PKF F.R.A.N.T.S Chartered Accountants’ professionals work with you to cut through the complexity of today’s rapidly changing marketplace. We leverage the knowledge and skills across our global network of firms to develop practical recommendations designed to help you work smarter, grow faster and compete stronger. Our Advisory works with the world’s leading organizations to create and protect the sustainable value of their business.
We are trusted advisors to the world’s organizations. They choose us because we are known for our talented people, technical expertise, deep industry insights and our ability to get the job done.
Management consulting
Partnering with you to gain competitive advantage.
Are you putting in place the building blocks that will make your organization perform more effectively when the economy recovers? Successful organizations are using this time to transform their business, balancing the critical levers of cash flow — cost, investments and revenue to achieve sustainable business performance.
There are three key aspects to consider.
- Obtain accurate information to drive business insight:
Any business today needs to have confidence in the data that’s used to report financial results, set future performance expectations, evaluate risk and understand customer interests. By creating standards, disciplines and governance around data that goes all the way down to the item level, and by using technology effectively to access it in real time, business leaders and managers can trust that the information they use to make decisions is as accurate and insightful as possible.
- Navigate the complexity of business enterprise and make the needed structural changes:
Leaders so often turn to quick wins — swapping tap water for bottled water; eliminating non-essential travel and the like — with little regard for their efficacy, lasting impact or unintended consequences. Instead, go below the tip of the iceberg, navigating the complexity inherent in the business, to make needed changes to the business model that can have a lasting impact. Take advantage of technology that can enable the business to run more efficiently. Review the overall people strategy in order to meet future talent and skills requirements. Ensure your procurement process is actually adding value by saving time and costs, rather than creating fragmented purchasing and black holes of spend.
- Focus on sustainable performance:
Find and retain the skills you need. Build disciplines and processes that allow you to be in control of the business. And understand how to harness risk to your advantage. Be bold. If not now, when will you make major changes that could transform the way that you operate? In the past there was perhaps too much focus on refinancing rather than re-engineering, now is the time to make considered and sustainable change.
Consider the organization as a single unit. It’s not about how to make HR or IT run more efficiently but how to make the business, as a whole, more efficient over the longer term. Stay the course, embed the right behaviors in your business and look to a more sustainable and profitable future.
Customer & Operations
Customer & Operations teams focus on fundamental business issues — managing risk, increasing revenues and controlling costs — which all organizations, in all industries, should address in order to flourish. We help companies identify risks and optimize operations that are used to support their strategic business objectives and financial goals.
Organizations have a range of options to help them manage and improve performance, including process and control design, shared services models and outsourcing. Our firms’ Customer & Operations professionals seek to empower clients to make better business decisions — decisions that are at the heart of successful business transformation and change management efforts.
Customer & Operations teams serve our firms’ leading clients in all industries. Our professionals bring extensive experience and work collaboratively with clients, advising them on:
Managing and reducing materials costs | Improving service to the customer | Globalization |
Optimizing overall internal supply chain costs | Reducing supply chain risk | Product design efficiency |
In addition, the Customer & Operations team can transform the business by helping clients think through:
Operations risk management | Strategic cash generation | Operational optimization |
Supplier risk | Working capital optimization | Rapid value procurement |
Product portfolio risk | Manufacturing strategy | Integrated supply chain planning |
Process risk | Revenue management | Cost management & optimization |
Customer & Operations teams can assist our firms’ clients with:
Rapid value procurement |
Focuses on optimizing strategic sourcing, consolidation of the supply base, improved contract management, improved inventory management through purchase execution and procurement process effectiveness. |
Working capital management |
Designs and embeds approaches to develop and implement visibility, control and generation of cash and working capital across the business operations. |
Supply chain optimization |
Advises on lean manufacturing, lean six sigma, operations, product lifecycle management, logistics, sourcing, and distribution. |
Business integration |
Advises on mergers of business organizations (called post-merger integration), shortly after a deal is finalized or years after many mergers have been executed. |
Customer management |
Provide insights in to managing the entire life cycle of a customer, helps with visibility into customer segmentation and assists in increase customer retention and acquisition |
IT advisory services
An effective, well-managed IT system is one of the most valuable business advantages an organization can secure. The right technology, implemented properly, appropriately managed and monitored, can lead to significant gains in growth and efficiency. It is essential to get sound business advice to ensure technology risks are managed. IT is challenging to get right and expensive to get wrong — not only in terms of dollars spent, but also in lost efficiency and potential regulatory infringements
How our firm can help?
We work with clients to analyze business technology issues within their businesses. A client might approach us for assistance with:
CIO Advisory | Review and assessment of the strategy, architecture, or governance of a client’s IT environment. This could include reviews and assessments of the client’s technology/applications strategy and roadmap(s), and enterprise architecture documents and/or processes. |
Shared Services Outsourcing |
We offer guidance on the most appropriate strategies for outsourcing or offshoring IT services, and ensure that effective controls are implemented |
Technology Enablement Review & Assessment |
Reviews and assessments of IT projects involving SAP/Oracle/Microsoft & Other systems, where other parties are engaged to undertake the strategy, blueprinting, control design, development, testing, and program or project management stages. |
Technology Enablement Implementation Services |
IT projects involving SAP/Oracle/Microsoft & Other systems. Services related to the strategy, blueprinting, control design, development, testing, deployment, and post-go live stages of a SAP system development lifecycle. |
Project & Program Management |
Services related to technology implementation project and program management, other than those projects and programs using technology relating to SAP, Oracle, Microsoft, Workday, or Service Now |
We focus on the business impact of technology rather than systems implementation, and we are not tied to any hardware or software suppliers. As a result, our advice is independent and geared to the specific needs of each client.
People and Change
Our People and Change team focuses on the human element of your organization and develop strategies for the attraction, development, motivation, retention and management of the right people with the right skill sets and right experiences to deliver on the goals of the organization.
We will work with you to answer critical questions and offer practical solutions:
Is workforce deployed optimally in a suitable reporting structure? – There is a need to reshape and create more efficient ways of working to deliver business drivers and strategy by optimizing the size of the organization and appropriately respond to customer demands
> We will work with you to design a suitable organization structure for your business, provide workforce intelligence and help you understand the effectiveness of your workforce composition, relationship to business performance and cost profile to identify opportunities for reducing cost while improving alignment with your goals.
Are the right performance metrics being targeted and improved? – As top-level goals become more complex and cross functional, is it vital for each employee to understand the role that they play and understand how strategy is broken down into functional tactics to align business drivers together for success
> We will work with you to understand the linkage between entity and employee performance and develop, implement and integrate performance mechanisms and systems that deliver the capabilities and performance required by the organization’s strategic intent.
Is the right talent being attracted, retained and developed? – Talent mobility is becoming more accessible; there is uncertainty about which critical roles require investment and focus. A lack of a plan to build capability with unclear employee value proposition and career paths to employees raises a red flag for leadership to invest in talent management capabilities.
> We will work with you to better understand the science of employee engagement at your organization and help you roll out various initiatives to secure your talent base while ensuring the current and future needs of the business are being met and strategic goals are being achieved.
Is HR adding value as a strategic business partner? – There is a movement away from the traditional Ulrich model to more tailored HR operating models, the continuing issue of HR credibility within the business means that HR has to prove it can deliver increasing value to the business while leveraging new technologies.
> We will work with you to transformation your HR by helping you create the optimal HR function and developing leading delivery models for HR services that enable the organization’s Talent/Human Capital strategies. We have also developed market leading capabilities in HR technology solutions including our People powered performance (P³) tool
Are new initiatives being accepted in true spirit? – Every organization, every change programmer and every leader is unique and requires carefully crafted interventions to push the change agenda. A high proportion of transformation efforts fail, and many more fail to deliver all of the intended benefits. Different stakeholders often have very different wish lists of outcomes to be delivered by a transformation program.
> We will work with you to better manage change at your organization and accelerate the successful implementation and acceptance of new initiatives by your workforce. We will help you develop change management plans while together understanding how changes to strategy, structure, processes and technology impact your people.
Financial management
The finance function needs to be aligned to the business strategy, and provide financial analysis and insight to support corporate decision making, while also meeting legal and regulatory requirements as a given. With a global network of professionals, Financial Management is able to bring the right people, with the right skills, to the right place at the right time to assist helping organizations to become leaders in finance. Aimed at helping to maximize the finance function’s performance and increase its value to the business, we provide a range of Financial Management services under our three service networks – Efficient finance operations, Effective decision support and Finance Strategy & Transformation.
Efficient Finance Operations
An efficient finance function helps identify and deliver specific improvements in order to unlock value and resources thus freeing up time for improved decision support activities. It is founded on a robust platform of integrated operational/transactional finance activities.
This service network includes the following offerings:
- Quality Close & Integrating Reporting
- Finance Process Optimization
- Finance Function Benchmarking
- Finance Shared Services & Outsourcing
Effective Decision Support
This service network helps clients deliver a fit-for-purpose financial planning and performance management framework in order to help the business to make better decisions.
It includes the following offerings:
- Cash & Working Capital Management
- Cost Management
- Financial Information Management
- Financial Performance Management
- Planning Budgeting & Forecasting
Finance Strategy and Transformation
Finance Strategy and Transformation helps a client to define the role of finance in driving the strategic business imperatives. It helps the CFO to clearly articulate its Finance vision and strategy, analyze the performance of the finance function, and develop a future state operating model that is fit for purpose.
This involves a wide ranging review of the finance function, matching performance to business requirements and diagnosing areas for improvement across the finance landscape. It includes the following offerings:
- Business strategy alignment
- Finance business partnering
- Finance function recovery
- Finance integration & separation
- Finance organization design
- Finance target operating model
- Finance transformational
- Finance vision & strategy
Transforming Operations
Whether you are restructuring your organization or experiencing delays in your projects, our focus is on effectiveness as much as efficiency. We align your operations to your strategy to meet your business goals. By designing effective operating models and processes for your business we can help improve your front and back office functions too.
What’s on your mind?
- How to develop an operating model for a business unit providing support and development?
- How to design an organizational structure which makes systems and processes more efficient?
- How to assess and implement transformational outsourcing in back office functions across countries?
- How to reduce costs and find efficiencies?
- How to rationalize a supplier base?
- How to source suppliers to drive efficiency and support growth?
Bringing you peace of mind
- Design and implementation of global operating models
We can help your global operations move into an integrated model, spanning changes in organization, location, process, technology and sourcing. This includes back office functions such as Finance IT, Procurement and HR, middle office activities and customer contact.
- Sourcing and shared service center rationalization
By rationalizing your supplier base and delivery locations we can help you choose the right supplier and location strategy for your business. We conduct bottom-up reviews of Shared Service Centers and Business Process Outsourcing to help drive consolidation and cost reduction activities across local, national and international locations.
- Outsource supplier selection
We can help you prepare the business case, identify and select the right suppliers, build robust and effective commercial arrangements and provide full transition management whether it be for Finance and Accounting, HR, CRM, Procurement or IT Outsourcing Design and implementation of global operating models.
What’s in it for you?
- Improved and more effective operating models and business processes, including standardized systems and operations
- Cost reduction
- Risk management integrated into processes
- Increased customer satisfaction
- Increased productivity
- Rationalization of supplier base and effective sourcing of suppliers to help drive efficiencies and support growth.
Risk consulting
Risk management is not the responsibility of a single department. It is the responsibility of everyone, from the chief executive down. Past corporate failings have been attributed to lack of accountability, strategy and transparency.
Tougher expectations by regulators and other stakeholders now mean that corporates and financial institutions should demonstrate better discipline, control and responsibility. Failure to keep on top of and comply with existing and emerging regulation could jeopardize reputations and livelihoods. How robust is your governance, risk and compliance program?
Financial risks have probably never been more acute. Capital reserves, credit portfolios, investment policies and capital and debt profiles all demand constant scrutiny to adequately manage and mitigate risk.
Companies should also be vigilant about risks presented by suppliers. A counterparty who defaults on a contract, or whose business collapses, can have serious financial and reputational ramifications for connected parties.
Fraud risks can also increase when cash is tight. Some employees become more opportunistic — and external hackers more resourceful. They find security lax in areas of the business that used to be better resourced … and they strike. Are your systems and policies sufficiently robust to ward off the risk of fraud?
At the same time, many companies are more likely to pursue litigation for losses that they would otherwise endure in more prosperous times. Disputes arise as they seek to apportion blame to other parties for inappropriate or negligent behavior that results in financial or business loss. Could you end up as instigator or defendant in a litigation case?
With all these demands, internal audit is in many companies often elevated from pure compliance to a function that regularly reviews the risk profile for emerging risks and identifies trends as it keeps its finger on the pulse of business performance. The chief risk officer, meanwhile, becomes increasingly involved in strategic decision-making where the emphasis is as much on risk as it is on growth.
IT advisory services
Managing IT risk and compliance
How We can help
Amid an evolving regulatory environment and increased oversight pressures, organizations face ongoing challenges to manage and comply with ever-mounting regulations that are coming their way. At the same time, organizations are focused on managing new and persistent risks to their business, while balancing revenue growth and expense saving business priorities.
In the face of these challenges, managing IT risk and compliance has become even more critical, as IT failures can lead to reputational damage, customer and market valuation loss, and an increase in privacy issues and high-profile legal exposure. In this environment, enhancing IT controls is crucial to help ensure businesses are managed and controlled appropriately, and functioning reliably.
The right technology, implemented properly, appropriately managed and monitored, can lead to significant gains in growth and efficiency. It is essential to get sound business advice to help ensure technology risks are managed.
We work with clients to analyze business technology issues within their businesses. We assist clients with the following areas:
Information Protection and Business Resiliency Advisory
Security Technology Assessment and Architecture.
Includes Security Testing and Assessment services, SEIM/Incident Response, and Security Architecture
Services (Encryption, Firewalls, Endpoint, etc.)
Business and Technology Resilience
Includes contingency planning for disaster recovery, Business Continuity Management planning to
ensure business functions continue in the event of business interruption and
Crisis Management preparation.
Information Governance and Privacy
Focus on controls (confidentiality, Integrity, and Availability) of information, including
operational and regulatory sensitive information.
Security Strategy & Governance
Includes Security Strategy, Organizational Governance and major Information Protection project/program
support.
Risk & Compliance Services
We provide Enterprise Risk Management, contract compliance, climate change/sustainability, governance and regulatory compliance.
Risk & Compliance Services
How We can help
Our Risk & Compliance Services (RCS) deploys multidisciplinary teams of professionals experienced in IT, fraud analytics and risk assessment, shared services, finance management, treasury and financial instruments, and the supply chain to augment and enhance an organizations’ existing internal audit capabilities.
It works to make enterprise risk management programs, and risk and controls management more efficient and effective.
We offer a wide range of tailored services and products to help enhance corporate governance, assess business risk, provide assurance on control effectiveness and support you in achieving your organization’s goals. Services within RCS include:
- Sarbanes Oxley Assistance Services (SOAS).
- Strategic Sourcing.
- Regulatory Compliance.
- Enterprise Risk Management (structure, risk identification, monitoring, reporting, optimizing).
- Corporate Governance.
- Integrated Assurance.
We assist directors and management to identify the applicable laws and regulations to better understand the regulatory environment. Our professionals work with senior management and audit committees to develop quality internal controls that delivers strategic business assurance, identifies business opportunities and enhances organizational value.
We can assist you in following areas:
- Deploying continuous monitoring techniques.
- Designing, executing and advising on the use of enterprise risk management.
- Driving regulations compliance.
- Rationalizing monitoring functions and governance practices.
Sustainability services
Sustainability practices helps you build long-term value in a rapidly changing world.
Business leaders across the world must respond to environmental and social changes: from population growth, urbanization and expanding wealth to resource scarcity, declining ecosystems and climate change.
If a company is to successfully manage the risks and opportunities of these changes, and build a business that is sustainable in the long term, it needs to go on a journey.
Continuous Auditing and Monitoring
Continuous Auditing (CA) & Continuous Monitoring (CM) are automated feedback mechanisms used by Internal Audit or Management to monitor IT systems.
Continuous Auditing (CA) and Continuous Monitoring (CM) are automated feedback mechanisms used respectively by Internal Audit or Management to monitor IT systems, transactions and controls on a frequent or continuous basis, throughout a given period.
Companies who deploy Continuous Auditing (CA) can leverage technology to more efficiently analyze risk data on a frequent basis. This approach helps the detection of anomalies, outliers, inconsistencies and other factors to more efficiently focus audit resources.
Continuous Monitoring (CM) provides management with information on key performance metrics in close to real-time, allowing them to have better insight into issues as they arise, thereby improving their ability to manage risks and opportunities.
These services assist our member firms’ non-audit clients to:
- assess and design the overall implementation plan
- perform risk assessment and design query protocols and reports
- assist management through the change management process
- evaluate software tools and provide recommendations
- provide recommendations on reporting and dashboards
- train management and internal audit
- execute continuous audits.
We strategically deploy resources from various disciplines to suit each individual client situation. IT Advisory, Internal Audit and Forensics professionals typically comprise the core team, adding industry or subject matter specific resources as appropriate.
Our firms’ resident skill sets and experience includes:
- GRC suite tools associated with major ERP systems
- fraud risk assessment and anti-fraud process evaluation
- enterprise risk assessment
- risk and controls knowledge, with emphasis on those that are industry-specific and compliance-driven.
Our firms’ CA/CM services are aligned to meet the needs of key stakeholder groups:
- Board of Directors — Delivers regular insight into the status of controls and transactions across a global enterprise. It also helps to improve the overall risk and control oversight capability through enhanced detection and monitoring.
- Management — CM allows senior management to have improved visibility into the organization, enhancing its oversight capabilities and providing line managers with better tools to manage day-to-day responsibilities.
- Internal Audit — CA provides early warning of problems so that IA can address control or transaction failures closer to the occurrence.
Contract Compliance Services
Our CCS professionals are experienced in serving a variety of our firms’ clients in a wide range of industries in areas such as royalties, licensing, distribution agreements, advertising, digital content and more. As a result, we understand the complexities and nuances of a range of business contracts, processes and procedures and have been able to help companies recover revenue misstated in self-reporting statements while maintaining and improving relationships with their business partners.
Our services are as follows:
- Royalty Compliance — aims to recover fees, help strengthen licensing relationships and identify opportunities for mitigating risk.
- Software End-User License Review — monitors license compliance for software vendors, leading to increased current and future licensing and maintenance revenue.
- Vendor Contracts — advises on management of vendor relationships.
- Ad Agency Contract Compliance — aims to identify significant cost recoveries or other improvement opportunities.
- Reseller and Distributor Review — assists with the enforcement of contracts with channel partners.
- Digital Distribution — assists digital content owners in assessing the completeness and accuracy of self-reporting of content distribution.
- Software Asset management (SAM) — can include a review of people, process and technology areas against industry standards.
- Intellectual Property (IP) Audit — assistance in assessing and optimizing processes of the IP governance throughout different stages of the IP lifecycle.
Risk-Based Strategies
Disruption is the name of the game in today’s business environment. New innovations, technologies and business models are reshaping what business.
Disruption is the name of the game in today’s business environment. New innovations, technologies and business models are reshaping what business means and how companies operate. As some companies work to manage risks associated with disruption, others look at the opportunities and ask, “How can we use these disruptions to become something new?”
Successful companies will be ones that understand how risks are evolving and can turn them into unique advantages. At PKF F.R.A.N.T.S , we can help you become a force of disruption – not just a respondent to it.
While most companies focus on risk management to help them navigate new and emerging risks, others are becoming more proactive. Leading companies recognize that disruption isn’t solely within the purview of a start-up. Any company can leverage disruption to create new opportunities and break away from their competition. The question they need to ask is, “How?”
The key is to establish a risk view that goes beyond the defensive. This view of risk starts with a company’s ability to understand and identify signals of change for their company, their industry and the business world in general. When companies don’t see change coming, it’s hard enough to respond and stay afloat. But when companies know change is coming, they can find ways to leverage it to take their business to the next level.
Implementing Risk-Based Strategies
we define enterprise risk management (ERM) as a discipline, not in the sense of punishment, but as the mastery and continued maturation of risk competencies. Essentially, ERM is all about building risk management capabilities throughout the organization.
As risk professionals, we often focus on ERM as an end to itself rather than a means to support the organization’s objectives. But to be useful, that is exactly what it must center around: providing value to the company.
Alas, there is no magic bullet to implement a program that will hit that target. But there are some key guidelines you can follow. With that in mind, the following 10 simple steps may help guide you as you begin planning your journey.
1. Define what value your organization will gain from ERM
Because it is so difficult to demonstrate ERM value through traditional investment metrics (return on investment, return on equity, return on assets, or risk-adjusted return on capital), many companies make the business case. This looks at ERM in four categories: shareholder value, risk mitigation, process consolidation and silo elimination.
While these are worthy goals, they can be difficult not only to measure but to articulate to management and the board. Since leadership is always focused on value creation, the link between ERM and the organization’s strategy is often weak at best.
So how does ERM actually contribute to the organization’s value? How can that be demonstrated and measured in terms that are meaningful?
You first have to discover what value your organization is trying to create, as well as protect. Is it simply increased share price? Or is it reducing volatility to enable a more efficient use of capital? Or perhaps, for non-profits, is it delivering more services to a broader constituency?
Whether value is expressed as market share, profit, service provision, donor levels, social impact or some other benefit, how do the enterprise risk management competencies advance the organization’s mission and related objectives? In other words, what business need will be met through a structured ERM approach?
2. Research and understand different standards and frameworks
Advocates of certain risk management standards and frameworks may encourage you to believe that there is one, and only one, “right” way to define and manage risk. If you operate in a regulated environment, you indeed may need to comply with specific risk management standards. But risk management practices tend to be universal and evolve over time, whereas standards (and regulations, for that matter) may not keep up with more current, innovative practices.
Even so, learning about each of the major standards can generate ideas. A 2011 RIMS executive report, “An Overview of Widely Used Risk Management Standards and Guidelines,” analyzed six frameworks, and nearly all were found to be similar in certain ways. For example, each requires, among other aspects, the adoption of an enterprise approach with executive-level sponsorship; structured process steps, oversight and reporting of the identified risks; a risk appetite definition with acceptable tolerance boundaries; and monitored treatment plans.
Although we uncovered a number of common elements in our research, certain success factors were either missing or underdeveloped, most notably root-cause analysis and risk appetite management. Moreover, we found that 44% of North American risk practitioners choose to adapt their practices from a number of standards rather than adopt any one standard. Learning as much as you can will give you a solid foundation to decide what elements are the most vital to your ERM initiative.
3. Inventory what your organization is already doing
Many organizations already have controls in place for widely understood risks, such as business disruption, environmental liability or worker injuries. It is likely that the individuals responsible for these controls also conduct risk assessments. While this is not enterprise risk management, it is a start. And understanding what your organization is already doing allows you to leverage existing practices within a broader ERM environment.
Additionally, having a common, collective understanding concerning which risks should be accepted, avoided, transferred (or shared), mitigated or exploited can reduce organizational dissonance about what is acceptable to the organization’s stated objectives.
4. Seek support and help
Implementing an enterprise risk management program is not the time to go solo. Many parts of the organization have a legitimate stake in the discussion, and they can become either powerful allies or forceful detractors. The “power of one” comes into play in recruiting those who can make a positive difference in your implementation.
Your most important advocate should be an executive sponsor—ideally more than one. Once your sponsors are on board, determine who best understands the risks your organization faces. Many successful implementers have formed a working committee of internal stakeholders, such as operations, sales, accounting, legal and internal audit. If you include the leaders responsible for management controls in a working committee, it usually accelerates collaboration.
Mostly, however, you should seek out people who are knowledgeable about your organization and able to influence others, which means the cast may vary depending upon the scope of operations. If your organization’s mission is innovation, for example, include leaders from research and development. Or, if your organization focuses on education, include faculty leaders.
You may also want to consider external sources of support, such as insurance brokers, external auditors or consultants. But heed this word of caution when engaging external supporters: be sure to clearly communicate the specific role you want them to play. Sometimes, this may require a strong nondisclosure agreement.
5. Keep it simple
Focus on the basics. Once you have established why you are implementing ERM, work to de-mystify the process. Be able to distill your messages down to two-minute sound bites that explain, in plain English, how ERM is different from previous approaches. Refrain from using jargon; choose terms that are already understood in the organization. In the same vein, simplify process graphics to illustrate the steps the team will be taking.
Remember to keep the message focused on the organization’s objectives rather than on the risk management process itself. To the end user, the ERM program mandate is less important than gaining value by making better-informed decisions about risk. While a formal training program may be characteristic of a mature program, simple process training, using available tools and templates, is quite appropriate when first getting started.
6. Start small
What should be the scope of an ERM implementation? A number of successful implementers have begun by focusing on a specific business area or single goal. The state of Washington’s strategic goal is to improve the health and safety for all citizens, for example, so its ERM goal became fostering ERM implementation in all of its 165 state agencies.
While this scope may seem daunting at first, nine specific and achievable objectives—including assigning risk management to a specific employee within each agency—were agreed upon over a multi-year period. Parameters were set for success, and the scope of activities was limited in a manageable way. By initially targeting implementation in a controlled way and monitoring progress against a single goal, Washington achieved a higher overall commitment. And now the state has something it can build on.
7. Go for the quick wins
Don’t try to cover every possible risk. Start with those that matter most for the success of your organization’s strategic objectives. By identifying and analyzing the risks that may have a material impact on the ability to execute strategy, the odds of creating value quickly are much higher. If you prioritize by risk criteria—severity, importance or speed to onset—action plans can be executed immediately and revisited to validate the chosen responses.
Understanding which risk criteria are important to leadership creates an opportunity for frank discussions about just how much risk the organization wishes to pursue, both for specific objectives and in the aggregate. These leadership discussions tend to reveal where the organization may be culturally when it comes to risk-taking or risk aversion. Overall, this exercise can go a long way towards establishing a barometer of the organization’s risk appetite.
8. Delegate “fixes” to risk owners
Who will do something about the risks? The obvious answer is whoever is accountable for managing the business functions most closely associated with those material risks. For example, a chief information officer may be accountable for managing risks associated with potential data breaches.
Not all risks can be neatly compartmentalized, however. Risks such as unauthorized social media releases may not find a “natural” owner, but a specific individual still needs to be named. There always should be one identified owner held accountable for the risk management plan decisions and execution. This person will likely need to rely on others to make the plan work and manage interconnected risks, but naming an individual risk “owner” will help move the chosen response plan to action.
9. Report on progress
Progress reports highlight the difference that enterprise risk management makes in your organization and should be reported in at least two ways: by material risk and by ERM program progression. The risk owners should be reporting in their normal business updates on key issues, such as the material risk outcome target, specific activities that have taken place since the last report, challenges in executing the risk plan, and a trend assessment in the risk profile against the targeted outcome. Periodic reports to senior management on ERM program progression might include progress related to milestones for specific ERM objectives.
In Washington state, one of those milestones is the percentage of agencies that assigned risk management responsibilities to a specific employee over defined time periods. One result shown in a 2011 ERM progress report was self-evident: a liability reserve reduction of $600 million. And an intangible result was that the organization improved its overall risk management capabilities and competencies throughout its 165 agencies.
10. Develop your “soft skills”
How do you “sell” ERM within the organization? First of all, understand the dynamics of your internal market. People “buy” what they perceive to be of worthwhile to them and to their performance objectives. The question you need to be prepared to answer is “what benefit will they gain if they implement enterprise risk management practices?”
There is power in positive persuasion. Focus on the expected positive outcomes for the individuals you want to engage rather than trying to convince leadership that “we have to do this to comply with our ERM policy.” Above all, you need to be an excellent communicator with a specific value message: “Enterprise risk management is a discipline that protects—and creates—value for the organization. By implementing ERM, you personally will be able to deliver results with both tangible and intangible benefits.