Redefining the Role of ERM Standard Setters

Redefining the Role of ERM Standard Setters

Reimagining COSO to create knowledge from beliefs and performance from knowledge and ending our fear of risk, addiction to controls and sedation by assurance

The essence of professionalism is service to the public. Standard setters create a body of knowledge and provide metrics to demonstrate the practices they recommend are evidence based and produce measurable outcomes supporting those practices.

Our ERM* Beliefs Have Stood the Test of Time, But…

Times change. Beliefs that have stood the test of time are just old beliefs. Performance in delivering outcomes is the only true test of beliefs.

There is strong evidence that our ERM institutions are failing us.

ERM practitioners today are generally unable measure the value they claim to deliver. There is no strong evidence to suggest that ERM practices and standards individually or collectively have had any impact whatsoever on catastrophic losses or corporate failures or any corporate or individual behaviors.

When an ERM professional organization publishes a standard or recommends a practice, responsible practitioners are entitled to demand evidence that the standard or practice has been tested and found to be beneficial.

When a regulatory authority demands compliance with mandated practices the burden of proof on the regulator should be extremely high.

To my knowledge none of the professional standards or regulatory requirements driving ERM activities are evidence based or rigorously field tested.

Outcomes are the True Test of Professional Standards

 By way of contrast, institutions and regulatory authorities governing professionals in health care, environmental and safety, education, scientific disciplines, and law enforcement are able to define the outcomes they seek, the practices they follow to achieve those outcomes, and they routinely produce metrics that support their progress (or failure) in achieving those outcomes.

Our struggle and the failure of our ERM institutions and regulatory authorities to establish desired outcomes and metrics for measuring them is clear evidence of institutional failure.

Beliefs Should Drive Knowledge

Beliefs are essential to the creation of knowledge. Breakthroughs in knowledge occur when beliefs are challenged. If Christopher Columbus had used decision science, he would never have set sail. His contribution to knowledge is immeasurable.

The beliefs supporting ERM practices can only create knowledge when tested against the outcomes they are designed to achieve. When no outcomes are defined, no testing is possible. Without testing, no knowledge is created. The result is stagnation.

Lacking outcomes, todays ERM standards make us sail in circles going nowhere.

Knowledge Drives Performance

Beliefs, when supported by evidence, create knowledge. Knowledge leads to better practices that in turn drive better performance and desired outcomes.

There have been no breakthroughs in ERM practices in my lifetime. If anything, they have become more regressive and more entrenched.

Our business, economic, political, cultural, technological and social environments have been rocked by disruptive forces. Stability in our professional standards and practices is a sign of fixed, rigid and failed beliefs

The Role of ERM Institutions and Practitioners

If a doctor prescribes a medication which is not cost effective, does not produce the intended outcome, or has unintended side effects, the patient is entitled to an explanation. A quick search of the web will explain how the medication works, its side effects and the specific medical outcomes it has been shown to produce.

When an ERM professional organization publishes a new standard or recommends a new practice, responsible practitioners are entitled to demand evidence that the standard or practice has been tested and found to be beneficial.

New drugs are not sold until evidence-based outcomes are demonstrated and side effects understood. 

The primary purpose of our ERM institutions is to seek knowledge and provide continuously evolving evidence-based practices. Our ERM institutions owe us metrics that prove value is added and they owe us a comprehensive growing body of evidence-based knowledge that we can use to drive better practices. 

Practitioners must be confident that applying their professional practices consistently and reliably will produce beneficial, intentional business outcomes and that we will continue to adapt to meet the needs of our stakeholders.

Reimagining COSO

Is it possible for our ERM institutions to begin to shift from a belief based to a performance-based paradigm? This is what a reimagined COSO might look like.

Reimagined along these lines, COSO is intended to support professional practitioners in adding value. It is an attempt to define the knowledge that each COSO element can develop in support of turning beliefs into knowledge and knowledge into measurable outcomes supported by metrics.

Comments are welcome.

For other recent blogs in this series:

Frightened by risks, addicted to controls and sedated by assurance

Addicted to controls, sedated by assurance

Addicted to controls: How radical control activists have highjacked risk management

Published by Bruce McCuaig

I'm interested in all aspects of risk and compliance management. I want to make it work for business executives, the practitioner community and the business.

Leave a comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: