; Recognize and manage risks

Impact from operations

Recognize & manage risks

In accordance with our commitment to continuous improvement, over the past year we evaluated the effectiveness of our management approach to governance by conducting a formal operational risk assessment that addressed a full range of issues, including safety, our people, subcontractor management and project management, among others. The results of the assessment were incorporated into the formal risk register. Action items to reduce operational risk were identified and approved by the Executive Committee and the Board as part of the annual three-year strategic growth plan and budget.

We exercise judgment with respect to clients and third parties we engage with and the types of work we undertake. We will not work with clients or subcontractors who do not share our commitment to high ethical standards; we have turned down project opportunities because of concerns involving human rights violations and other ethical issues.

We scrutinize opportunities and projects carefully before proceeding and reserve the right to withdraw from a project if business conduct and ethics concerns arise.

We apply similar rigor to the activities of the ERM Foundation and are careful to avoid any potential ethical or compliance concerns associated with those organizations that we support.

Our systems enable ERM employees to confirm quickly that third parties are not on government watch lists for corruption, bribery or human rights violations. We have committed to following the trade sanctions established by the European Union and the United States, as well as the United Nations.

In addition:

  • We continue to conduct geographic corruption risk assessments focused on high-risk areas and encompassing modern slavery risk.
  • We track compliance with mandatory employee training on bribery, anti-corruption and modern slavery. Because it is imperative that newly hired employees are aware of our expectations for business conduct and ethics, we have included this in our FY20 sustainability performance targets.



Subcontractor management

Our Task Force on Critical and Operational Risk Management conducted a systematic review of our subcontractor management systems, process, procedures, governance and safety culture. This helped us understand where there are gaps between what is written down, what is intended, and what is understood and implemented in practice, and the underlying reasons for these gaps.

As part of this, we asked 350 employees from all over the world who regularly use subcontractors for their views and ideas, and we also consulted with a number of subject matter experts who offered their assistance.

The Task Force identified a number of subcontractor-related activities that, if not properly planned and delivered, can result in serious risk to multiple stakeholder groups. In accordance with consolidated Task Force findings, we made several improvements to subcontractor management at ERM, including the launch of a comprehensive subcontractor policy and tools to support the implementation of the policy. Learn more about ERM’s global requirements for suppliers and subcontractors.


Data security

Our first layer of protection is our people. ERM employees understand their responsibilities in protecting both our data and information and that of our clients.

Data stored on ERM computers and systems are secured by multiple defensive layers, and we ensure data is protected in transit. We also back up data regularly to ensure that recovery is possible in the event of a disaster. ERM partners with leading cloud-based providers for its critical services, and we benefit from their inherent robust reliability and user productivity, with security being continuously updated and enhanced.

ERM has developed appropriate policies, processes and procedures as necessary to comply with the EU’s General Data Protection Regulation (GDPR) requirements.