Redefining the Role of ERM Standard Setters
Reimagining COSO to create knowledge from beliefs and performance from knowledge and ending our fear of risk, addiction to controls and sedation by assurance
The essence of professionalism is service to the public. Standard setters create a body of knowledge and provide metrics to demonstrate the practices they recommend are evidence based and produce measurable outcomes supporting those practices.
Our ERM* Beliefs Have Stood the Test of Time, But…
Times change. Beliefs that have stood the test of time are just old beliefs. Performance in delivering outcomes is the only true test of beliefs.
There is strong evidence that our ERM institutions are failing us.
ERM practitioners today are generally unable measure the value they claim to deliver. There is no strong evidence to suggest that ERM practices and standards individually or collectively have had any impact whatsoever on catastrophic losses or corporate failures or any corporate or individual behaviors.
When an ERM professional organization publishes a standard or recommends a practice, responsible practitioners are entitled to demand evidence that the standard or practice has been tested and found to be beneficial.
When a regulatory authority demands compliance with mandated practices the burden of proof on the regulator should be extremely high.
To my knowledge none of the professional standards or regulatory requirements driving ERM activities are evidence based or rigorously field tested.
Outcomes are the True Test of Professional Standards
By way of contrast, institutions and regulatory authorities governing professionals in health care, environmental and safety, education, scientific disciplines, and law enforcement are able to define the outcomes they seek, the practices they follow to achieve those outcomes, and they routinely produce metrics that support their progress (or failure) in achieving those outcomes.
Our struggle and the failure of our ERM institutions and regulatory authorities to establish desired outcomes and metrics for measuring them is clear evidence of institutional failure.
Beliefs Should Drive Knowledge
Beliefs are essential to the creation of knowledge. Breakthroughs in knowledge occur when beliefs are challenged. If Christopher Columbus had used decision science, he would never have set sail. His contribution to knowledge is immeasurable.
The beliefs supporting ERM practices can only create knowledge when tested against the outcomes they are designed to achieve. When no outcomes are defined, no testing is possible. Without testing, no knowledge is created. The result is stagnation.
Lacking outcomes, todays ERM standards make us sail in circles going nowhere.
Knowledge Drives Performance
Beliefs, when supported by evidence, create knowledge. Knowledge leads to better practices that in turn drive better performance and desired outcomes.
There have been no breakthroughs in ERM practices in my lifetime. If anything, they have become more regressive and more entrenched.
Our business, economic, political, cultural, technological and social environments have been rocked by disruptive forces. Stability in our professional standards and practices is a sign of fixed, rigid and failed beliefs
The Role of ERM Institutions and Practitioners
If a doctor prescribes a medication which is not cost effective, does not produce the intended outcome, or has unintended side effects, the patient is entitled to an explanation. A quick search of the web will explain how the medication works, its side effects and the specific medical outcomes it has been shown to produce.
When an ERM professional organization publishes a new standard or recommends a new practice, responsible practitioners are entitled to demand evidence that the standard or practice has been tested and found to be beneficial.
New drugs are not sold until evidence-based outcomes are demonstrated and side effects understood.
The primary purpose of our ERM institutions is to seek knowledge and provide continuously evolving evidence-based practices. Our ERM institutions owe us metrics that prove value is added and they owe us a comprehensive growing body of evidence-based knowledge that we can use to drive better practices.
Practitioners must be confident that applying their professional practices consistently and reliably will produce beneficial, intentional business outcomes and that we will continue to adapt to meet the needs of our stakeholders.
Is it possible for our ERM institutions to begin to shift from a belief based to a performance-based paradigm? This is what a reimagined COSO might look like.
Reimagined along these lines, COSO is intended to support professional practitioners in adding value. It is an attempt to define the knowledge that each COSO element can develop in support of turning beliefs into knowledge and knowledge into measurable outcomes supported by metrics.
Comments are welcome.
For other recent blogs in this series: