Malzahn Strategic - Minneapolis, MN skyline

What it Takes to Lead ERM

What it takes to lead ERM

What it Takes to Lead ERM. Talent – the people side of the story. I refer to talent in two ways. First, the employees in your company are referred to as “the talent.” Second, each employee has “talents.” The questions are, do you have the right talent in your organization in order to succeed? And also, do they have the right talents to take your company to the next level?

Enterprise Risk Management ( ERM ) is a unique niche. It’s scary and intimidating for many. It’s easy and makes complete sense for some—like those of us who have experienced it first hand and who also appreciate what it does to a company and for a company. I first took an interest in ERM because of all the natural disasters I have lived through in my life. Those experiences made me be “risk aware” and also taught me to always have a backup plan for everything I did. That behavior became part of who I am, which made me an excellent candidate to become the first Chief Risk Officer of the bank I helped start back in 2005 when the bank was only $250 million in assets.

Community banks and credit unions, and any organization for that matter, need to choose the right person—the right talent, to lead the ERM program efforts successfully. In addition, this person needs to have the right talents to succeed at this role. Some of the talents that this person needs are:

Leadership: Undertaking the effort to create and maintain an ERM program takes, most of all, leadership skills in order to succeed. ERM leaders will need to “gather the troops,” sell the idea that, together—as a whole—is the only way the company will maximize their efforts to protect their company. Good leaders create successful teams.

Communication: ERM leaders need to be the “central station” for this program to work. They need to communicate at all levels and with all constituencies so everyone feels included and “in the loop.”

Empathy: ERM leaders need to understand that when they start asking questions, the other division leaders may feel challenged, questioned, and inadequate to respond to their requests.

Patience: ERM leaders need to be very patient for the entire organization to follow and become risk aware. They will need to educate, educate, educate—everyone. It starts with the Board of Directors by introducing them to the concept, obtaining their approval to start the process, and to make them aware of their liabilities in regards to ERM. Then they need to initiate the training program with the leadership team and then the entire staff. They don’t have to do the training, just coordinate it and bring the experts in.

In addition, ERM leaders need to have experience and skills developed during their careers. For example:

Project Management: They will need to lead a broad, company-wide project. Having experience in leading previous large projects will help tremendously.

Communication skills: I referred above to Communication as a talent, meaning the risk leader needs to include everyone and make employees feel part of the bigger team. Now I’m referring to the skill of communicating well, presenting well, writing professionally (good grammar and spelling), and representing the organization with regulators and all constituencies.

Organizational skills: In order to establish a complete and comprehensive ERM program, the leader has to be very organized. The ERM program is multi-dimensional and thus it’s built with certain foundational components, in various layers, and in a specific order. Otherwise, you will end up with silos—just as you started. For example, Risk Assessments need to be created with the same assessment criteria so the entire company understands what the levels of risks mean.

Board Governance Experience: It is important for the ERM leader to know how the board works so they can present and educate the directors on what they need to learn—what their liabilities are, what they need to approve, accept, adopt, or vote on—during the process. ERM leaders will need to work with the Board of Directors on an ongoing basis as they present updates on the program, incorporate training in their meeting agendas, and introduce the various components of ERM.

Finance Experience: It is useful and helpful for the ERM leader to understand the finances of their organization. Knowing financials will help them identify Key Risk Indicators (KRI’s), Key Performance Indicators (KPI’s) that can also be used as KRI’s, work with the Chief Financial Officer ( CFO ) and Chief Information Officer ( CIO ) on ERM related cost projections. For example, if the institution (or any organization) needs to invest in technology to either upgrade their systems or to improve the safety of customer data (or to provide new products), the Chief Risk Officer (or ERM leader) works with the CIO on the technology aspect, and also with the CFO on the financial aspect. In addition, the Chief Risk Officer works with the President and/or Chief Executive Officer ( CEO ) on the strategic aspect. The point is that they would work together as a team.

My favorite and most rewarding aspect of creating the ERM program for the institution I helped start was the people side. Using the talent I had (the people) and maximizing their talents (their gifts). In the end, the ERM team members learned so much from each other. They learned to appreciate each other more, learned about other unrelated areas to their daily jobs, learned how important it is to be aware of all risks at all times, and most importantly, they learned to work together for the good of the entire company—as one team.

If you are a bank president or director on a board, I encourage you to seek for the right person (talent) as your ERM leader. Choosing the right person is key to the success of your organization’s ERM program. If you are the ERM leader and have what it takes to lead ERM, I encourage you to grow in these areas and seek outside expertise to help you create or strengthen your current ERM program. Take pride in your position at your institution. You are valuable and a key member of the team!

Embracing ERM Is Crucial to Protecting Home and Work

Embracing ERM is Crucial to Protecting Home and Work

Embracing ERM Is Crucial to Protecting Home and Work. Picture your house in your mind. Think of all the doors and windows you have in your home. Are they all secure –at all times? (Not just when you go on vacation for a few days or simply away for the day but also when you are in the house.) Who is watching over each window and door in your house? Who ensures there are no threats to fires or floods on a daily basis? What measures have you taken to ensure your house is safe for your family to live in? Is everyone in your household aware of the potential threats and events that could occur in your house? That’s what Enterprise Risk Management ( ERM ) is all about.

Just as you try to protect your assets at home, you need to protect your business assets with the same level of awareness and care. Enterprise Risk Management, at its simplest form, is “an ongoing process to protect all business assets while achieving the organization’s vision and mission.” That’s my simple, personal definition. I thought of making the analogy of your home because you live in one. You are aware of the ever present threats that surround you. For example, the threat of a house fire if you’re not careful in the kitchen, with the grill, smoking in the house, or an electrical fire due to a malfunctioning appliance, is a real, daily threat. Then there is the threat of a flood due to an issue with an appliance or a plugged toilet or sewer. There is also the threat of theft—an intruder coming into your home and stealing physical things—the old fashion way of stealing. And, of course, there is nowadays the constant threat of identity theft and hacking into your personal accounts. Everything that can happen to your personal life can also happen to your business.

My point is that when you treat your business with the same care and have the same awareness as you have with your personal assets, your perspective changes with ERM at work. Even when you are not the owner of the company, you can learn to treat it as if it is. The moment you do that, you start asking yourself several questions such as, “Who is actually looking out for this department or that area of the company?” or you start realizing that “My area can be affected by that other area if something happens to them.” Other thoughts could be, “Wow! I didn’t know how important that department is to the survival of the entire company.”

In your home, you establish precautions, train the kids who to call and what to do in case of an emergency, create some routines such as going around the house at night locking all the windows and doors. Similarly, in your business, you establish “mitigating factors” to mitigate and hopefully eliminate some risks and you establish policies and procedures to protect your company assets from risks.

There are many articles and information about Enterprise Risk Management these days. Instead of looking the other way or saying you’re tired of hearing about it, or thinking that it doesn’t apply to your area of business, I encourage you to embrace the concept. Embrace ERM. It’s not going away and it applies to your company, not just community banks and credit unions — for profit and nonprofits alike.

A way of embracing ERM is to learn about it and not be intimidated by the term. Every company has risks. Becoming educated and then ensuring everyone in the organization is “risk aware” will ensure your company’s success in years to come. If your organization does not currently have an ERM Program, I encourage you to seek outside expertise.