The Department of Defence
Defence had made several attempts to implement an enterprise risk management (ERM) framework but had failed to achieve a process that managed their ‘material’ risks in a meaningful way. No single methodology allowed an effective senior level risk discussion on such organisationally material risks. Defence wanted to understand what represented effective practice from the public and corporate sectors both domestically and internationally. The key requirement was a methodology that addressed all dimensions of risk within a single process using a common language.
WHAT NOETIC DID
- Engaged with senior executives to understand their needs from Enterprise Risk Management and reviewed risk management frameworks, systems and processes from across Defence. Recommendations were made regarding the effective accountability mechanisms for risk controls (as well as for the risks), assessing the effectiveness of risk controls in practice, and designing the appropriate reporting mechanisms of these controls.
- Developed and embedded a governance framework and tools to effectively manage material risks. Noetic worked closely with Defence to identify material risks, define and assign responsibility for controls, develop a common language around risk, and inculcate a focus on practical risk concepts.
- Developed an ERM Socialisation Framework that identified the key audience and specific communication approaches and activities.
- Developed an ERM Guide to support Defence’s senior management in decision making about material risks. This included explanation and specific guidance about ERM including risk management controls, risk management failure, roles and responsibilities, and how to cultivate a risk management culture.
- Provided focused senior executive support to implement the ERM framework. Risk and control profiles were developed, that outlined the nature of the risk, the controls in place, and the assurance of the effectiveness of these controls.
- Provided support and knowledge transfer to the Defence ERM core team during the project, through active learning, formal training, and one-on-one coaching.
Noetic’s experience and expertise in effective risk management practices in organisations aspiring to be high-reliability organisations (HROs) provided Defence with a fresh context in which to examine its key business risks. As a result Defence have an ERM framework that supports its senior decision making processes. Importantly, the ERM framework had a positive effect on Defence’s risk culture with a greater focus on examining the evidence on the effectiveness of risk controls and acceptance that news of ineffective risk controls is valuable information that should be encouraged. This shift in culture and attitude towards risks and controls enhanced Defence’s ability to make informed decisions about those risks.