Enterprise Risk Management Training Program

An Enterprise Risk Management training program educates the workforce with a universal, base-level understanding of ERM concepts.  This includes: 

  • The language of ERM (e.g., ‘what’s the difference between risk appetite and risk tolerance?’), 
  • Establishing common enterprise “risk factors” into the culture and thinking of the entire organization, and 
  • Applying the theory of “risk factors” into real-life examples that appear in current day headlines from the Penn State Scandal, the Paradise Camp Fire, the Chevy Cobalt Ignition Switch, to the Temple University US News & World Report ranking scandal, and to a drowning at a local swim club.  

Ultimately, the small investment in training management and staff regarding ERM will establish the foundation to properly launch a successful Enterprise Risk Management program.

How To Start An ERM Training Program?

First, you must have the full support of the CEO.  Without clear support from “the top,” your efforts may go nowhere. 

Second, begin to describe your role as the Enterprise Risk Management program leader through less formal conversations with other officers and managers, and seek their initial input into the process to begin training senior leadership. 

Third, seek out the assistance of an Enterprise Risk Management specialist.

An experienced ERM specialist from outside the organization has no preconceived notions, no political agendas, and no ax to grind.  Utilizing a respected Enterprise Risk Management specialist clears the air and ensures the appearance of objectivity and anonymity (when needed), injects candor (when needed), and can address the elephant-in-the-room without the fear of reprisal. 

John McLaughlin – Founder & Executive Director

John McLaughlin leads ERM Exchange and directly services clients in the public, private and non-profit sectors in establishing enterprise risk management programs and training management teams on enterprise risk management.  

Prior to founding ERM Exchange, John established an affiliated governance and controls firm called The Audit Exchange that provides internal auditing, Sarbanes-Oxley, Service Organization Control (“SOC”) report readiness, forensic investigations, and expert testimony in these matters.  John was a partner with several international accounting firms and a Director with PricewaterhouseCoopers’ internal audit and technology audit practices.  Earlier, John served as an Internal Audit Director for Aramark Corporation where he established enterprise risk management training and ERM programs within several business units.  John also served as a controller for a national real estate developer and began his career with two Big 8 accounting firms.

John McLaughlin, Founder & Executive Director of ERM Exchange

He is a CPA in the Commonwealth of Pennsylvania and earned his BS in Accounting from Saint Joseph’s University, Philadelphia. John is a frequent and highly recognized lecturer on a variety of topics relating to corporate governance, risk management, and internal controls. John served as a long-standing member of the International Board of Research & Education Advisors of the Institute of Internal Auditors and served as a member of the Audit and Finance Committees of the Board of Trustees of the Mercy Health System of Philadelphia.  He currently serves on the board of directors of a home care services company.  Besides spending time with his wife and four children, John is an avid reader and enjoys fitness and standup paddleboarding.

The Audit Exchange

ERM Exchange is an affiliated practice of The Audit Exchange which is a business advisory service provider to public, private and non-profit institutions of Sarbanes-Oxley compliance, internal auditing, SOC 1 and 2 report readiness, IT auditing, forensic investigations, and expert testimony in these matters.  Like ERM Exchange, The Audit Exchange provides high-caliber skills and expertise with a substantially lower cost structure when compared to the larger, national firms.

Enterprise Risk Management Training Program FAQs

Why should my organization establish enterprise risk management?

As Deming said, “culture beats strategy” but perhaps what he could have said was “better culture improves strategic outcomes.”  EVERY time ERM Exchange implements enterprise risk management into an organization, the culture, camaraderie and collaboration among team members improve – almost immediately. Organizations that continue to focus on enterprise risk management experience a sustained and rejuvenated culture of collaboration, a greater sensitivity to risk, and a higher enterprise VALUE.

Why should I hire ERM Exchange for my ERM initiative, rather than a large or mid-tier accounting firm?

Wide and deep experience built over three decades in a variety of industries afforded me the opportunity to witness and experience a number of governance, risk, and control failures.  My experience is directly and uniquely applied to the clients I serve and to their distinct circumstances.  Also importantly, my rate structure is substantially lower than all of the national firms.

You were a partner with several large international firms. How involved are you on each client assignment?

I am intimately involved in each client engagement.  ERM Exchange’s service approach is NOT built upon a leveraged staffing model (i.e., utilizing lesser experienced individuals) like most larger accounting and advisory firms.  Rather, ERM Exchange provides each client with the high-caliber experience required to drive value and a high ROI. I directly apply my deep experience with each client team.  My deep involvement allows me to connect the dots and share views with senior executives and the Board.

Will an ERM program expose the weaknesses of my senior management team?

Strategic plans are designed by senior leadership to generate greater enterprise value.   Enterprise Risk Management training programs are designed to link the most important risks and their underlying response strategies with the strategic plan of the organization.  Instituting an ERM training program should endorse the risk response strategies established by management, and perhaps more importantly, identify risk response strategies that are insufficient.  The cause of insufficient response strategies may be rooted in the inabilities of management and staff, but also may be rooted in an insufficient amount of capital or focus, as well as broken processes or inadequate technology.  Ultimately, enterprise risk management enhances senior management’s ability to generate greater enterprise value.