The Compelling Case for an ERM Mission Statement

Risk is best defined as the “effect of uncertainty on the achievement of objectives.”

The successful management of risk, therefore, is integrally connected to the achievement of the company’s strategic objectives.

Enterprise Risk Management (ERM) is an essential discipline that all companies need to install, embed, and inculcate into the organization, in order to:

  • Set risk priorities and actionable resource allocation.
  • Uncover organizational weaknesses.
  • Expose hidden, value-add opportunities to exploit.
  • Assure the active and continuous process surrounding the management of risks, since the universe of company risks doesn’t manage itself.
  • Enable the timely flow of risk information to all company stakeholders
  • Gain support from organizational leadership (people with a true and holistic view of company) since those individuals are the key decision-makers who establish budgets and allocate resources.

As a vital first step towards the establishment of a robust and meaningful ERM program, all companies should develop and agree upon a mission statement for that critically-important discipline of ERM, one that:

  • Explains the here-and-now (not aspirational) purpose of ERM
  • Centers on actionability, not empty buzzwords or jargon
  • Is succinctly expressed, intent upon inspiring understanding, consensus and transparency
  • Combines ERM strategy with its tactical execution

To address all those points, how about considering adoption of this concise mission statement, one that ties together the “what” with the “why” of ERM?

“Enterprise Risk Management (ERM) is the process to identify, assess, mitigate and monitor all enterprise-wide risks that might impair the company’s ability to achieve its strategic business objectives.”

Every word matters in this ERM mission statement. It is boiled-down, simpler-is-better, with eyes always on the ERM “reason-for-being”.

Specially, the ultimate goals of the ERM mission statement are to:

  • ensure ERM is given its full importance within the organization, not perceived as an adjunct to other corporate functions, like Compliance or Internal Audit
  • establish ERM as a pragmatic and usable regimen, not some stand-alone, academic hypothesis, to realize its maximum impact
  • pinpoint the risk register – covering the universe of all enterprise-wide risks – as the centerpiece and starting point of all ERM activity
  • underline the iterative, four-step tactical execution process (identification, assessment, mitigation and monitoring) associated with ERM and that company risk register universe
  • meld together the ultimate strategic importance of ERM in ensuring that the attainment of key high-level company objectives (e.g. earnings performance, capital adequacy, liquidity, reputation) are best promoted

Quite simply, the engine that drives a powerful ERM mission statement is the risk register.

Toward that end, ERM One™ is a revolutionary, yet straightforward, risk register application the DoubleCheck LLC has, over time, been privileged to learn from its clients.  ERM One™ is out-of-the-box tool that delivers an integrated ERM process together with a comprehensive, high-level categorization of exposures (Financial, Core Business, Operational and Strategic), fully loaded with over 60 pre-populated risks to be used as a starting point for the risk register.

In short, ERM One™ incorporates into one, intuitive turn-key risk register product the best-practices tools and content to help optimize ERM and thereby put your firm on a path to achieving its strategic business objectives.

About the Author:

Michael Cawley is a risk management executive with a 35 year record of broad and diversified accomplishment in the strategic and tactical elements of corporate enterprise risk management (ERM). He performed day-to-day development and execution of a risk management program that covered all elements in the identification, assessment, mitigation and monitoring of all exposures within the corporate risk universe. Specific experience involved being a corporate risk manager for a service-related conglomerate (15 years) and then a biopharmaceutical manufacturer (10 years) before assuming an ERM governance and disclosure leadership role (10 years, through 2021) for a major worldwide financial entity. Currently, Mike serves as a Subject Matter Expert (SME) in an advisory role for ERM Best Practices for the advancement of DoubleCheck’s new ERM One™ application.

Newsletter Signup
Interested in being informed when a new blog post is released?

Leave a Reply


DoubleCheck ERM One™

An out-of-the-box tool that delivers an integrated ERM process together with a comprehensive, high-level categorization of exposures (Financial, Core Business, Operational and Strategic), fully loaded with over 60 associated, pre-populated risks to be used as a starting point.