The Growing Importance Of Enterprise Risk Management
Throughout the Fall of 2008 I had the opportunity to speak with a large number of professionals that work for or directly support executives responsible for compliance and risk management endeavors – such as Chief Risk Officers. I learned a few things that may impact your 2009 and 2010 plans for information management technologies such as business intelligence, business process management suites, and enterprise content management.
1) Boards and CFOs will prioritize initiatives supporting their enterprise risk management efforts. I asked what their top priorities were for 2009, and every one I spoke to claimed improving their risk management efforts in their top 3. And many said this was in direct response to their Board of Director’s audit committee. In addition, a recent CFO Research Services (part of The Economist Group), accessible here, noted today’s economic environment has finance executives more concerned about their risk management practices than their ability to access financing. Poor enterprise risk management programs can also have a negative impact on corporate ratings as Standard & Poor’s announced it will incorporate enterprise risk management into their discussions with any rated company – this includes non-financial enterprises.
2) They will focus on driving risk management into business decisions. Risk management is not new. Enterprises have internal auditors, Chief Risk Officers, and others responsible for risk identification and management. However most of those I spoke with noted they were not as effective at driving risk management into business decisions, performance metrics were not often compared with risk metrics.
3) They believe technology’s fundamental to helping them succeed. However they’re not quite sure what technology is important to them. Risk comes in many forms – such as operational, financial, credit, brand, environmental, legal, and information. Frankly, no one solution can cover them all. While purpose built applications for business performance management and governance, risk, and compliance platforms do exist, those I spoke to acknowledge these solutions represent the tip of the iceberg when it comes to supporting their efforts to identify, monitor, measure, and communicate risks to their peers, management, and board of directors. Many of them believe they’ve underutilized technologies such as business intelligence and document management to support their work.
What it means for information and knowledge management:
The challenge of supporting enterprise risk management efforts presents opportunity for technologies such as business intelligence, business process management suites, and enterprise content management. We’ve witnessed initiative after initiative fail to live up to expectations largely due to adoption issues or a misalignment of expectations, which often results from too little understanding of how business people need to work with information. But the high need given to supporting enterprise risk management efforts can give information and knowledge managers an opportunity to:
1) Understand the business context of an important role – those responsible for risk management. Now is the time to get to know those responsible for internal audit functions and those that work in the office of the Chief Risk Officer. Ask questions to help uncover their business context – look to uncover what information they need, how they use it, and what processes it supports.
2) Redefine how information management technologies provide value to the enterprise. There’s no question you can define business cases around information management technologies that help remove costs from the organization or make people more productive. Yet business people can still question the value these initiatives claim to create. But, as one VP of Internal Audit told me, "Improving our credit rating, that’s real value."
Be proactive. Meet with your peers in audit and risk management roles to uncover how information management technologies can help them succeed. Given what I listened to last Fall, a case for supporting a strategic business endeavor such as enterprise risk management can have a longer and more positive impact than more tactical incremental productivity gains.