Oct 06 2019 16 mins
Contact Sandy:
LinkedIn - https://www.linkedin.com/in/sandra-richtermeyer-6b62083/
Twitter - @SRichtermeyer
UMass-Lowell Manning School of Business: https://www.uml.edu/msb/
FULL EPISODE TRANSCRIPT
Music: (00:00)
Mitch: (00:04)
Welcome back for Episode 20 of Count Me In! Mitch Roshong and Adam Larson from IMA here with you to pass along industry knowledge and the latest perspectives on management accounting. Our expert guest speaker for today's episode has over 20 years of experience as a board member more than 14 years of academic leadership experience and is extremely well versed in presenting on key accounting topics for our conversation. Adam spoke with Dr.. Sandy Richtermeyer on the importance of enterprise risk management.
Adam: (00:36)
That's right, Mitch. Sandy is the Dean of the Manning school of business of the university of Massachusetts Lowell. She's previously served as chair of IMA's global board of directors and represented IMA on the COSO board where she served on the committee that updated the COSO internal control integrated framework and the COSO enterprise risk management framework. She is truly committed to organizations achieving excellence through good governance and effective risk management. In this episode, Sandy talks about why organizations should align their mission and vision to create a culture that embraces the tone at the top and enables successful strategic execution through enterprise risk management. Now, here is episode 20 of count me in with Dr. Sandy Richtermeyer.
Adam: (01:24)
What advice do you have for organizations seeking to align their mission, vision, and core values with effective risk management programs?
Sandy: (01:32)
Sometimes when we think about a mission, vision, and core values or as an organization is preparing to to become more risk, mature or refined, or maybe they're just getting started in their risk management program. So I like to give them like three practical exercises, three things that they can work on or think about. Usually you start to set the tone for looking at risk management in a different way. So one of them, one exercise that I ask them to do is to do a mission check. And I think it's good for an organization to do a mission check every three to five years just to make sure their mission statement, mission of their organization is still truly in line with who they want to be. And then after they do that mission check and maybe they make some changes to it or maybe the mission statement that they have in places is working great for them. Then I asked them what top three risks could cause you to fail in your mission? And this is usually a pretty good exercise because oftentimes you get a lot of variance on the responses. But I think by you know, having organization leaders you know, come up with just three, only three top risks that could cause them to fail and then be in alignment on there on those top three risks that could cause their mission to fail can be a very, helpful exercise. And it's one that really sets the tone for what you need to do, you know, down the road as you move through the risk management process. So that's the first exercise I usually ask them to do. And then the second is to evaluate their vision statement and see if that vision statement that they have or sometimes they don't even have one or they confuse it with the mission statement. But usually larger organizations have a vision statement, but ask them to see if this vision statement is a good fit for their ideas on how they want to create, preserve and enhance value. What are they trying to accomplish and how does that vision statement, describe that. And then I asked them to describe what risks could cause them to not achieve their vision. This is where it's also important to bring in the concept of having them think about risks that bring in new opportunities and risks that they want to avoid or mitigate. So the vision statement piece and associated risks is very helpful for them to think about. And then the third exercise we move into evaluating core values. And that's hoping that they have clearly articulated core values. Sometimes an organization might say, well we haven't really, you know, clearly defined our core values. And so this is a great opportunity before they get too far into the risk management process for them to take a step back and really look at their core values. And maybe they have them in place or they create them. But if they say they have core values in place that they've, that they've articulated before or they're that or that they've articulated previously to starting on their risk management journey, then we ask are the core values specific enough to speak to the value creation that they hope to achieve? Are these core values? Are the core values that they have enablers of a good culture? Do they set the tone for a culture that will allow the organization to achieve its strategic goals and achieve its desired performance? Again, these generic or vague values might not bring about a culture that's needed to reach strategic goals and objectives and ultimately strong performance. So it's good to take a pause and do this values check. So I think these three exercises, one is a mission check to evaluate a vision statement. Three, evaluate core values or create a vision statement and create core values. Those are activities that I think can really become very effective and useful that set the right foundation for risk management.
Adam: (05:43)
All right. So we've talked about an organization's mission and their vision and how important those are focusing on your risk management program. But what role does the organizational culture play in risk management and then who is responsible for establishing that culture?
Sandy: (05:56)
Sometimes an organization wants to do everything or organizational leaders want to do everything they can to improve the culture and and help establish the culture that will embrace risk management and all that that entails. They focus on how can they instill more transparency and risk awareness into the culture. Because oftentimes if you look at where does some really core problems exist in organizational culture, very often it has to do with lack of transparency. People don't feel like they know what's going on, they're not aware, they feel like they are on a need to know basis, that type of thing. And they also may not be even remotely aware of the key risks of the organizational faces. So how do you get people to understand or how do you, how do you improve transparency or how do you build a risk aware culture that will be very useful in terms of implementing risk management? Well, what I've seen organizations do is sometimes they they work on ways to encourage people in the organization to, bring up issues of concern to have maybe like, I don't know, for lack of a better example, maybe a suggestion box or maybe it's a way to voice concerns either anonymously or yeah, not anonymously, but basically encouraging people both to talk about key issues of concerns and make sure that when they do that that, that you can help them not have fear of retribution because oftentimes people are reluctant to bring up challenges or concerns or issues that they see because they feel that it's going to come back at them. And so as you find ways to transparently have, you know, m...