THE BEGINNINGS OF THE RISK MANAGEMENT JOURNEY
BCLC began its enterprise risk management journey in 2003 with the initiation of an Enterprise-wide Risk & Opportunity Management (EROM) initiative. The impetus for the initiative was twofold – the 2002 inclusion of risk management in the British Columbia Treasury Board's Core Policy and Procedures Manual and BCLC's head of Audit Services championing the need for enterprise risk management (ERM).
As a first step, an external consulting firm was contracted to undertake an enterprise-wide risk assessment and to support the Internal Audit team in developing the skills and resources to manage the new ERM program. Interviews and facilitated workshops at management and executive levels were conducted, a risk dictionary was constructed, and the highest risks were identified. The assessment focused on inherent risk compared with an evaluation of management effectiveness to produce a gap analysis, and there was also a discussion around risk tolerance. A final report was produced (Deloitte and Touche 2003), and advice was also provided on potential next steps for the program.
Although the EROM initiative was well received, financial constraints put a hold on the subsequent business case. As a result, the plan to take the program forward through the appointment of a dedicated risk manager and funding for training of a number of risk champions was not implemented at that time.
LEARNING FROM THE FIRST ERM INITIATIVE
The initial assessment provided a strong starting point for the BCLC ERM program, but even though the engagement was originally intended to be the first part of a longer-term initiative, there was insufficient impetus to put the program into operation in the face of competing priorities. This is not an unusual outcome, as although using a consultant to kick-start programs can leverage experience and expertise that organizations may not otherwise have access to, using an external party contracted for a defined period of time can also lead to a project type approach, where the focus is more on getting the risk assessment completed and less on longer-term implementation. In addition, it may be easier to source short-term consultancy fees than it is to obtain longer-term resourcing commitments.
Another issue can arise where consultants bring in defined methodologies that do not easily fit with the organization's normal approach to decision making or where participants do not understand the underlying process, and so do not fully endorse and own the outcome. To overcome this issue, the consultants worked closely with the BCLC Internal Audit team with part of the stated purpose of the engagement being to build risk management expertise within BCLC.