Founded in 1955 in Tinley Park, Illinois, Panduit is the market leader in developing and providing physical network and electrical infrastructure to businesses around the globe. The privately-owned company employs more than 5,000 people, holds approximately 2,000 patents, and counts among its client base approximately 90% of Fortune 100 companies. Still headquartered in Tinley Park, Panduit currently operates out of 112 global locations.
The Development and Launch of Panduit’s ERM Program
In 2018, Panduit’s risk management team — Mark Beres (Director, ERM) and Stan Szudrowicz (Sr. ERM Program Manager) — began designing an ERM program and piloting some of the program’s processes. Using a hybrid framework that is based primarily on ISO 31000 standards and also informed by COSO standards, Beres and Szudrowicz focused on making sure the program would be effective and deliver value to stakeholders — a group comprised of the company’s board of directors, executive team, and the risk owners of functional areas across the organization.
By the beginning of 2019, the program was in place and ready to be taken through its full cycle. An enterprise-wide survey, sent to executive owners and managers, provided input that helped capture the scope of risk across the enterprise and, ultimately, created the organization’s first risk register.
Working from this register, the Panduit team conducted 17 in-person workshops in which they sat down with groups of risk owners to assess impact, likelihood, and management capabilities, score risks, and discuss controls.
ERM Program Success and Administrative Challenges
After taking ERM processes through a complete cycle over the course of 2019 there were definite signs of success. The fundamentals of the program provided the organization with a consistent approach to identifying and managing risks to the business. Involvement on the part of risk owners helped clarify expectations and improved accountability. Beres and Szudrowicz were also able to deliver additional insight to Panduit’s board and executive teams.
Certain challenges were also evident. Foremost among them was the administrative burden that stemmed from the use of multiple software applications — including email, spreadsheets, word processing documents, and slides — to conduct surveys, perform assessments, follow up on assignments, produce risk response plans, and deliver quarterly reports.
"As we were becoming a more trusted partner in the business and getting more requests for our time, it was clear that we’d need additional help with some of the administrative activities.
Adding headcount to the department by hiring an additional analyst was considered. Ultimately, however, the team decided that investing in ERM technology would be a more cost-effective way to support Panduit’s short- and long-term risk management goals.
"Once you get through a few cycles of executing your process, it becomes pretty clear what the priorities are and where you need help.
We were at the point in our program’s maturity where we needed a single source of data, automation, and more visibility. We looked at a technology solution as the additional resource that we needed."
Finding the Right ERM Technology
The risk management team began the search for a system that could support Panduit’s ERM program. They looked for a “fit for purpose” solution and among the features and capabilities of Origami Risk that appealed to the team were the following:
- Configurability. Origami Risk’s flexible ERM solution could be adapted to Panduit’s unique, hybrid framework and scoring models.
- Automated workflows and notifications. The system provided options for automating processes. For example, rather than sending one-off emails, automatic notifications could be set up to alert risk owners about upcoming actions or tasks. Likewise, Beres could set up notifications that informed him when a risk owner submits a risk response plan.
- Integrated data import tool. Although previous use of multiple spreadsheets added a degree of difficulty, the team had used good data management principles. Origami Risk’s easy-to-use data import tool would allow for those files to be uploaded directly into the system, which meant that historical program data would be available for analysis and reporting.
Another factor that influenced the decision was the participation of Origami’s GRC Practice Lead, Brandon Thompson, in some of the company’s internal planning exercises. “This helped him understand our program and to refine the details of the type of system we were looking for,” reports Beres.
“As a result, Brandon was able to really show us where Origami’s ERM solution could make an immediate difference, and just as important, how the system’s flexibility would allow the tool to still be capable of supporting us in five or ten years.”
A Collaborative Implementation in Trying Times
System implementation got underway early in the spring of 2020, just as the pandemic hit the U.S. and forced lockdowns. This did not impact the implementation of the ERM solution. As a SaaS platform, Origami Risk could be set up without the need for on-site installation. And solid business continuity planning in place at Panduit meant that the risk management team and other stakeholders were able to quickly switch over to remote work and meet virtually with Rosie Martinez and other members of Origami’s client service team.
According to Beres, Origami’s collaborative implementation process played a part in helping to further refine elements of Panduit’s ERM program. “Rosie and the implementation team really helped to tease out for us where we could make a few changes to the process here and there to make it more consistent within the system,” says Beres. Following initial implementation, the Origami team helped to facilitate user testing. Beres brought in a number of risk owners to use the system and provide feedback. Over a year later, as risk owners use the system on a continuous basis, small tweaks continue to be made. This is yet another “plus” for the Panduit team.
"Our Origami support team has been there to help us tackle the little things we’ve found here and there. Even those that you can only find after you’re using a system over time in different ways. I’m really happy with the support we’ve received."
The Continued Success of Maturing an ERM Program
Over the first three months of use of Origami, the Panduit risk management team worked with 140 stakeholders from across the organization to assess and prioritize 120 risks. During workshops, participants used the system to help drill down into risks and connect the dots (according to Beres, this was done in approximately half the time similar exercises took prior to Origami being in place).
In addition to streamlining administrative activities through the use of automated email notifications and reminders that display on system dashboards, Beres referred to other benefits stemming from Panduit’s use of Origami Risk:
- Enhanced Risk Ownership. Panduit’s ERM program — and the company’s risk culture, overall — emphasizes accountability. With the data in a single system, barriers to having risk owners “on the risk” are significantly reduced.
- Expanded Self-Service Options. At least in part, accountability is fostered by the options available to risk owners as they work in the system. For example, where they previously felt compelled to “formally” check-in with the Panduit risk management team, risk owners can now log in to the system to provide details about what has changed about a risk over the past month or quarter, review metrics, and see what trends look like.
- Reinforced process consistency. Use of Origami Risk has helped the Panduit risk management team reinforce the consistent execution of ERM program processes. Regardless of a risk owner’s functional area, the steps for engaging with a risk are the same across the board.
"Once risk owners went through processes the first time, they realized how intuitive the system is. Origami reduces the complexity of what we were asking risk owners to do before."
According to Beres, having Origami Risk in place has also improved his team’s responsiveness to requests for support — without the need for additional headcount. Where he once had to spend a portion of each day emailing reminders to risk owners, consolidating data from spreadsheets, and manually calculating scores, he is able to spend more time focused on the team’s strategic priorities.
What’s Next for Panduit and Origami Risk
With support from stakeholders, the Panduit team continues to refine processes and build upon the successes of the company’s ERM program. Origami Risk is playing an important part in the program’s maturation and evolution.
In the near term, the risk management team is working to incorporate risk metrics into risk owner’s dashboards, which will allow for values to be quickly reviewed and, if necessary, adjusted. The team continues to add to the reports available in the system for providing risk intelligence that stakeholders need based on their roles.
“Now, we have this dynamic solution for managing our data, providing reports, and making things simple,” says Beres. “It’s really invaluable to us. It’s both measurable and immeasurable value we’re getting.”
The team will also be adding detailed action plans to the system. These will allow risk owners to quickly see where they stand in relation to defined deadlines and milestones, and give the team the ability to report on the status of action plans across the business.