July 8, 2019
Enterprise Risk Management for the Boardroom
By L. Randy Marsicano, NCRM, CRISC, Professional Services Senior Manager, WolfPAC Solutions
Have you ever felt challenged while preparing for an ERM program presentation? Ever had one go badly?
Enterprise Risk Management, by definition, is a process itself, so the reporting of your program’s results by default is also considered a process. Your success in reporting engaging and simplified results has less to do with which report you choose to present than it does with better understanding your audience and how they consume data. Wouldn’t it be great if, during your preparation, you understood how to build a “reporting” narrative tailored to your audience’s consumption of information, in an organized and engaging manner? To do so, you’ll have to start by getting past some of the common myths surrounding ERM presentations.
Myth #1: All Communication is the Same
Imagine your car suddenly makes a funny noise. When you make an appointment with your mechanic, you describe the situation in great detail and participate in a mutual negotiation of what needs to be fixed, the timeline and acceptable payment terms. Now imagine updating your spouse on the car situation. Will you go into that same level of detail? Probably not. You may simply state that you had an issue, weighed out the potential solutions, agreed on a price and ask for a ride home! Take this scenario one step further – imagine explaining the same situation to your boss. Wouldn’t you simply say “My car is in the shop, I’m working from home today and am available on my cell if you need me”?
The same situation is described, but presented very differently depending on the audience and how they consume information. If you can get your head around that, you may also agree that you communicate ERM program results differently with the first line of defense, second line of defense and your board.
Myth #2: All People are the Same
In 1924, lawyer and psychologist William Moulton studied the concepts of will and a person’s sense of power, and their effect on personality and human behavior. Through this research, the DISC profile emerged. Today, we can benefit from understanding different personality types and how they consume information. At a high level, four DISC traits have been identified, each with their own communication style:
- Dominance (sometimes called the Eagle): A direct and results-oriented personality, this profile consumes information quickly and at a high level, without delving into details.
- Influence (sometimes called the Parakeet): With an outgoing, high-spirited and lively personality, this profile consumes high-level information but prefers a more personal approach.
- Steadiness (sometimes called the Dove): Known as having a calm and sensitive personality, this profile methodically consumes information and may desire direct involvement.
- Conscientiousness (sometimes called the Owl): As a reserved and analytical personality, this profile consumes logical and detailed information.
Understanding people’s specific personality types is important, because the right information presented the wrong way may distract from your message.
Myth #3: One Report Does it All
In helping people prepare for ERM boardroom presentations, I notice that some individuals simply ask which reports to print. Although the value of reports should not be dismissed, they are only a supporting player. According to the RMA Governance and Policies Workbook, “risk reports shouldn’t create paper, they should create dialogue. Information reported without context can be extremely dangerous.”
Providing constructive dialogue on ERM programs is essentially telling a good story – complete with a beginning, a middle and an end (or rather, with a process, results and conclusion):
- Process: This includes the period considered, what was covered and who participated
- Results: What did we learn, what are the threats to the business, are appropriate controls in place and are we safe?
- Conclusion: Lessons learned and action plans
Myth #4: You Can Put This Together Quickly
We all have a friend who waits until Christmas Eve to shop for gifts. But preparing a relevant, succinct and effective presentation is not the same as Christmas shopping – it takes time, and must be done over time. Discerning people will see right through a quickly pieced-together presentation.
Now that we have dispelled some of the myths around ERM programs, here is some simple yet effective advice for presenting your ERM program:
1. Start early. Begin by writing down the basic framework and key messages. Seek to understand early what information may be missing, and put together a plan to get it.
2. Make sure you understand how your audience consumes information. If you don’t have the opportunity ahead of time, be ready to quickly determine which trait you are talking to and adjust accordingly. When there is more than one personality in the audience, communicate to the highest ranking person in the room – most likely an “Eagle”. If the highest ranking person is not an Eagle, but someone of influence is, you may still need to start communicating in “Eagle-ease,” but quickly get to areas of detail to accommodate the other styles. Parakeets, Owls, and Doves tend to have more patience than an Eagle.
3. Craft your story. Your presentation should start with the process, or how you got there. This will lay the groundwork and help your audience understand what it is they’re looking at. Results should be communicated with the appropriate detail, but be prepared to drill down into some of the higher-risk areas if asked. Always end with lessons learned and next steps, which can include how results will be used, remediation put in place and linkages to strategic programs.
A well-structured and communicated program shows value not only in the effort, but in the presenter as well. Good luck!
Disclaimer: The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the official policy or position of the Financial Managers Society.
About the Author
Randy Marsicano is a Senior Manager of Professional Services in the WolfPAC Solutions Group, overseeing all Enterprise Risk Management Advisory Services. He has nearly 30 years of experience designing and implementing risk management, vendor management, technology and operational management programs, and works closely with community institutions to create and improve their ERM programs and drive costs down.