IERP® Team No Comments

What It Takes To Get Buy-In

During IERP’s Tea Talk held on 13th March, presenter Anita Esa opening comment of…

During IERP’s Tea Talk held on 13th March, presenter Anita Esa opening comment of ‘Haven’t we done this before?’ amused her audience. What she meant was that the topic of the Talk, ‘Overcoming Challenges in Obtaining Buy-In of ERM Implementation and Practices’ has become a well-worn, oft-discussed issue among practitioners – but it remains relevant because it remains an issue in many organisations.

The Talk, the third to be organised so far for 2020, is one part of a series of events which IERP holds every month to provide a platform for practitioners and new entrants to the Enterprise Risk Management (ERM) industry, enabling knowledge, pointers and experiences to be shared and openly discussed within the peer group.

Getting buy-in for ERM is a challenge for anyone who has ever been confronted with risk. In most cases, this is the organisation’s Chief Risk Officer whose role is mostly always questioned, until a crisis hits – and then the CRO is inevitably (and unfairly) accused of sleeping on the job! But there are no set methods for risk, no generic processes to follow, pointed out Anita, Head of Group Risk Management of the pharmaceutical giant Duopharma Biotech Berhad. “Risk management has to be customised to the organisation’s needs,” she stressed, adding that only the organisation itself will truly know what is at risk.

In any organisation, there are people who perceive risk management as unnecessary, inconvenient, and take up too much time and resources. As disheartening as this may be, she urged those who have experienced it to persist with getting buy-in by providing something important at the appropriate time, to illustrate the relevance of managing risk. The incident itself can be used as the starting point to kick-start meaningful, in-depth dialogue on Enterprise Risk Management.

Using the Covid-19 pandemic as an example, she suggested that those in charge of risk in their respective organisations should initiate discussions on how local production could be impacted by supply chain disruptions. You should also do a simulation of a plant closure and what the impact will be,” she continued. “Tests can be made of how the firm tolerates this kind of situation, and how relevant ERM is. Sometimes the best way is a trial by fire! For instance, do you know what to do if infected staff members are identified? The risk department is giving value to the management when it is able to provide ‘a pandemic response plan’ to tackle such situation. You get buy in when you are able to show how you can assist others.

The best way of getting buy-in from Top Management is through quantifying the savings that can be made by implementing ERM. This can be achieved by having all investments supported by thorough risk assessment practices. For example, when purchasing production machines, the risk assessment should include a bird’s eye view of the whole organisation’s utilisation of similar machines. One can be surprised from the results of the assessment, and which could lead to a reduction of costs from the initial proposal.

The sharing of ‘lessons learnt’ from various departments is another way to win buy-in from middle management. These should be proven in-house case studies that illustrate how better risk assessment is the best solution to a smoother process and to using fewer resources to achieve goals.

“With ERM, it is a case of the more the merrier – the more people are on board with the same goal, the easier the buy in. In this case, the other departments focusing on strengthening “controls’ are usually concerning the Audit, Quality Control & Assurance, Safety, Health & Environment, and Legal areas. Join forces and share findings. The reason is, each department may be looking at the same issue – but from different angles and perspectives, which can be a real eye-opener for everyone,” Anita remarked.

Despite the serious implications of ERM, she added that fun and innovative ways can be utilised to raise awareness, and increase acceptance, such as old-school poster design competitions and knowledge quizzes to encourage people to participate (with prizes related to the latest craze in town!) to enhance their understanding of the subject. This is an effective buy-in method for staff on the operational level.

Those involved in raising risk awareness levels in their organisations should apply measures related to the different levels of their organisations, to be heighten effective. Top management is more inclined to listen if they are made to realise that the application of ERM can lead to a cost-savings, while more creativity may be needed to win over middle management and operational staff.

In conclusion, she stressed that ERM can gain traction in organisations providing the people responsible for risk demonstrated that it could provide the wins that the organisation needed. In addition, it was doubly important to focus on how much the firm could save through the implementation of ERM. Finally, ERM’s utility extends to improving the company’s understanding of itself, and the strengthening of its common goals. Apply creativity, engagement and innovation to increase acceptance of ERM!