In 2009, BPS Resolver surveyed over 2000 risk professionals on the state of enterprise risk management initiatives in their companies. It seems that a full 30% of responders to our survey indicated that they planned to be rolling out new or enhanced enterprise risk management programs in 2010.  In 60% of the cases, the biggest driver for the risk management efforts are demands by the Board of Directors for visibility into the company’s risks and what the company executives are doing about these risks. The greatest consideration for most ERM champions, resulting from these demands, remains the quality and consistency of data and the efficiency with which it needs to be gathered. When asked how to achieve this, our responders offered the following five most popular pieces of advice:

1. Ensure you consider the overall ERM strategy so that it is a sustainable, recurring process rather than doing it piecemeal.  Avoid the temptation to direct your efforts into a “big bang” report for only part of the business. This is particularly important if this effort prevents you from revisiting the business area for years to come.
2. Carefully consider the link between business unit or department risks and enterprise level risks.  The roll-up can be very powerful and convincing and is worth the effort.
3. If you are conducting workshops to better identify and measure risk, consider the use of voting technology to enhance efficiency and build consensus among the participants. Have this information transfer into a Risk Repository. This allows you to build a decentralized program that pulls information from the business units rather than the central team chasing them via email.
4. Knowledge of your industry is vital when selecting a consultant. The language and culture of your industry and even your particular company is a critical tool in ensuring that people are thinking about risk in the right way.  Equally as important is the ability to translate your enterprise risk management program into meaningful real-life scenarios for your business.
5. No executive or board level enterprise risk management report is complete without a view into the root causes and what is being done (or could be done) to prevent them.  Boards of directors are looking for the simplest possible way to understand their top issues and assess if the company is applying the right amount of focus or coverage. Many risk management reports look impressive but ultimately fail the “so what” test (nice heat map – so what?).