INTRODUCTION

Implementing ERM is a time- and resource-intensive undertaking—a multi-year effort that requires foresight, dedication, and patience. Whether the project is the company's first venture into enterprise risk management or the latest iteration toward a more comprehensive and mature program, it will not happen overnight.

The implementation process involves an important balance between “hard” and “soft” efforts. On the hard side, the company must develop the ERM infrastructure: Formalize the policies, governance structures, systems, and processes. On the soft side, the implementation team must obtain buy-in and address change management requirements: Keep key stakeholders at every level supportive, committed, and engaged. Too much focus on the hard elements may create apprehension and pushback, which can lead to difficulty in adopting and integrating the program. If the team is overreliant on the soft elements, the resulting program could lack repeatable processes such as effective governance and adequate reporting. This can result in a lack of accountability and ownership, resulting in a program that is neither sustainable nor effective.

BARRIERS TO CHANGE

While effective ERM can add substantial value to the board and management in improving business performance, natural tensions and conflicts can represent significant barriers to sustained change and enterprise-wide adoption. Let's consider some of the common barriers in order to provide ...