Regarding ERM and the risk assessment process in general, I take a page from H.D. Thoreau: “…Simplify, simplify.” The ERM process does not have to be complicated, just comprehensive and on-target. Risk assessment sessions with key employees are absolutely vital to the process. In these sessions, specific objectives will be documented and inherent risks will be identified, without considering any controls in place to mitigate risks.
I am a dedicated believer in function over form. The most efficient approach for a successful ERM is to introduce risk management theories using a practical approach and creating ERM documentation that is easily understood and maintained. A successful ERM is an iterative process and it requires input from the experts in your institution – your employees.
My responsibility is to draw from the knowledge of your experts. The risk assessment process may be a new venture to many, but with a practical, enthusiastic approach to the theories of risk management, the sessions discussing risks will be informative, efficient and extremely productive.
A successful ERM effort begins, yet never ends. The fundamental elements of risk management and risk assessment should be incorporated into strategic planning, project management and into the daily operation of a business or institution. The ERM process offers significant benefits and it can be infused into an institution’s current culture with very little stress and pain.