How to use the Enterprise Risk Management guide

[edit] Introduction

Are you doing everything you can to help your company succeed? Here's how to check.

Do you work for a commercial company? If so, you may be at least a little anxious about the frequent reports of company failures and the consequent impacts on the work in progress and on the staff.

Are there ways in which the risks of companies failing could be mitigated, so as to give greater chances of long-term success?

This is what enterprise risk management (ERM) is all about. For successful implementation, it needs companies to have a single focus on risk at a senior level, and a culture where every member of staff is clear about his or her own responsibilities to identify and report risks.

Many companies believe that they already have a sufficiently good risk-management system in place. But is it true? If you wish to check this for your own company, ICE's short guide sets out a number of critical questions to ask.

[edit] Is it time to move to a more comprehensive ERM framework?

If you’re not satisfied with the answers, it may be worth considering a move towards the introduction of a comprehensive ERM framework. Some organisational and cultural changes may be necessary, internal reporting systems may need to be strengthened, and a specialist in risk management might have to be recruited.

For the culture within the company to be a success, staff members need to work in the knowledge that they will not be blamed when things go wrong, although they will be held accountable for their actions or lack of action. They need to know that top management is relying upon them as its eyes and ears, and will welcome reports from them.

Sometimes staff members are afraid to report problems because they might seem to be being critical of their own bosses, and training needs to tackle this issue head-on, so that bosses have the right attitude when such a report is made.

Staff also need to know that risk management is about the scope for variation of future outcomes and that this includes upward as well as downward variation, so suggestions from them about new opportunities will always be welcome, even if the suggestions prove impracticable.

[edit] The journey to improving risk management

Improving risk management in a business is a journey. The first step is to review existing practices. The next step is to decide whether there are desirable changes which could be made without a great deal of effort, to go part of the way towards full ERM. Once these changes have been made, consideration can be given to whether there is a need to go further.

If you’re a senior manager or board member, you probably already have a shrewd suspicion that a review of existing risk practices might be worthwhile.

If you’re working lower down the organisation, you’re probably well aware of risk issues in your own part of the business, and perhaps you might be able to discuss with a more senior colleague whether these issues could be reviewed in the context of the risks facing the business as a whole.

Whatever you decide to do, you may well be able to influence an improvement in your company’s chances of prospering, or even its chances of survival.

This article originally appeared on the Civil Engineer Blog portion of the ICE website. It was written by Chris Lewin and published on 5 August 2021.

--The Institution of Civil Engineers

[edit] Related articles on Designing Buildings Wiki

• Enterprise in the construction industry.
• Enterprise resource planning ERP.
• ICE articles on Designing Buildings Wiki.
• Risk management.
• The Project Management Institute guide to strategic risk management.

[edit] External resources

• ICE, Enterprise risk management (ERM) Short Guide.