Login Register Subscribe
Current Issue

Consultant outlines common errors in enterprise risk management

Reprints

OTTAWA, Ontario—Companies can take a variety of approaches in crafting enterprise risk management programs, but there are several common mistakes that crop up in those efforts, according to one ERM expert.

Speaking Monday at the 2011 RIMS Canada conference in Ottawa, Ontario, Diana Del Bel Belluz, president of Risk Wise Inc. in Toronto, outlined a Top 10 list of common enterprise risk management errors.

Among the mistakes Ms. Belluz outlined were complacency, not understanding your risk exposure, relying on gut instinct, overlooking information you have and focusing on the wrong risks.

Other common mistakes are failure to link the ERM process to the organization's performance management, failure to build resilience into the program, failure to acknowledge and learn from “near misses,” failure to seek out and listen to constructive feedback and failure to cultivate relationships with external stakeholders.

The ERM consultant also outlined strategies for addressing the various mistakes. To tackle complacency, for example, she recommended cultivating “a mindset of questioning.” She said she sees the mistake of not understanding exposures most often in organizations that don't “filter” risks against their objectives. “At its heart, this is really about the failure to link risk and strategy,” Ms. Belluz said.

While there are occasions that require making judgments on instinct, Ms. Belluz said problems associated with an overreliance on the gut can be reduced by rating the quality of risk estimates and finding information that can help gauge the accuracy of gut instincts.

A major element of eliminating the problem of focusing on the wrong risks involves determining the organization's risk appetite. “If you don't articulate it, what you do is you leave people to infer what the level or appetite for risk is, and I guarantee you'll have some differences,” Ms. Belluz said.

Regarding the failure to build resilience into the program, Ms. Belluz noted, “Risk management is very much about change management.” As for the mistake of failing to seek out and listen to constructive criticism, beyond good communications skills Ms. Belluz said the solution is “humility in management” and the “ability to admit we don't know it all.”

Ultimately, Ms. Belluz said, with ERM, “It's not just about reducing risk, it's about thinking about it in terms of achieving objectives.”

“With ERM, the focus is always on getting that balance right,” she said.