Ten tips for a successful ERM implementation
More than ever credit unions are realizing the importance of managing risk with a holistic Enterprise Risk Management framework. Business risks are even higher now because of the uncertain economy; technological threats, such as hackers breaching your systems to steal member data; and an ever changing regulatory environment. With or without ERM, your institution is constantly managing risks in a variety of existing departments and functions. However, implementing an ERM framework at your institution will improve each department’s ability to manage risk and coordinate with other departments to provide a unified enterprise level picture of risk for your Credit Union. This allows institutions to improve their ability to manage risks effectively in a holistic and strategic way.
Before implementing an ERM initiative at your organization you may want to consider these 10 tips for a successful implementation. In our experience we have found that not paying attention to these important factors may lead to ineffective programs, unreliable data, or failed systems.
- You are already doing it: Implementing an ERM initiative at your organization is just putting a framework around all the risks that you are already managing.
- It takes time to mature: Plan your ERM initiative for the long run and set organizational expectations. You won’t get results overnight, some after a year, and the highest impact results often materialize after 3 years.
- Get everybody involved: Implementing an ERM framework is most effective when it is driven organically throughout the organization.
- Focus on your business needs: Collecting data for data’s sake will not help you or your organization. Your project charter should include clear strategic and tactical objectives – with a logical progression from the system to the desired results.
- Don’t let Internal Audit (or any other department) see it as a threat: A good ERM program works hand-in-hand with internal audit and will make them more efficient and effective in their own activities.
- Whatever you start must be maintained: Remember when you start this that maintenance and ongoing improvement are fundamental. Otherwise, you could find yourself dealing with an out-of-control high-powered set of new problems.
- Opinions Come and Go: Always use quantitative measurements whenever possible. Using opinions and hunches tricks your perspective into focusing on today’s hot topic, and not on what really matters to your business tomorrow and beyond.
- Match it to your culture: Every organization is different. An ERM program at a $200 million institution in Arizona will look drastically different than at a $5 Billion institution in New York. Everything that makes your credit union unique (geography, field of membership, local economy, competition, etc) must be factored into your program design.
- Integration is Key: Ask yourself “Can my ERM risk assessment drive a two-year audit plan?” or “Can the results of our audits affect Risk Ratings?”
- Don’t lose sight of the End Goal: Remember why you are implementing ERM. Your primary objective is to deliver actionable information to those that are making decisions.