RIMScast: ERMotivation with Carrie Frandsen, RIMS-CRMP

ERMotivation with Carrie Frandsen, RIMS-CRMP

Dec 17, 2024

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.

In this episode, Justin interviews Carrie Frandsen, the ERM Director of the University of California and a RIMS-CRMP Commissioner. Justin and Carrie discuss all things ERM. In particular, Carrie explains the purposes of ERM, what constitutes success in an ERM Program, and how to start an effective ERM Program in your organization.

Listen for ideas on fitting ERM into your organization’s daily processes and decision-making, with resources to set you on the path to ERM success.

Key Takeaways:

[:01] About RIMS.

[:14] Public registration for RISKWORLD 2025 is now open! RIMS wants you to engage today and embrace tomorrow in Chicago from May 4th through May 7th! Register at RIMS.org/RISKWORLD and the link in this episode’s notes.

[:30] About this episode, coming to you from RIMS headquarters in New York. We will be joined by Carrie Frandsen, for some ERM motivation. She is the system-wide ERM Director for the University of California and a RIMS CRMP Commissioner.

[:58] The next RIMS-CRMP Exam Prep Virtual Workshop will be held on December 17th and 18th.

[1:09] On February 19th and 20th, there is a two-day virtual workshop for the RIMS-CRMP led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year.

[1:27] The next RIMS-CRMP-FED Exam Course will be held from February 4th through the 6th, 2025. Links to these courses can be found on the Certification page of RIMS.org and through this episode’s show notes.

[1:42] RIMS Virtual Workshops! Gail Kiyomura of The ART of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025.

[1:57] We’ve got ERM on our minds. On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito, starting on March 12th, 2025.

[2:18] A link to the full schedule of virtual workshops can be found through the RIMS.org/education/online-learning pages. A link is also in this episode’s show notes.

[2:29] Interview! Our guest today is one of the most enthusiastic people I know on the topic of ERM! She is Carrie Frandsen, the system-wide ERM Director of the University of California. She’s also a RIMS CRMP Commissioner.

[2:48] Carrie is here to talk about all things ERM. Whether you want to build a program from the start or you want to enhance an existing program, this is the mind that you want to tap into! We are thrilled that she’s here. Let’s get to it!

[3:03] Carrie Frandsen, Welcome to RIMScast!

[3:13] Carrie says she is a true ERM geek! With enterprise risk management you need the ability to think organization-wide.

[3:25] Not just to think organization-wide but you need to be able to think about the world and how things that are changing in the world, like politics, economics, and sociological changes, impact your organization. Then you have to get other people excited about that.

[3:42] You need to be able to partner with people inside your organization, like internal audit, compliance, and health and safety, all the different groups that are second-line, and help them get excited about building an enterprise-wide view of risks across the organization.

[4:03] Once you’ve got your second line of defense, you can build that risk committee to democratize risks across the organization. Everybody can see the risks in their silo and how things impact each other across different units.

[4:36] Carrie says the primary goal of enterprise risk management is to enhance an organization’s ability to anticipate and mitigate risks effectively while maximizing those opportunities for value creation.

[4:49] ERM helps organizations make more risk-informed decisions. It helps improve resilience and removes obstacles to achieving strategic objectives.

[5:06] ERM is part of the governance and management of an organization. Know what could impact you from outside the organization as well as things that are changing in your policies, procedures, and processes. Make sure those are effective to continue achieving your objectives.

[5:37] ERM can provide an early warning on risks and the effectiveness of controls. When you’re using ERM in decision-making, it can help you to challenge assumptions before decisions are made. It can help you to set the frame for the decision and help you consider the alternatives.

[6:02] ERM can help you ensure that appropriate actions are taken to reduce your risks. It helps the organization to learn and adapt.

[6:14] Healthcare organizations do root cause analysis, a good risk assessment technique to figure out how to make negative outcomes not happen again. There are a lot of risk assessment techniques that can help you, depending on the situation your organization is working on.

[6:42] Culture is how things are done. A risk-aware culture is essential for a successful ERM implementation. It fosters an environment where risk is openly discussed and employees feel comfortable in identifying and reporting potential risks without fear of repercussions.

[7:08] This allows organizations to address issues proactively before they escalate. If you have a risk-aware culture, risks and risk assessments are integrated into decision-making and risk is considered at all levels of decision-making from strategic planning to operational activities.

[7:29] This helps to ensure that risk is a key factor in every management decision. Employees can take ownership of risk management.

[7:38] The University of California has a motto: “ERM means Everyone’s a Risk Manager.” Individuals doing their day-to-day work in their area of expertise are the ones who know best what their risks are and how to manage their risks.

[7:58] Our role as risk managers is to support these employees by giving them training in ERM, and risk assessment tools, and letting them talk to other people about risks that may impact them that aren’t in their area. That distributed approach enhances the effectiveness of ERM.

[8:18] A risk-aware culture promotes continuous learning where lessons from past incidents are shared and used to improve future risk management practices.

[8:36] At the top level of ERM are the board and leadership. They set the tone for the organization’s risk culture. They need to understand the dynamic risk environment in which the organization operates. They need to know of rising risks so they can make good decisions.

[9:06] At the day-to-day level, where the work happens, is the risk owner. That’s the person with the accountability and authority to manage that risk.

[9:18] The business unit level is where risk management and control processes take place. An organization’s risk is inseparably connected to its objectives. The responsibility for managing risk can’t lie with anyone other than the person who’s responsible for achieving those objectives.

[9:36] Good risk management is everybody’s responsibility. What does the Risk Manager do? The risk leader provides the infrastructure, tools, coaching, leadership, and resources.

[10:08] Resources can be anything from software to workshops to all sorts of things to help people identify, manage, monitor, and report on the risks.

[10:20] Risk managers can champion a risk-intelligent culture across the organization. Risk-intelligent culture is a term coined by Deloitte in a white paper.

[10:46] Risk managers are the ones who champion the integration of ERM into existing policies, structures, and processes. They get the risk committees going, they make sure that the issues get escalated to leadership, and that policies, procedures, and controls are improved.

[11:07] Risk Managers facilitate proactive risk thinking. They conduct risk sensing and report on emerging risks. An ERM person is a generalist. They don’t manage a particular area but check in with everybody about rising risks and report that information. They have people tracking risks.

[11:55] We have a new political landscape and changes in society. There are always new health issues arising. As long as there’s somebody in an organization paying attention to conditions, the ERM person’s role is to make sure those things get considered at the leadership level.

[12:19] A Risk Manager can provide a structured discipline for the consideration of risk in decision-making. They can lead risk workshops. They can make sure a risk-assessment process is built into regular management meetings. They can support risk-mitigation activities.

[12:46] Risk Managers can support mechanisms to provide timely risk information to decision-makers.

[12:54] Plug Time! RIMS Webinars! Hub International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”.

[13:14] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members.

[13:25] RIMS is now accepting nominations for all awards other than Risk Manager of the Year 2025. The submission deadline is Monday, January 6th, 2025. To receive a RIMS award, all winners must be active members and in good standing.

[13:45] These awards are the Diversity, Equity, and Inclusion Chapter Leadership Award, the Harry and Dorothy Goodell Award, the Volunteer of the Year “Heart of RIMS” Award, the Richard W. Bland Memorial Award, the Chapter of the Year Award, the Rising Risk Professional Award, the Risk Management Hall of Fame, and the Cristy Award.

[14:23] You can find more information about the awards through the About Us page of RIMS.org or the link in this interview’s show notes.

[14:31] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode’s show notes.

[14:43] Back to the Interview about all things ERM with Carrie Frandsen!

[15:01] For ERM success, you need to have a framework for taking the steps to integrate risk management more into your existing activities and functions. Organizations are already managing risk. ERM gets more people to consider and talk about risk in their decision-making.

[15:34] ERM success factors include strong leadership buy-in, a culture of risk awareness, and open communication.

[15:45] When you’re getting started, you want to develop a clear ERM vision. Start where you are and build your business case and your implementation roadmap.

[15:58] Your implementation roadmap starts with a gap analysis between what you are doing well with risk management and where you can make improvements. The vision is what you see in five years of doing X.

[16:17] Based on those areas where you want to improve your ERM approach, you build your business case and lay out your implementation roadmap. Bring it to your leadership and that improves your leadership buy-in.

[16:32] Then you need to define your enterprise risk management roles and accountabilities. They’re often straightforward. The person in charge of an area is the risk owner of that area. Just take the time to define those roles.

[16:50] Sometimes when you map out risk accountabilities, you see that for some enterprise risks, there’s not one person who’s responsible for it because it covers a few areas or reaches across the whole organization.

[17:08] The pandemic was a good example of that. It doesn’t fit in any one area of responsibility. Building accountability for things that go across areas is always a challenge.

[17:21] Consider how you will develop your risk assessment and mitigation resources for risk owners. What are they already doing and what tools do they need? That’s where you engage those risk owners and work directly with them to provide them with resources.

[17:40] Make ERM an integral part of your operational processes and decision-making. Look at your existing processes and meetings to see where you can build risk assessment into them. You can’t be everywhere. You want to build that in as a normal part of processes.

[18:04] Ensure that the organization and its people are regularly monitoring risks and learning from those experiences.

[18:21] As you get started with ERM, get your hands on some material and read about enterprise risk management. Get some familiarity with it. You want to become a trusted advisor and be that ERM expert as much as you can.

[18:44] To begin doing ERM, engage leadership, risk owners, and your second line of defense. Start doing your gap analysis which starts with conversations. Ask leadership what they hope and expect from enterprise risk management.

[19:03] When talking with leadership, you generally want to work to become a trusted advisor. You want to focus on the biggest risks. Ask people what they care about and what they’re working on. That will help inform assessing your organization’s current ERM capabilities.

[19:24] In your ERM plan, figure out how to integrate ERM into strategic decision-making and everyday management actions. Identify where, when, and how, key decisions are made. Work to embed risk assessment into those decision-making activities.

[19:47] Carrie suggests using a decision quality chain. Form a risk committee. Risk committees facilitate the identification, analysis, and mitigation of risks. You want people that are at the director level and the same reporting level.

[20:09] You want a representative from every area for an enterprise-wide view. You want a good forum where people can bring up their issues or concerns, build a shared understanding of the organization’s risks, and provide recommendations to leadership on significant issues.

[20:35] Effective risk governance depends on timely and relevant risk information so your exposures can be monitored and managed. Information needs to be communicated to the right people at the right time and in the right ways for people to make risk-informed decisions.

[21:02] Carrie recommends using new ERM material. In addition to ISO 31000, ISO recently published Risk Management — A Practical Guide that helps with the steps of implementing ERM. Norman Marks has a helpful blog and wrote a book, World-Class Risk Management.

[21:43] Carrie used World-Class Risk Management as an assignment in her ERM Certificate program classes through UCLA Extension. She teaches the first two classes, The Foundations of Enterprise Risk Management, and The Designing and Implementing an ERM Program.

[22:16] Carrie’s partner Carol teaches the Advanced Techniques class.

[22:33] The ERM Certificate Program aligns with the RIMS-CRMP so that once you’ve taken all the classes, you’re well-positioned to sit for and pass the RIMS-CRMP.

[22:47] Special thanks to Carrie Frandsen for joining us. A link to her ERM Q&A interview from 2021 is in this episode’s show notes. Many of the resources she mentioned are in the show notes as well as links to RIMScast and RIMS Risk Management Magazine coverage of ERM.

[23:11] As always, visit RIMS Risk Management Magazine at RMMagazine.com.

[23:17] Next week, our 2024 Finale will feature an interview with the editors of RIMS Risk Management Magazine, Morgan O’Rourke and Hillary Tuttle.

[23:26] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let’s collaborate and help you reach them! Contact pd@rims.org for more information.

[24:13] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information.

[24:32] Risk Knowledge is the RIMS searchable content library that provides relevant information for today’s risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more.

[24:48] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management.

[25:03] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org.

[25:11] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!

Mentioned in this Episode:

RIMS DEI Council

RIMS-Certified Risk Management Professional (RIMS-CRMP)

RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla!

Nominations open for RIMS 2025 Awards! (Through Jan. 6, 2025)

Nominations for the Donald M. Stuart Award

“ERM Q&A with Carrie Frandsen: ERM at the University of California System”

RIMS Webinars:

RIMS.org/Webinars

“Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025

Upcoming Virtual Workshops:

“Stay Competitive with the RIMS-CRMP” | Presented by the RIMS Greater Bluegrass Chapter