December 13, 2024 | Makenzie Kellar

Utilizing the ERM framework can be a critical first step in lowering claims and reducing risk.

ERM stands for “Enterprise Risk Management” which, put simply, is a framework of thinking an organization can use to identify, assess, and mitigate their risks.

Though the term may seem like another corporate buzzword at first, many people make decisions similar to the ERM framework in their everyday lives without even knowing it. For example, have you ever moved your car into the garage during bad weather to avoid hail damage? If so, guess what? You identified a risk and took action to avoid it, which is an example of ERM in its most basic form.

This example also shows one of the reasons why ERM is so important; risks are everywhere. Risk can be leaving your car outside in bad weather, it can be an employee performing a task with lack of safety training, it can be something as small as an employee coming into work with a cold. You will never be able to avoid risk entirely, as an individual or as an organization.

Furthermore, you shouldn’t try to avoid every risk there is because risk is not inherently a bad thing. It could be risky for an organization to spend money to expand their program offerings or host a conference, but that doesn’t mean it’s not worth a try. ERM encourages people to not just look at risks as something to avoid, but to assess risks in a way to determine if they’re worth taking. If this has made you curious at all about how to use ERM at your organization, here are the five steps to take to make it happen.

1. Integrate

The first step to integrating ERM at your organization is to identify what your risks are. There are general risks that will impact all organizations (severe weather, cybersecurity breaches, etc.) as well as risks that are specific to your organization. Keep in mind that certain risks may have a more severe impact to your organization than others.

Take, for example, a library organization. While flooding isn’t ideal under any circumstances, a library organization unprepared for flooding could lose many of the books that draw in patrons!

It is important to begin by identifying some of your risks to help you keep track of them, then move onto the next step: prioritization. Start by ranking each of the risks you identified to figure out which you should work on mitigating first.

If you have trouble determining which of them are most important, try ranking them based on severity vs. frequency. To do this, you simply assign a number on a scale from one to five to rate frequency and severity. If you need help with this step, consider using a “risk matrix” that can assist in prioritization.

“Integrate” might not seem like the right word for this step since most of it is comprised of research and thinking things out. However, the whole point of this step is to integrate the ERM framework into your organization. What are your risks? Your priorities? This step is meant to customize the framework to serve you best.

2. Design

Now that you understand what risks you want to tackle, you have to come up with a plan for how to tackle them. With smaller, simpler risks, this step will be easy. After all, if your risk is “we don’t have a wet floor sign at the office,” the solution is obvious: buy a wet floor sign!

Not every problem will be so cut and dry. Your organization may be faced with a risk that you are unsure how to manage. Or, conversely, there may be several viable options for dealing with the risk you face. If this is the case, consider enlisting the help of colleagues to start narrowing your list of choices. Be sure to include as many people as possible in this part of the process, across your entire organization when applicable.

Every person will bring a unique perspective to the table and make sure the plan you choose accounts for everyone that it has the potential to affect. On the other hand, if you have too few ideas on how to mitigate your risks, those same colleagues can help you brainstorm to come up with a solution that might not have been obvious otherwise.

3. Implementation

Implementation is, by far, the most important part of the ERM process. You can spend hours upon hours coming up with different risks and deciding how to work around them, but it’s all for nothing if you never put those plans into action. To make sure you don’t lose momentum, set deadlines for each task that needs to be accomplished to mitigate the risk you chose. You should also choose a member of your team to oversee this project and make sure everyone involved is being held accountable for their work.

4. Evaluation

After implementing your solutions, take some time to reflect on how it went. Was your idea successful, or did it leave something to be desired? If you could go back and try again, what would you do differently? If the risk you chose is an issue your organization will need to address in the future, this part of the process will help you ensure that future efforts are just as (if not more) effective than your first try. Also, even if the project successfully accomplished all the goals you wanted it to, remember that your goals for future projects might change. If the final result of all this feels disappointing, it might not be because of your plans or because it wasn’t implemented well; it could just be because your priorities have changed.

5. Improve

The final step is self-explanatory. Now that you understand what you could do better next time, make it happen!

And, with that, you’ve learned enough to get started analyzing and mitigating risks at your own organization. Start small and keep in mind that it takes time and practice to get better at managing organizational risks. Everyone starts somewhere.

Getting Started

However, if you want to learn more about ERM or have additional questions, check out the webinar ERM: Controlling Risk in Your Organization hosted by CSD Pool Safety Consultant, Kyle Brown. If you already know what risks you want to address and want a little help along the way, the CSD Pool offers members resources for training , safety consulting and service. Our Safety Consultants are available to visit CSD Pool Members as part of your member benefits. They can discuss ERM and help you at any step of the process.

For a full list of services, visit csdpool.org/safetyconsulting

If you are interested in making a purchase related to safety or loss prevention, our grant program can reimburse you up to 50% for safety-related purchases made by eligible organizations. For more information, visit csdpool.org/grants to apply.