Guest Post by John Ayers (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
Enterprise Risk Management (ERM) is a relatively new concept (been around 10-12 years). It is a top down approach to business system management and execution It is a risk-based problem solving and decision-making process. Everything is looked through a risk prism.
I suspect that many of the companies that have adopted ERM have not implemented it to the fullest extent of its capabilities. The reason is it takes a cultural change to do so and many companies do not know how to do it. This paper by example explains how to change the culture in a company to fully and completely implement ERM.
Six Sigma is a set of techniques and tools for process improvement. It was introduced by Motorola. Jack Welch made it central to his business strategy at General Electric in 1995. Many companies today use six sigma very successfully to improve processes and productivity.
IMPLEMENTING SIX SIGMA
A large defense company that I worked for decided to implement six sigma. They hired a new CEO who had successfully implemented six sigma in another large defense company.
For approximately two years, my company spent hundreds of millions of dollars trying to implement six sigma. They required employees to attend training classes. All types of documents and procedures were posted on line for employees to study. Employees laughed at six sigma. Implementation was not working. They needed a different approach.
They decided to bring in 150 outside six sigma black belt experts to train and teach level 1 six sigma. Level 1 then trained level 2 and so on until all employees were trained in six sigma. In addition, every employee was required to undertake a project to become qualified as a six sigma specialist. It took hundreds of millions of dollars and 5 years to implement six sigma fully and successfully.
Today, six sigma is engrained in the company. It is accepted by all employees as a way of life. It took a culture change to implement six sigma.
ERM is quickly becoming viewed as the ultimate approach to risk management. Consultants are advertising their ability to perform enterprise risk management. Seminars devoted to ERM are being conducted to explain the process, provide examples of applications and discuss advances in the field. Papers on ERM are beginning to appear in journals and books. Some universities are starting to offer ERM courses.
ERM is designed to identify potential events and risks that can impact the organization. It is a management system that can be applied at various organizational levels. These levels are:
- Enterprise level.
- Program/project level.
- Product level.
The following are ERM attributes:
- Riskmanagement continual improvement.
- Full accountability for riskcontrols and treatment.
- Decision makinginvolves risk.
- Continued riskcommunication with stakeholders.
- Central to organization’s management processes.
A new field of risk management is opening up, one requiring new and specialized expertise, one that will make other forms of risk management incomplete and less attractive
Like six sigma, ERM needs a culture change to implement it successfully. This means hiring sufficient numbers of risk management experts outside of the company. They would train level 1 and who in turn will train level 2 and so on until every employee of the company has had risk management training and accept ERM as a way of life.
The outside experts would support the implementation and help the company with writing policies and procedures for ERM. They would also work with the company to develop risk management certification programs. It will probably take 2-3 years (maybe more) to change the culture and implement ERM.
ERM means total risk management, not some subset of risks. New technologies, competition, and COVID-19 present new risks and challenges. The new focus on the concept of ERM provides an opportunity for risk managers to apply well established and successful approaches to risk on a broader scale than previously. This is an excellent opportunity to advance the process of risk management.
Implementing ERM into a company requires a cultural change for all employees to accept and use it. The six sigma approach discussed above is an excellent example of how to do it. Bottoms up or piece meal approach will not work.
Currently John is an author, writer and consultant. He authored a book entitled ‘Project Risk Management. It went on sale on Amazon in August 2019. He has presented several Webinars on project risk management to PMI. He writes a weekly column on project risk management for CERN. John also writes monthly blogs for APM. He has conducted a podcast on project risk management. John has published numerous papers about project risk management on LinkedIn.
John earned a BS in Mechanical Engineering and MS in Engineering Management from Northeastern University. He has extensive experience with commercial and DOD companies. He is a member of PMI (Project Management Institute). John has managed numerous large high technical development programs worth in excessive of $100M. He has extensive subcontract management experience domestically and foreign. John has held a number of positions over his career including: Director of Programs; Director of Operations; Program Manager; Project Engineer; Engineering Manager; and Design Engineer. He has experience with: design; manufacturing; test; integration; subcontract management; contracts; project management; risk management; and quality control. John is a certified six sigma specialist, and certified to level 2 EVM (earned value management).https://projectriskmanagement.info/
If you want to be a successful project manager, you may want to review the framework and cornerstones in my book. The book is innovative and includes unique knowledge, explanations and examples of the four cornerstones of project risk management. It explains how the four cornerstones are integrated together to effectively manage the known and unknown risks on your project.