There are first steps in ERM implementation. To begin with, appropriate Tone-at-the-Top needs to be set. We already considered this in the immediate past article. Following from that, a sponsor of the project would need to come on-board to steer the ship. This overall leader of the project is what we are considering in this article. He or she may need to appoint a consultant. A roadmap, with clear milestones, should also be produced and a project team constituted.
There are those that opine that implementing ERM, with a project plan as outlined above, prolongs its go-live and therefore a waste of resources. To such minds, it would suffice to just create the ERM function, designate a head and then kick-start it.
Should ERM implementation strictly then be approach as a project? Is there a need to designate a Sponsor? Would it be a duplication of roles to have a project manager and a project sponsor? What key results should the ERM project sponsor deliver? These are pertinent questions we will endeavour to address in this article.
A simple definition of a project is that it is a set of interrelated tasks to be executed over a fixed period and within certain cost and other limitations. Strictly speaking, every ERM implementation involves the design and deployment of interrelated framework components. ERM projects, irrespective of scale, have milestones that are to be delivered within budget. This makes it fit more aptly into this definition. Constituting a project to design and deploy ERM framework remains one very practical way to train and kick-start the function. All these are best achieved within the leadership of an executive sponsorship of the project.
A topic like this becomes very important because the term ‘project sponsor’ is too often misconstrued to mean a money-bag whose main responsibility is to secure the project funds and then show up at the commissioning stage for a thumbs-up. This is a destination syndrome. It is not the picture of an ERM sponsor. ERM projects are implemented to activate a cycle – the risk management cycle – and not to hit a destination. All the well known risk management standards endorse the risk management process as a cycle. This makes ERM a going concern journey. Irrespective of whether an organisation is for-profit or not-for-profit, the picture of an ERM sponsor is one that is meant to champion the design and deployment of a framework and to deliver on the initial risk reports. An ERM sponsor is therefore one that sits on the project to walk-the-talk of management buy-in. He/she brings the sail or sink drive to the project and this often makes the difference between success and failure.
The project sponsor and the project manager will, under preferred arrangements, be working closely from start to finish. ERM projects should begin with milestones that are approved by the management or board. This outlines project deliverables and the turn-around deadlines. The project manager’s responsibility is to make the day-to-day calls on the project. While the sponsor authorises the project, the project manager executes it. It is the responsibility, therefore, of the sponsor to provide clear leadership, secure project resources, ensure project is on time and on budget, engaging the necessary stakeholders and championing of the project at the executive level to secure continued buy-in.
To address the question: ‘what key results should the ERM project sponsor deliver?’ The sponsor should, in the first place, deliver a common language for risk communication in the organisation. It should also deliver the integration of strategy, risk management and the decision making processes of the organisation. The sponsor should, in addition, deliver a process that cascades the organisation’s risk appetite through to core processes’ tasks. It is also part of the sponsor’s call to deliver a clear structure of risk defence system that put risk ownership, risk control and risk audit functions in clear perspectives.
Risk identification is very central in an organisation’s risk management process and the project sponsor should deliver a model. In order for the organisation to properly manage solvency or economic capital, the project sponsor, should in addition, deliver a system for own risk and solvency assessment. This should be a fit-to-size measurement structure for market, credit and operational risks. It should also deliver a model for risk control. Last of all, it should deliver the desired initial risk reports.
Overall, organisations that engage a sponsor in implementing ERM often utilise and benefit from project management. They effectively manage finish-to-start project dependency. They thus allow framework design, for instance, to finish before its deployment starts, the same way land is acquired before a building erection can start. Start-to-start project dependency is also better managed. Objectives setting, as a culture for instance, will be allowed to start before risk identification will start. This way, risk will not be identified out of context. ERM projects do, in addition, manage finish-to-finish dependency. This allows risk assessment to finish before economic or solvency capital measurements can finish, for instance. Start-to-finish project dependency will equally be well managed. The new culture that ERM embeds will be allowed to start before the existing one can finish or be outlawed.
Steve Nkwor MIRM (UK)
