INTUIT'S ERM JOURNEY
Like most companies, Intuit's enterprise risk management (ERM) journey began with the practice of risk management on an ad hoc basis. Organized efforts came into play only when a significant problem occurred. Problems identified were primarily operational in nature and were defined narrowly to the specific issue. Well-intentioned and committed teams would attack the problem, stopping everything to focus on and solve the problem. These teams would produce long lists of issues and potential mitigation steps – some significant and some minor – to be addressed. Once the immediate problem was solved, it was back to business as usual. This ad hoc approach was not only extremely inefficient but was also not producing a lasting framework that would allow risks to be managed intelligently. In 2009 Intuit established the foundation of the ERM program that is in place today. This foundation included an enterprise-wide common risk framework, annual assessment cycle, and integration into the strategic planning process.
At Intuit, our ERM program has focused not simply on building a process but on building a sustainable risk management capability. Process is a necessary component, but process alone will not build the capability; it will not ensure that risk management is an integral part of how the company operates. Establishing operating mechanisms, practices, and processes that can be maintained well into the future and drive continuous focus on risk management was an important first step. Once the process was solidly in place, focus shifted to building risk management capability. Robust processes for identifying risk, assessing risk, and monitoring risk management progress helped our business leaders to develop and implement risk management activities as part of the normal operating processes of the company instead of reacting to risk on an ad hoc basis. This regular rhythm of risk management has built a strong risk management capability across the company.
Underlying Intuit's ERM program are some core principles that have brought Intuit's program to the leadership level it is at today.
• A common risk framework enterprise-wide.
The establishment of a common risk framework has enabled business leaders to speak about risks with a common language despite the differences in business lines.
• Assessing risks on an ongoing basis.
A constant lens on the risk landscape increases agility to adapt to changes in our business and the environment in which we operate.
• Focusing on the most significant risks.
Targeting attention and resources on those risks with the greatest impact on Intuit's growth, product delivery, and operations drives progress.
• Clearly defined ownership and accountability for risk management.
With appropriate oversight from the board and executive management, ownership and accountability for managing risk are the responsibility of business leaders across the company, thereby aligning ownership with leaders who are driving Intuit's growth strategy and operational priorities.
• Performance measurement and monitoring.
Continuously monitoring performance drives progress in risk mitigation and continuously strengthens risk management capability.
Intuit's ERM program provides our business leaders with an understanding of current and emerging risks providing insights that inform strategic decisions. Each year the journey has continued to increase the level of risk intelligence across the company by building risk management strength and continuously measuring risk management effectiveness.