Having delivered in excess of 100 Enterprise Risk Management (ERM) engagements with clients ranging from the largest global companies to small private enterprises, we have seen first hand how the building blocks of a successful ERM framework need to be made bespoke to be fit-for-purpose: too detailed, jargon-filled or bureaucratic and they may be ignored or treated by staff as a tick-box activity; too simplistic and they may not deliver full value. Regardless of organisational specifics, there are however a number of common motifs and good practice principles that are pervasive to ERM design and these should be inherent as a structural foundation.

 

A common determinant in the successful adoption and use of ERM by an organisation is tailoring the design of the framework so that it aligns with the cultural ways of working of the business and meets differing internal (and external) stakeholder analytical and intelligence needs. In practice, this means that the scope and complexity of the ERM framework and its underlying components should integrate with and reflect both stylistically and content wise the structure of other core management systems and associated process documentation and templates. 

 

Simplicity is often desirable in approach and outputs, but this should not come at the expense of rigour in approach or benefits will not be fully realised, so striking the right balance between pragmatism, accessibility and thoroughness is key and this will vary depending on the size and nature of the organisation and its associated risk profile.

 

To support clients with their development of good practice ERM framework components, we have created a library of documents, methodologies and templates that can be used to provide cost-effective support and guidance in developing an organisation’s ERM activities. These materials can be used to fast track development of ERM, provide a good practice standard, as well as streamline external consultant spend so that support is applied to areas where it is most beneficial. 

 

For some organisations these documents may require little changes to be useable; others may want to tailor them to their specific circumstances and we can advise how to do this or execute desired revisions on your behalf. Outlined below is a sample of the constituent parts of our ERM library that are commonly used and requested by clients. Please contact Matt Elkington (matt@mercandco.com) to discuss access and any questions you have.

 

MERC & CO's ERM document Library (examples)

 

• ERM framework design (various structures, aligned with international ERM standards)

• ERM governance and accountability descriptions e.g. Risk Committee Terms of Reference, Role descriptions

• ERM policy - concise and detailed versions

• ERM process methodology - general user and practitioner versions, including objective risk assessment criteria, control / mitigation design, facilitation of ERM workshops etc.

• Fully annotated Risk Register and Loss Events register (Excel template)

• Risk reporting templates (multiple design options)

• Risk appetite articulation methodology

• Key Risk Indicator (KRI) development methodology 

• Emerging Risk analysis methodology 

• ERM training and communications materials (concise and long-form)

• ERM system / management / staff KPIs