An ERM program should be as useful as a GPS, providing guidance and pointing out potential risks along the way.
When I go somewhere new, my GPS is an invaluable tool.
Before I leave, I can tell it where I want to go (if not from my current location, I give it a new departure point) and when. It will help me understand my options, not only different routes if I drive and how long each should normally take, but how I could travel using public transportation, etc.
This helps me plan the trip.
During my trip, it will help with:
- Projecting my time of arrival. This helps me know whether I am likely to arrive on time (achieve my objective)
- Indicating potential traffic delays, including known road repairs
- Offering alternate routes
- Warning me if I exceed the speed limit
- Letting me know where I can refuel my vehicle or myself (restaurants)
- Telling me of points of interests (opportunities)
- Showing me where I am on my path to my objective
The GPS helps me make informed and (hopefully) intelligent decisions so I can reach my objective safely and on time.
Does your ERM program do as much?
Or is it a list of things that could go wrong that you update every so often?
I welcome your comments.
By the way, by ERM I mean your enterprise risk management program – not a software platform.
He retired in early 2013. However,he still blogs, writes, trains, and speaks – and mentors individuals and organizations when he can.
Latest posts by Norman D. Marks, CPA, CRMA (see all)
- How effective are your systems of governance, risk, and control/compliance (GRC)? - October 19, 2021
- Delivering value from IT audit - September 22, 2021
- Selecting software for risk management - August 18, 2021