ENTERPRISE RISK
MANAGEMENT
Implementation challenges
Presented by:
Christopher Whittle
Director: RiskSolve International
RiskSolve
Council
• It is paramount that the Council drives the
implementation exercise.
• Councils are responsible for understanding the
nature of the risks significant to their municipalities
and for ensuring that the management is taking
the steps necessary to identify measure, monitor
and control these risks.
Risk Appetite
• What are the significant risks the Council is willing
to take?
• What are the significant risks the Council is not
willing to take?
• What are the strategic objectives of the
municipality? Are they clear?
• Have they been clearly communicated to all levels
in municipality?
Articulating ERM Benefits
Key benefits/impacts of ERM include:
• Improved decision-making, especially in setting
corporate strategy.
• Reduced risk exposure in key areas.
• Improved corporate governance.
• Improved compliance.
• Greater efficiency of operations and profitability.
• More effective business processes.
Defining Risk Terminology
• At a minimum, an organizations needs to agree
on definitions for terms such as risk, risk
assessment, risk management, ERM, significance,
likelihood, inherent risk and residual risk.
• Risk can be defined as "a measure of the
probable likelihood, consequences (favourable
and unfavourable), and timing of a future event
or situation that would affect the company.“
(Felix Kloman)
Risk Maturity And Culture
• What is the current risk maturity level;
• Where do you want it to be? (in relation to size
and complexity of municipality?)
• What is the prevalent risk culture?
• What are the findings of the Auditor General; and
• What communication and training strategies are
required?
Selecting A Framework
• It is important for the municipality implementing
ERM to understand at least some of the vast body
of knowledge related to ERM so that management
can make intelligent decisions about how best to
implement it.
• Such decisions include selecting an appropriate
risk framework and adapting it to the needs and
inner workings of the municipality.
Risk Management Framework
• Risk management policy and standards
developed in line with organisational realities and
strategies
• Risk reporting structures and accountabilities
(integrated into existing structures)
• Clear training and communication plan taking into
consideration risk culture and maturity
Deploying Technology
Effectively
• Quality of an ERM implementation depends on
the people and programs and not just technology.
• Ensure risk management packages uses a
methodology that is tailored to the framework
the organization has chosen.
• First implement manual systems
Integrating Strategy And Human
Resources Into ERM
• It is important to integrate both strategy and
human resources (HR) into the ERM process.
• From an HR perspective, specific goal-setting tied
to the success of ERM must be part of an
individual's performance management plan;
without this, the implementation exercise may
fail.
In summary
• Council buy-in and leadership is a prerequisite;
• Understand the culture and current practices;
• Ensure accountability and performance
management;
• Only use software once processes have been
embedded;
• Ensure that the risk management framework is in
place; and
• Support implementation with good
communication and training.
RiskSolve
“The risk mitigation frontier”
Contact Details:
www.risksolve.net
Christopher Whittle
Tel: 082 771 8833
info@risksolve.net
www.risksolve.net