Lessons Learned: Understanding Corporate Culture
The ERM implementation at General Motors has enjoyed great success for several reasons: There has been excellent support from the CEO and senior management; we have a strong, knowledgeable, and highly engaged ERM team and risk officer organization that touches every part of the business; and we have been able to garner proactive involvement through understanding and properly leveraging corporate culture.
We recognized early on that we would need to ensure that the ERM environment at General Motors was an open forum where people could share freely. In fact, the importance of objectivity and transparency cannot be understated in terms of the success of any ERM program. Perhaps it is attributable to human nature, but we found in the past that people had a tendency to identify a problem and keep it to themselves while they tried to resolve or address it, rather than putting it on the table for discussion. As this was not the culture that we wanted in the ERM program, we reduced the probability that this would occur by selecting the right people to lead by example.
We looked for several specific traits when selecting our risk officers:
• High potential executives and leaders
• Strong business experience and good financial acumen, including strong technical expertise in the region/function of responsibility
• Superior communication skills; unafraid to speak up and discuss issues openly
• Big picture thinkers
Exhibit 34.3 Five-Point Scale
• The ability to reach across the organization and provide outstanding support to the top-line executive they represent
To the extent that we had any concerns regarding the ability of participants to be objective and transparent, we were able to largely avoid these issues by seeking out and selecting the right risk officer team members. The team has been highly engaged, and we are beginning to see evidence of this culture spreading through their various areas of accountability. We are now at the point where our services are often on a "pull" rather than "push" basis, which has been very rewarding to achieve.
My role as a risk officer is to look across the product development enterprise, and identify risks which are systemic that we may already be addressing, but I am taking a look to make sure that the risk is sufficiently addressed. Or, in the case of where it is a new technology or a new risk, working with the owner to take a look from a strategic perspective. What can they do more? What can they do better in terms of addressing the risk? Are they engaging all of the cross-functional groups?
Do they really understand the societal impacts of the technology they are putting in place? As engineers, we tend to think about F = MA, but this is about expanding the scope a little bit more so that we take it at a holistic level.
The ERM program gets quite a bit of support from senior leadership. We regularly review the status of our projects with leadership and we also seek advice and guidance from them on where they see risks in the enterprise that we might not otherwise be addressing in our regular channels.
– Katherine Johnson, Director, Global Product Development,
General Motors, October 2012
Exhibit 34.4 Heat Map
We also understood that our risk officers came from various functional and regional positions, and would not necessarily be experts in risk management. As a result, we created an orientation/training for risk officers that was very well received. Once the first two individuals were given the orientation we did not have to contact anyone else to take it, as word quickly spread because it was seen as value-added and good use of their time. Risk officers contacted us to ask for the orientation, and this positively impacted the engagement of our program participants.
It was during these orientations that we learned more about various micro cultures in the company. One of the slides in the orientation talked about various risk management techniques: to avoid, accept, reduce, or transfer risk. Early on, as we explained the slide to one risk officer – that there are many ways to deal with risk – he had an insightful comment: "You know, I am really glad that you are implementing this program. Some think that risk is bad and you have to eliminate it 100 percent."
The orientation sessions provided an environment for healthy discussions about risk being ubiquitous and therefore always a part of doing business. We stressed that the intention of this program was to manage risk, not attempt to eliminate all risk. To reinforce this, we discussed different ways to deal with identified risks, including accepting them. Going forward, we verbally included these points with every risk officer orientation. This was another means for us to support the transparency and objectivity we sought – people would not feel comfortable talking about risks openly if they thought there was a corporate culture that mandated all risk was to be eliminated.
Our orientation session also included discussions about our risk templates (see Exhibit 34.5). While companies, including General Motors, seem to embrace the use of red-yellow-green-colored charts, the problem of course is that the use of red is often associated with a failure or poor result. We were concerned, given the prior comments, that people might not adequately assess their risks if they believed the point of the program was to make everything green on the charts. At one of our risk officer meetings, a risk officer presented a chart showing a key risk that was rated with an orange color, both before and after mitigation efforts. We took time in the meeting to point this out – that some risks "are what they are" – and there is only so much we can do to be prepared. The point is not to get the risk to be rated green, but to assess it accurately for what it is, and to ensure that we are prepared and doing everything we reasonably can to deal with it.
-  F = MA stands for the basic equation of mechanics: Force = Mass x Acceleration.