Five Steps to Implementing Enterprise Risk Management in Your Organization

by Bennett Quillen

1. Define the risk and evaluate the need for enterprise risk management (ERM). Plot your organization’s goals, main purpose, internal and external business partners, etc., to surface the risk. Then determine how your organization could benefit from an ERM program.

2. Research and decide on an ERM framework. First, find out if your organization must comply with pre-established ERM standards. If not, analyze and compare all major standards and frameworks, taking into consideration which works best for your organization’s specific risk and needs.

3. Communicate the importance of ERM, and get all employees on board. An ERM program cannot be successful without complete organizational cooperation. Ensure that you are calling on stakeholders across the organization—internal audit, legal, accounting—and consider creating a risk management committee.

4. Manage the risk in your organization. This step can be overwhelming, so it is best to start by prioritizing the risks and treating the biggest issues first.

5. Report your progress to the organization. In order to maintain organization-wide support for your ERM effort, ensure that you communicate its progress. This can be done through company newsletters and bulletins, and/or progress reports that show the difference the new ERM program is making for your organization.

About the Author: Bennett Quillen is an associate consultant for Cornerstone Advisors, Inc., in Bellevue, Washington. He has more than 35 years of experience working with financial entities as an operations and risk management executive.