Operational Excellence, June 2012 to December 2012
During the second part of 2012, a major initiative was put in place to implement Operational Excellence within the organization. The risk management team, still waiting for a meeting with the Advisory Committee, identified this as an opportunity to embed risk management without the need for authority or needing to convince each administrative area of the benefits.
Through relationship building and awareness of risk management, the risk management team managed to incorporate risk management into the Operational Excellence plan as being a key enabler. In other words, upon completion of the initiative in late 2013, and in order to meet its aspiration of Operational Excellence, MECO (all business lines and their administrative areas) would be asked to implement all key enablers of Operational Excellence, one of which, as stated, would be risk management. This would be a major initiative and would require a large number of consultants coming in to work on Operational Excellence implementation.
Previously, the risk management team had been seen as a team with a self- serving purpose who were trying to force new processes on the organization. Operational Excellence was therefore a huge opportunity for the risk management team, who hoped they would now be looked upon as a useful resource that would support the organization when it came to having to implement Operational Excellence requirements.
Risk Management Move to Corporate Planning, December 2012 to Present
By December 2012, over a year after the Management Committee meeting where the risk management team was instructed to use the Advisory Committee in order to progress risk management, a meeting had still not been set up. The CEO realized that risk management needed more authority and as a result instructed the Corporate Planning division, which was a major influencer in the organization and had a well-regarded vice president, to set up risk management as a function within that division.
Risk management would now form a part of the corporate planning structure with a manager and the two team members from the project team. The management would look to recruit up to three new members to the team, and the team's remit would be to set up an ERM framework, identify the top risks to the company, work on identifying risks to future investments, and form an integral part of the future corporate planning process.
Corporate Planning has a direct line to the CEO and has a large influence within the organization. This helped to ensure that within weeks of creating the function, meetings were set up for February 2013 with the Advisory Committee in order to review and confirm the top risks. Plans were already in place to fast-track the production of the Risk Framework documentation from their draft forms, with the risk management team having the authority to decide much of the approach.
One of the key areas of consideration going forward was implementation of a risk management information system (RMIS), and therefore the risk team started undertaking a RMIS study in order to identify appropriate software for the organization.
Moving the risk management team to an actual department meant that the team members would finally feel part of a real team. They would also have a proper remit and authority to undertake and implement risk management properly, while having much better access to decision-making authorities such as the Advisory Committee. Additionally, the fact that the CEO had made this decision meant that the Advisory Committee would probably fall in line more and support risk management.
Despite these positives, the risk management team would face challenges in terms of meeting the requirements of their remit based on their staffing numbers. Despite aspirations to recruit more members to the team, risk professionals are not easy to come by, and the fact that it takes six months to actually complete the recruiting process means that six months can easily become a year.
By early 2014, MECO was finally able to start filling roles, and it now has a team of 15 risk members at varying levels from analyst and business continuity roles up to manager positions. Another key decision was to allow consultants to support ERM implementation, and invitations to tender have now been sent out for millions of dollars' worth of consultancy business.