A Case Study on Evolution of Enterprise Risk Management
It was at a May 2001 audit committee meeting when I first heard Tufts’ external auditor mention Enterprise Risk Management (ERM). I remember the perplexed look on the faces of the senior managers and audit committee members as the audit partner valiantly tried to extol ERM’s virtues, walking us through a 20-page handout which explained the theory behind it. According to the partner, ERM was the wave of the future; a systematic, focused approach to anticipating and managing the operating, compliance, reputational and strategic risks that our university would likely face in the years ahead.
Perhaps the timing was bad (we were still battle-fatigued from our university-wide effort to avert “Y2K” disaster on January 1, 2000), but the concept of ERM was not a big sell among the group. By the end of the meeting, and based on comments afterward, it was evident senior management and the audit committee members had concluded that ERM was yet another attempt by the external auditor to increase consulting income by promoting the latest management improvement technique (TQM was not yet a distant memory). It was enough of a challenge to provide the required administrative resources to support the academic enterprise and research; there was no time to assess probabilities and impacts and contemplate risk appetites! Besides, when necessary, a committee or task force could be easily convened to address any significant challenge or crisis.
Click here to read more on Evolution of Enterprise Risk Management