Forum Replies Created
-
AuthorPosts
-
November 29, 2021 at 3:45 pm in reply to: Member Comments on the Federal ERM Practice Document #13758David TattamParticipant
Thank you for the chance to comment on the draft papers. I come with an Australian perspective and have worked with many Government Agencies in ERM so make comments based on that background.
1. ERM. I concur with John, that a greater emphasis could be made on what ERM truly is as compared to “traditional” siloed risk management. Some thoughts to consider and emphasize may include
1. Risk is managed consistently across the enterprise. This means managing all risks:
a. Using the same framework and methodologies
b. Using the same risk processes
c. Using the same definition and construct of risk, regardless of risk type
2. Risks are managed in the same Enterprise Risk Management System, not disparate, disconnected risk specific systems. ERM should manage all of your risks, Third Party, Cyber, EHS, Fraud and so on, under the one framework and system.
3. All risk processes and related risk data, such as risk assessments, incident management and controls assurance are integrated to allow a complete picture of each risk at any time.
4. Risks are aggregated and collated to provide an overall enterprise risk profile rather than each different risk type being reported separately.2. Use of diagrams and infographics. It maybe useful to intersperse the written word with a number of diagrams that bring the elements together to provide context. For example, to explain the linkages between all of the parts of ERM and how they fit together so that the reader has a complete “jigsaw puzzle” view. I find this is very helpful to assist the reader understand the context.
Altogether a fantastic initiative to foster ERM practices in Government and you should be applauded for these efforts.
Regards
David
-
AuthorPosts