compared to other areas of corporate management. It is not just a matter of adding up numbers; it combines factual data with findings, opinions, scenarios, predictions and the like. Not the ideal world to provide a single overview. True ERM must leave room for interpretation and expert judgment. It is much more than a nice dashboard.
Good ERM needs to provide senior management with an overview and an understanding of what the overview is based on and what can be accomplished. In other words, the enterprise will be enabled to learn from history, react to the current state of affairs and anticipate potential future scenarios. This will enable actions at any level of the organization. There are three areas that an enterprise can work on in any organization; its people, processes and systems. These should be regarded as an integrated system. To make ERM actionable, we must understand how it relates to People, Processes and Systems. What's the relevance if it isn't actionable?