The Exchange Community day 2: A focus on setting your focus

the exchange community blog day 2
September 8, 2016
The fifth annual Wdesk user conference is underway in San Diego, and this week we've got a special guest contributor taking over the blog, giving us live updates from the conference. Please welcome Matt Kelly, Editor and CEO of Radical Compliance, to

Live from The Exchange Community 2016: San Diego day 2

The show-stopper session for day 2 of TEC 2016 was by Carey Lohrenz, the first female fighter pilot for the U.S. Navy. She gave an excellent keynote presentation Thursday morning about achieving high performance.

Much to my surprise, however, Lohrenz’ comments also struck lots of chords with another conference session that preceded her: a small breakfast roundtable on enterprise risk management.

How does a fighter pilot’s motivational talk tie back to launching enterprise risk management (ERM) programs? Let’s start with the pilot.

Lohrenz described a working environment for fighter pilots that falls on the far side of hair-raising. Navy pilots go from 0 to 200 mph in less than 2 seconds when launching off an aircraft carrier; and they endure acceleration forces anywhere from 4 to 8 Gs, forcing the blood to drain from their heads; and they have roughly 350 instruments in the cockpit (along with multiple radios) sending them information simultaneously. Then they have to fulfill a mission plan that may involve combat and land the jet on an unstable, moving surface where failure can get them killed.

The keys to success in such a chaotic environment, Lohrenz said—where anything other than high performance simply isn’t suitable for the job—are teamwork and focus. Still, even teamwork on an aircraft carrier is challenging because crew members rotate through an aircraft carrier so quickly: 50 percent of a carrier’s standard 5,000-person crew turn over every nine months.

So ultimately, the real secret to success in that world is focus—everyone must know exactly what the objective is.

Thankfully, Lohrenz said, the clarity of objective on an aircraft carrier is easy: the safe launch and return of fighter jets. That’s it. Whether the crew is doing laundry detail 17 levels below deck, stocking supplies in sick bay, or mopping the landing deck—every person knows that his or her work must support the safe operation of the jets.

Then Lohrenz pivoted her talk back to the audience: Does everyone at your company know what its objectives are? “Would everyone have the same answer to the question, ‘What’s our purpose here?’” she asked. “If not, that’s a great leadership opportunity for you.”

That’s when I started making connections back to the ERM roundtable an hour before.

Stumbling into ERM

The great misconception about enterprise risk management today is that ERM is a new thing that companies only now are trying to adopt. It isn’t new. Companies have been managing risk since time immemorial. Most of them just didn’t manage their risks in any structured, formal manner.

Now we do have the technology to try ERM in that more structured approach. It’s a superb opportunity for compliance officers to apply your SOX or financial compliance experience to a much more complex risk environment.

So how do you do it? How do you succeed personally—because, let’s face it, this is an excellent career opportunity—and how do you get the whole company to succeed at ERM organizationally?

Start by applying Lohrenz’ dictum on focus.

Obviously a corporation will have several objectives rather than an aircraft carrier’s one. Still, the business must articulate what its objectives actually are. Employees have to know what the company wants to do. To this day, I’m surprised at how many companies struggle with that goal.

At the ERM breakfast, guest speaker Joseph DeVita (lead partner in the GRC technology practice for PwC) said enterprise risk management “drives efficiency and clarity of risks.” He’s correct, but think about the implication there. You cannot have clarity of risk until you have clarity of objective. Only when the company sets its objectives can you begin to assess the risks to achieving them, and then put controls in place to reduce those risks.

I would even go further than DeVita, and argue that this is why COSO has proposed a new ERM framework that replaces “risk tolerance” with “acceptable variation of performance.” A performance goal is an objective. Once you put it that way, ERM is more about building processes to detect when you might not hit your objective and prevent that from happening.

That’s how an organization can unclutter its thinking—to have better success with ERM or any performance goals, really. So how can a compliance professional apply the same principles personally?

Achieving personal success at ERM

The biggest challenge with ERM is that most business units simply don’t want to bother with it. They don’t see the value, they don’t understand the acronyms, and they don’t want to try something new. Lohrenz took that argument head-on.

“Fear of failure is one of the most universally paralyzing things we all suffer from,” she said. “When we’re afraid to fail, we pass up valuable opportunities simply because we’re afraid, and the vast majority of us underestimate our ability to recover from failure. So we play it safe.”

Anyone who champions ERM processes to other parts of the business is going to encounter that fear of failure—and if your senior leaders aren’t fully supportive of the effort, willing to start with incremental efforts that might need reboots and restarts, that fear won’t be misplaced. So as DeVita said, it starts with governance. The company must be clear in its objectives for the business overall, and for enterprise risk management it wants to help improve performance.

Then will come cynical response No. 2. “If you’re introducing something new to a system or a group who says, ‘This is the way we’ve always done it,’ there’s going be some resistance,” Lohrenz said. “Your job is to figure out how to meet them where they are and bring them on a path that’s a different journey for them.”

Frame ERM as a tool to improve business performance, and you’re much closer to meeting them where they are, winning them over, and succeeding.

Matt Kelly

About the author

Matt Kelly is an independent compliance consultant who studies corporate compliance, governance, and risk management issues. He maintains a blog,, where he shares his thoughts on business issues and speaks on compliance, governance, and risk topics frequently. Kelly was named as "Rising Star of Corporate Governance" by the Millstein Center for Corporate Governance in the inaugural class of 2008 and named to Ethisphere’s "Most Influential in Business Ethics" list in 2011 (no. 91) and 2013 (no. 77). Kelly previously was editor of Compliance Week, a newsletter on corporate compliance, from 2006 through 2015. He lives in Boston, Mass., and can be reached at or on Twitter at @compliancememe.