I have been prompted by a recent e-mail to try and start a discussion about breaking down the barriers when you are setting up or refining your enterprise risk management framework. Now it may be that none of you can get onto this blog, in which case I am probably wasting my time... However, just in case that is not the problem, I am hoping that many of you will be able to add to this bit of discussion... If you can't, would someone mind e-mailing me to say whether there are technical obstacles to you joining in the discussion...
My view is that much that goes for Enterprise Risk Management these days is overly prescriptive and focussed on process rather than culture. But more than that it also has to have something to say to the managers in the business. So the challenge is to create an Enterprise Risk Management framework that has the right processes, but which goes with the grain of the culture and also is built into the context of the business.
In summary I see this as being a requirement to create a risk intelligent organisation. To me risk management is about bringing a perspective to the management of complicated issues in complex organisations. It is about the management (and not the avoidance) of risk. It helps to prioritise your work and that of others in a fast moving context with an approach that is better than simple intuition and which facilitates communication between people. It is a style of thought, and is definitely not a paper chase.
So where to start? I suggest (but I would wouldn't I) a review of the maturity of your organisation vis-a-vis risk management. I have found that powerful in that it can help management to see where their and their peoples' blind spots are, it can help people to see where they are in relation to their peers and it can help to define very effectively where the initial efforts are required.
But I am going to stop at this point and invite others to contribute (please...)