#73 – NO ONE IS REALLY APPLYING ERM AND I THINK IT’S A GOOD THING! – ALEXEI SIDORENKO

Posted on by

AAA SIDORENKOThis is my personal opinion based on 11 years in risk management across 4 countries with different legislations, cultures and risk environments, so please be patient and try to make your disagreements less violent 

Also all my comments relate only to real sector companies, not Financial Service.  
Over the years I came to a very interesting conclusion: 
-risk management has always been multifaceted (safety, financial risks, environmental, supply chain, financial reporting, IT risks, etc are all managed by different groups of people, sometimes even with different methodologies).

This has been done for years and not many people really seem to question the need or the value it provides.  Creating the ERM on top of that certainly raised the profile of risk management but also created many questions regarding the value.

I have seen probably over a 100 companies that attempted to implement ERM, none were trully succesful.  Common pitfalls included: risk register quickly became outdated, not able to capture the changing daily nature of the risk environment, risk owners failed to take responsibility, budgets and business plans were set and agreed without due consideration to risk, business decisions were made every day before risk analysis was undertaken, etc.

Now since, I am a good risk manager that was a big red flag that got me thinking.  In the end I came to conclusion – ERM has outlived itself.

Centralised risk teams, centralised risk registers, quarterly risk reviews, risk reports (pretty much everything most companies do today in terms of ERM) are all things of the past. Instead I believe:

  • risk management should be an element of every single process (no separate risk register –>
  • part of the business plan, no separate risk report –>
  • risk analysis in every single management report, no project risk register –>
  • NPV@Risk, no separate risk training –>
  • risk training as part of induction, management competency upgrades, no risk meetings/workshops –>
  • risk discussed during operational meetings, no separate risk management framework document –>

Different elements of risk process and principles documented in stragegic planning procedure and about a dozen other documents)
- risk managers should become the center of knowledge about all kinds of risks within the organisation and use that information to support day to day decision making, have veto power for certrain risky decisions even.

Bio:

Alexei Sidorenko.  Head of Risk at Rusnano.  Please linkedin profile and www.risk-academy.ru for additional information.

Leave a Reply

Your email address will not be published. Required fields are marked *