Have you ever been on a committee that accomplished little to nothing? A committee of any kind can either be a total inhibitor to productively moving forward or an actual contributor to success. From an Enterprise Risk Management (ERM) perspective, the success or failure of a risk committee heavily depends on clearly defined committee roles and responsibilities and the passion, commitment and ERM understanding of the committee chair.

Gregory DL Morris recently wrote an article in Risk & Insurance Online exploring the connection between BP’s April 2010 oil spill and enterprise risk management (ERM). The article suggests that the oil spill resulted from a lack of enterprise risk management and concludes that companies should use the spill as motivation to increase their own risk management to avoid a similar crisis. Below is a small excerpt from Morris’ article, featuring a quote from The ERM Coach, Larry Baker:

“Even as ERM comes under scrutiny, one practitioner said it is important to remember what ERM is and is not. ‘ERM is not designed or intended to protect us fully from problems,’ said Larry L. Baker, managing partner of enterprise risk at CFR in Tulsa, a large independent broker in Oklahoma. ‘ERM is designed to protect the current value of a company, and to enhance its value in the future.’

With so many things shaking up our world right now, it is understandable why many of us become overwhelmed with looking into the rear view mirror as we “resolve issues” more so than keeping our eyes on the road ahead. The unfortunate, large-scale natural disasters during the last few years have served as a chilling reminder of the need to be adequately prepared and equipped to swiftly respond to a crisis.

One of the benefits of not being an ERM pioneer is that you can glean from the knowledge and experience of those who have gone before you. Within the last few years, more companies have successfully implemented ERM and now offer insights into the best practices and pitfalls of the process. Below are common pitfalls discovered by companies that have already blazed a trail:

Management sometimes assumes that when they have identified and summarized the top risks to their organization through a Strategic Risk Assessment, they have implemented Enterprise Risk Management (ERM). This is simply not the case. A Strategic Risk Assessment is an important component of ERM – many times used as a starting point – but should not be considered a final destination. Even a sustained process to identify, analyze, and manage strategic risks, sometimes referred to as Strategic Risk Management, should not be considered an end target for ERM.

Many organizations have failed in their implementation of Enterprise Risk Management (ERM) because of unclear objectives, value drivers and management expectations. What is important to your board may not matter as much to your management team and vice versa.

The goal of the ERM process is not to create a separate Strategic Risk Assessment “silo” that operates independently of the other functions of the organization. The goal is to create a framework that allows integration, continuous assessment, and aggregation of risk information across the organization by using many of the risk management processes that are already in place. Board comfort with the risks of the organization is not achieved through simply presenting the results of a Strategic Risk Assessment showing the top 5-10 risks based on management’s opinions. Appropriate board comfort is created through a continuous ERM process that provides in-depth detail on the risks, including effective measurement and monitoring of the key risks.

One of the defining characteristics of Enterprise Risk Management (ERM) is that it encompasses all risk categories (financial, operational, compliance and hazard) across all levels of the organization (strategic, business and process) as illustrated in the table below.· The goal is to move beyond a “silo” scope of risk to a comprehensive, fact-based scope of risk that enables management decision-making.