Accendo Reliability

Your Reliability Engineering Professional Development Site

  • Home
  • About
    • Contributors
  • Reliability.fm
    • Speaking Of Reliability
    • Rooted in Reliability: The Plant Performance Podcast
    • Quality during Design
    • Way of the Quality Warrior
    • Critical Talks
    • Dare to Know
    • Maintenance Disrupted
    • Metal Conversations
    • The Leadership Connection
    • Practical Reliability Podcast
    • Reliability Matters
    • Reliability it Matters
    • Maintenance Mavericks Podcast
    • Women in Maintenance
    • Accendo Reliability Webinar Series
  • Articles
    • CRE Preparation Notes
    • on Leadership & Career
      • Advanced Engineering Culture
      • Engineering Leadership
      • Managing in the 2000s
      • Product Development and Process Improvement
    • on Maintenance Reliability
      • Aasan Asset Management
      • AI & Predictive Maintenance
      • Asset Management in the Mining Industry
      • CMMS and Reliability
      • Conscious Asset
      • EAM & CMMS
      • Everyday RCM
      • History of Maintenance Management
      • Life Cycle Asset Management
      • Maintenance and Reliability
      • Maintenance Management
      • Plant Maintenance
      • Process Plant Reliability Engineering
      • ReliabilityXperience
      • RCM Blitz®
      • Rob’s Reliability Project
      • The Intelligent Transformer Blog
      • The People Side of Maintenance
      • The Reliability Mindset
    • on Product Reliability
      • Accelerated Reliability
      • Achieving the Benefits of Reliability
      • Apex Ridge
      • Metals Engineering and Product Reliability
      • Musings on Reliability and Maintenance Topics
      • Product Validation
      • Reliability Engineering Insights
      • Reliability in Emerging Technology
    • on Risk & Safety
      • CERM® Risk Insights
      • Equipment Risk and Reliability in Downhole Applications
      • Operational Risk Process Safety
    • on Systems Thinking
      • Communicating with FINESSE
      • The RCA
    • on Tools & Techniques
      • Big Data & Analytics
      • Experimental Design for NPD
      • Innovative Thinking in Reliability and Durability
      • Inside and Beyond HALT
      • Inside FMEA
      • Integral Concepts
      • Learning from Failures
      • Progress in Field Reliability?
      • R for Engineering
      • Reliability Engineering Using Python
      • Reliability Reflections
      • Testing 1 2 3
      • The Manufacturing Academy
  • eBooks
  • Resources
    • Accendo Authors
    • FMEA Resources
    • Feed Forward Publications
    • Openings
    • Books
    • Webinars
    • Journals
    • Higher Education
    • Podcasts
  • Courses
    • 14 Ways to Acquire Reliability Engineering Knowledge
    • Reliability Analysis Methods online course
    • Measurement System Assessment
    • SPC-Process Capability Course
    • Design of Experiments
    • Foundations of RCM online course
    • Quality during Design Journey
    • Reliability Engineering Statistics
    • Quality Engineering Statistics
    • An Introduction to Reliability Engineering
    • Reliability Engineering for Heavy Industry
    • An Introduction to Quality Engineering
    • Process Capability Analysis course
    • Root Cause Analysis and the 8D Corrective Action Process course
    • Return on Investment online course
    • CRE Preparation Online Course
    • Quondam Courses
  • Webinars
    • Upcoming Live Events
  • Calendar
    • Call for Papers Listing
    • Upcoming Webinars
    • Webinar Calendar
  • Login
    • Member Home

by Greg Hutchins Leave a Comment

Why Most ERM Systems Don’t Work

Why Most ERM Systems Don’t Work

Guest Post by Greg Caroll (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

So why don’t most Enterprise Risk Management system work?  Simply, they don’t “manage” risk, they just record it.  Manage is a verb not a noun. It is activity not an item.  Making a list might be adequate for those who want to check off regulatory compliance, but it’s does not produce a ROI.

They don’t manage threats

To manage threats you need to actively monitor risk drivers and influences thru lead and lag KRIs in real time.  Reporting systems aren’t much use if they’re telling you after the event. By the time it shows up on a heat map it’s not a risk, it’s an incident.  Simply moving your risk management from spreadsheets to a cloud risk register does nothing to pursue an active defence against threats.

To create a workable system, you need to take your risk registers, work out what causes those risks to worsen (drivers and influences), and what lead/lag KRI to use to monitor the movement of those drivers and influences.  You then need to set up a real-time system for collecting those KRIs and alerting the appropriate people who can act on the threats immediately.

They don’t tell you HOW it will affect Objectives

The common practice of recording what objectives might be affected by a risk does nothing to assist in achieving or optimizing those objectives.  The real purpose of risk management is to navigate the myriad of influences on the objective’s outcome as they occur, i.e. it is an interactive real-time activity.

Risk Management’s primary purpose in the strategic and tactical planning phase is to identify the best course to market and thereby optimize resources (time and capital).  This requires specifying HOW risks and actions interrelate and compound effect on one another.  This highlights two things.  For ERM to work it must integrate both risk and actions, and it must know HOW variations in either compound effect.

Once these are in place they can easily be used to monitor progress in achieving objectives. Workflows and Issue reporting become inputs to risk drivers and influences which in turn automatically update risks. With a real-time aggregation of risks (roll-up), alerts can be sent to interested parties when the risk threshold of any objective is threatened.

They don’t improve the quality of decision making

By definition complex systems (the business world) are chaotic (see Chaos Theory), where small variations alter outcomes, like the weather and the winner of the Melbourne Cup.  But risk management was never about predicting the future. It’s about providing advice on the effects of possible decision outcomes and being prepare for any adverse effects.

But here’s the real rub.  For ERM to be useful it has to employ Predictive Analytics and machine intelligence.  In my defence, Predictive Analytics doesn’t actually predict the future, it just highlights obscure facts. It provides true decision making collateral on possible opportunities and threats in any scenario, from which “informed decisions” can be made, instead of “gut feel” guesses.  It helps mitigate decision bias and raise ramifications sometimes overlooked in the heat of a problem.

Obviously many ERM systems have numerous other failing, such as a single hierarchy for aggregating or “rolling-up” risks (wouldn’t it be nice if the world was that simple), and not including Incident Management in ERM to create a closed feedback loop, which drives evolution and effectiveness.  But the single most important thing is to use your risk collateral as part of the day-to-day operational decision making and not to just let it stagnate in risk registers being reviewed annually.

Bio:

Greg Carroll 
- Founder & Technical Director, Fast Track Australia Pty Ltd.  Greg Carroll has 30 years’ experience addressing risk management systems in life-and-death environments like the Australian Department of Defence and the Victorian Infectious Diseases Laboratories among others. He has also worked for decades with top tier multinationals like Motorola, Fosters and Serco.

In 1981 he founded Fast Track (www.fasttrack365.com) which specialises in regulatory compliance and enterprise risk management for medium and large organisations. The company deploys enterprise-wide solutions for Quality, Risk, Environmental, OHS, Supplier, and Innovation Management.

Mastering 21st Century Risk Management” which will be available from the www.fasttrack365.com website in a couple of weeks.   Meanwhile a recent Webinar on the topic can be seen at http://www.youtube.com/watch?v=nQoJj6FBxrY&feature=youtu.be in which we show how emerging best practices provide a good picture for how enterprise risk management should look in the 21st century.

Filed Under: Articles, CERM® Risk Insights, on Risk & Safety

About Greg Hutchins

Greg Hutchins PE CERM is the evangelist of Future of Quality: Risk®. He has been involved in quality since 1985 when he set up the first quality program in North America based on Mil Q 9858 for the natural gas industry. Mil Q became ISO 9001 in 1987

He is the author of more than 30 books. ISO 31000: ERM is the best-selling and highest-rated ISO risk book on Amazon (4.8 stars). Value Added Auditing (4th edition) is the first ISO risk-based auditing book.

« Reliability Centered Maintenance — What is it?
Red Alert: Your Culture Is Hurting Your Reliability Efforts »

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

CERM® Risk Insights series Article by Greg Hutchins, Editor and noted guest authors

Join Accendo

Receive information and updates about articles and many other resources offered by Accendo Reliability by becoming a member.

It’s free and only takes a minute.

Join Today

Recent Articles

  • test
  • test
  • test
  • Your Most Important Business Equation
  • Your Suppliers Can Be a Risk to Your Project

© 2025 FMS Reliability · Privacy Policy · Terms of Service · Cookies Policy