Okay, this is difficult for me – to think that I might have actually made a mistake! Those of you who know me well realize that I seldom if ever make such a statement. For example, there have been instances when speaking at conferences a participant suggests that a statement I’ve made might not have been entirely accurate, and my response is not “oops, I made a mistake,” but rather “I might have misspoken”!
Relevant to these self-observations is that years ago in advising clients and otherwise communicating with the business community, I believed that while it was challenging to implement enterprise risk management effectively, it could be done without use of advanced technology. Well, my thinking has evolved as to the need for an effective software solution. It’s true that in mid-size companies (I generally don’t work with smaller organizations) that were centralized with few levels of management I saw opportunities for enterprise risk management to work successfully with protocols that didn’t necessarily require use of specialized software. Effectively addressing risk factors in each operating and staff unit at every management level, with highly effective information sharing and communication, made ERM workable.
But over time I’ve come to recognize that the above scenario is extraordinarily rare or non-existent in companies of any decent size. With increasingly challenging economic, regulatory and competitive environments, fewer personnel stretched thin and channels and markets rapidly changing, the need for effective software becomes essential. Otherwise, the ability to capture all significant risks related to business objectives and related mitigating actions and control activities becomes difficult if not impossible. And coupled with a need to track assignment of responsibility to specific personnel and manage accountability – along with effective communication across organization layers and business units – specialized technology becomes that much more important. And when we superimpose a need for senior managers to readily obtain relevant risk-related analyses with dashboards with drill-down capability, then it’s a no-brainer that the right software solutions is essential.
Well, maybe things were simpler in the “old days,” and it’s only time and circumstances that have changed, rather than my sense of what’s required for effective ERM implementation. I hope you’ll let me leave it at that!