Ep. 20: Sandy Richtermeyer - Enterprise Risk Management

Contact Sandy:
LinkedIn -
https://www.linkedin.com/in/sandra-richtermeyer-6b62083/
Twitter - @SRichtermeyer


UMass-Lowell Manning School of Business:
https://www.uml.edu/msb/


FULL EPISODE TRANSCRIPT


Music: (00:00)


 


Mitch: (00:04)


Welcome back for Episode 20 of Count Me In! Mitch Roshong and
Adam Larson from IMA here with you to pass along industry
knowledge and the latest perspectives on management accounting.
Our expert guest speaker for today's episode has over 20 years of
experience as a board member more than 14 years of academic
leadership experience and is extremely well versed in presenting
on key accounting topics for our conversation. Adam spoke with
Dr.. Sandy Richtermeyer on the importance of enterprise risk
management. 


 


Adam: (00:36)


That's right, Mitch. Sandy is the Dean of the Manning school of
business of the university of Massachusetts Lowell. She's
previously served as chair of IMA's global board of directors and
represented IMA on the COSO board where she served on the
committee that updated the COSO internal control integrated
framework and the COSO enterprise risk management framework. She
is truly committed to organizations achieving excellence through
good governance and effective risk management. In this episode,
Sandy talks about why organizations should align their mission
and vision to create a culture that embraces the tone at the top
and enables successful strategic execution through enterprise
risk management. Now, here is episode 20 of count me in with Dr.
Sandy Richtermeyer.


 


Adam: (01:24)


What advice do you have for organizations seeking to align their
mission, vision, and core values with effective risk management
programs? 


 


Sandy: (01:32)


Sometimes when we think about a mission, vision, and core values
or as an organization is preparing to to become more risk, mature
or refined, or maybe they're just getting started in their risk
management program. So I like to give them like three practical
exercises, three things that they can work on or think about.
Usually you start to set the tone for looking at risk management
in a different way. So one of them, one exercise that I ask them
to do is to do a mission check. And I think it's good for an
organization to do a mission check every three to five years just
to make sure their mission statement, mission of their
organization is still truly in line with who they want to be. And
then after they do that mission check and maybe they make some
changes to it or maybe the mission statement that they have in
places is working great for them. Then I asked them what top
three risks could cause you to fail in your mission? And this is
usually a pretty good exercise because oftentimes you get a lot
of variance on the responses. But I think by you know, having
organization leaders you know, come up with just three, only
three top risks that could cause them to fail and then be in
alignment on there on those top three risks that could cause
their mission to fail can be a very, helpful exercise. And it's
one that really sets the tone for what you need to do, you know,
down the road as you move through the risk management process. So
that's the first exercise I usually ask them to do. And then the
second is to evaluate their vision statement and see if that
vision statement that they have or sometimes they don't even have
one or they confuse it with the mission statement. But usually
larger organizations have a vision statement, but ask them to see
if this vision statement is a good fit for their ideas on how
they want to create, preserve and enhance value. What are they
trying to accomplish and how does that vision statement, describe
that. And then I asked them to describe what risks could cause
them to not achieve their vision. This is where it's also
important to bring in the concept of having them think about
risks that bring in new opportunities and risks that they want to
avoid or mitigate. So the vision statement piece and associated
risks is very helpful for them to think about. And then the third
exercise we move into evaluating core values. And that's hoping
that they have clearly articulated core values. Sometimes an
organization might say, well we haven't really, you know, clearly
defined our core values. And so this is a great opportunity
before they get too far into the risk management process for them
to take a step back and really look at their core values. And
maybe they have them in place or they create them. But if they
say they have core values in place that they've, that they've
articulated before or they're that or that they've articulated
previously to starting on their risk management journey, then we
ask are the core values specific enough to speak to the value
creation that they hope to achieve? Are these core values? Are
the core values that they have enablers of a good culture? Do
they set the tone for a culture that will allow the organization
to achieve its strategic goals and achieve its desired
performance? Again, these generic or vague values might not bring
about a culture that's needed to reach strategic goals and
objectives and ultimately strong performance. So it's good to
take a pause and do this values check. So I think these three
exercises, one is a mission check to evaluate a vision statement.
Three, evaluate core values or create a vision statement and
create core values. Those are activities that I think can really
become very effective and useful that set the right foundation
for risk management. 


 


Adam: (05:43)


All right. So we've talked about an organization's mission and
their vision and how important those are focusing on your risk
management program. But what role does the organizational culture
play in risk management and then who is responsible for
establishing that culture? 


 


Sandy: (05:56)


Sometimes an organization wants to do everything or
organizational leaders want to do everything they can to improve
the culture and and help establish the culture that will embrace
risk management and all that that entails. They focus on how can
they instill more transparency and risk awareness into the
culture. Because oftentimes if you look at where does some really
core problems exist in organizational culture, very often it has
to do with lack of transparency. People don't feel like they know
what's going on, they're not aware, they feel like they are on a
need to know basis, that type of thing. And they also may not be
even remotely aware of the key risks of the organizational faces.
So how do you get people to understand or how do you, how do you
improve transparency or how do you build a risk aware culture
that will be very useful in terms of implementing risk
management? Well, what I've seen organizations do is sometimes
they they work on ways to encourage people in the organization
to, bring up issues of concern to have maybe like, I don't know,
for lack of a better example, maybe a suggestion box or maybe
it's a way to voice concerns either anonymously or yeah, not
anonymously, but basically encouraging people both to talk about
key issues of concerns and make sure that when they do that that,
that you can help them not have fear of retribution because
oftentimes people are reluctant to bring up challenges or
concerns or issues that they see because they feel that it's
going to come back at them. And so as you find ways to
transparently have, you know, m...