Enterprise Compliance Today

Where to start your Enterprise Risk Management (ERM) system

Posted by Greg Carroll on Fri, Feb 14, 2014 @ 10:02 PM

Contract Management has all the same components.  Financial, Operational and strategic risks, surveillance and KPIs, opportunity and threat management, and most importantly, easily understandable methods of aggregation. 

 

9725861 m

Proactive management of contracts risks, milestone and deliverables managements, setting surveillance and KPI levels,
audit and compliance monitoring will pull under control, a major area of risk exposure, and due to economies of scale, are generally a source of major savings.

Have a look how FastTrack's Contract Management can give you the quick wins to impress the benefits of Risk Management:

Enterprise Contract Management

With over 30 years’ in providing risk and compliance software products at Fast Track, I have moved on from the need to promote ourselves to the desire to promote the discipline of Governance, Risk and Compliance as the compass for business progress. Our software is subservient to and a product of this goal.  In 2013 I tried to ignite the debate of what the shape of Risk Management should be in the 21st century culminating in the publishing of my book Mastering 21st Century Enterprise Risk Management. 

With what I see in forums and discussions around, I think I can leave it to others to propagate the shape of ERM and in 2014 I would like to move on to a topic more on the mind of the existing Fast Track user community, that of the Risk Management Maturity Model, i.e. the path to maturing their risk management systems. The 5 levels on maturity are:

  1. RMS – having a system in place to identify, record, assessment and mitigate risk
  2. IRMS – Integrate with QMS and KPIs to analyse and fine tuning
  3. Risk Culture – make Risk endemic to people & processes
  4. ERM – proactive, responsive integrate ERM (not just operational)
  5. Governance & Opportunity Management

This first of these articles is targeted at those organisations looking to move from level 1 to level 2.

Once you have an effective risk management system in place, with risks being assessed (remember it’s a process not a result), your high risk items being mitigated, you invariably are then faced with the daunting task what do with the morass of medium risks.  Taking the view that to make your Risk Management System (and therefore you) a value-adding function to the business, I believe your efforts should be directed towards managing those items not management inherently by operational management on a day-to-day basis.  Unfortunately, this is not where I see a lot of organisations putting their resources.  Telling an operational manager what they know to do, only breeds greater resentment towards risk management and will do little to produce added performance to the business. 

From my experience a much overlooked aspect of Risk & Compliance Management is the area of Contract Management.  When managing multi-million dollar contracts, administration delays and oversight breaches can cost organisation big dollars. Also saving legal and senior finance staff’s time, allows for greater focus on better contractual outcomes. Requiring inputs from multiple departments and affecting others such as finance, legal, marketing, and operations, even a minor mistiming can prove an expensive oversight.  Unlike Process Management where your own people interact and manage on a daily basis, Contract Management is dealing with external parties from whom, at best, you receive periodical reports on the effect of the product and services provided. And here I include both customer and supplier contracts.

And I mean total Contract Management not just contract administration. Proactive management of contracts risks, milestone and deliverables managements, setting surveillance and KPI levels,
audit and compliance monitoring will pull under control, a major area of risk exposure, and due to economies of scale, are generally a source of major savings.  In most organisations contract
managers are normally overloaded with the sheer weight of contract administration to avail time to maximize the business return to the organization, while operational managers only focus on their own involvement. 

Risk management is not only the glue to join all these disparate involvements together but is a great baby step toward a full Enterprise Risk Management System. It has all the same components.  Financial, Operational and strategic risks to be managed, setting of surveillance and KPIs, both opportunity and threat management, and most importantly, easily understandable method of aggregation.  What better to cut your teeth on.

So, what’s the game plan then?

  1. Implement a formal contract system to manage:
    1. Tenders and Quotes
    2. Contract Milestones, Review & Expiries
    3. Insurance & Certification Tracking
    4. Obligations and Legal Requirements
    5. Workflows for Approval & Variations
    6. Document control of templates and version control on contracts.
  2. Link to Risk Assessments on each area of contract: financial, operations,
    strategic, etc
  3. Set surveillance levels based on contract risk assessment along with performance KPIs from both us and contract parties. Then MONITOR THEM!
  4. Set up an on-going audit and inspection program
  5. Link to operational performance KPIs and tactical/strategic objectives
  6. Identify key competencies per contract and maintain a register of those in those positions
  7. Ensure the risk assessments are living pro-active systems, updated and
    re-evaluated on any change in circumstances. i.e that they joint venture with the other contract parties.

 

Related articles you may be interested in:

Resources

ERMRisk Management Data Sheet
How Fast Track provides truly proactive ERM

RiskProfile.png

FastTrack 3min ERM Demo
If you’re not sure how this works, have a look at the FastTrack Contract Management Product demo at http://www.fasttrack365.com/resources/videos/FTContractDemo.wmv.

hero-productguide-180x172.pngFastTrack Product Guide
Technical specifications, pricing, and more.

Tags: Best practices, corporate governance, contract management, risk management