Risk Rotation with Lori Flaherty and Bill Coller of Paychex

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   In this episode, Justin interviews Lori Flaherty and Bill Coller of Paychex about how the ERM Team serves as the "conscience" of Paychex and how it operates within the organization. Some of the topics include winning the RIMS ERM Global Award of Distinction in 2024, structured peer reviews, risk rotation, a strong culture of risk management, interviewing new team members, fostering curiosity, and preparing for mergers and acquisitions. They talk about having the ear of the executive team and promoting a culture of risk management for the entire organization. Listen for tips on presenting to an audience of ERM practitioners.   Key Takeaways: [:01] About RIMS and RIMScast. [:17] About this episode of RIMScast. I'm delighted to be joined by Lori Flaherty and Bill Coller of the ERM Team at Paychex. They won the RIMS Global ERM Award of Distinction in 2024. We're going to talk all about their risk and RM philosophies. But first… [:53] The next RIMS-CRMP-FED Exam Prep with AFERM will be held on December 3rd and 4th. The next RIMS-CRMP Exam Prep with PARIMA will be held on December 4th and 5th. These are virtual courses. [1:10] Links to these courses can be found through the Certifications page of RIMS.org and through this episode's show notes. [1:18] RIMS Virtual Workshops! On November 19th and 20th, Ken Baker will lead the two-day course, "Applying and Integrating ERM." [1:31] "Managing Data for ERM" will be led again by Pat Saporito. That session will start on December 11th. Registration closes on December 10th. RIMS members always enjoy deep discounts on the virtual workshops. [1:46] The full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's notes. [1:59] The RIMS ERM Conference 2025 will be on November 17th and 18th in Seattle, Washington. The agenda is live, and this is the last week to register so click the registration link in this episode's show notes or visit the events page on RIMS.org. [2:16] The RIMS-CRMP Exam Prep will be held on-site, on November 15th and 16th in Seattle. You can learn more by clicking the link in this episode's show notes. [2:29] On with the show! Our guests today are winners of the RIMS Global Award of Distinction in 2024. Bill Coller and Lori Flaherty are past presenters at the RIMS ERM Conference. [2:44] They let us into their thought process a little bit this year in the RIMS ERM Q&A Series, with an interview titled, "Risk Optimized Decision-Making at Paychex." We will expand on that dialog a bit here today on RIMScast, so Let's get to it! [3:03] Interview! Lori Flaherty and Bill Coller, welcome to RIMScast! [3:21] Lori and Bill were winners of the RIMS ERM Global Award of Distinction in 2024, in Boston. [3:42] ERM is a passion for Lori and Bill. Bill says, You have to love it to be in it as long as we've been in it. It's always something new every day. There's always some new challenge that we have to keep our eyes on. [4:07] Lori has been in risk management, in different roles, for a little over 25 years. She has been with Paychex for eight years, leading the ERM Team. [4:31] Bill has been in risk management for over 20 years. He has been in the ERM space for about four years. [4:53] Lori loves the diversity on her team. In an ERM program, you need a diverse team without groupthink. Bill and Lori are not the same at all, and they complement each other. Bill agrees. [5:42] Lori says the whole risk organization at Paychex has more than 800 people, some were added due to the recent acquisition of Paycor. The ERM Team has about 10 people. [6:21] Justin says listeners can learn about the contributions Lori and Bill made during a complex and time-consuming acquisition by checking out the ERM Q&A from 2025, "Risk Optimized Decision-Making at Paychex", by Russ Banham, in this episode's show notes. [6:52] In the interview, Paychex described ERM as acting like the company's conscience. Lori says ERM, a small but mighty team within a large risk organization, may seem challenging to have the ear of leadership, but they have a direct line. [7:25] One of the values as a risk organization, as well as a Paychex organization, is talking about integrity. Integrity is a key cornerstone of the team. The ERM Team remains independent. [7:38] Although the ERM Team reports to the risk organization, where the risk organization sits within the enterprise, this is part of what enables the ERM Team to remain independent. ERM is not transactional or client-facing. [7:55] The ERM Team has strong partnerships with the Enterprise Strategy Team and other key leaders across the enterprise. Leaders count on the ERM Team and reach out to them. Being independent allows the ERM Team to be the conscience of the company. [8:29] Bill says, The ERM Team has several different risk review programs. They always have an actionable remediation plan that comes out of any risk review. They are reporting and remediating any residual risk. [8:54] Before the completion of any program, the ERM Team gains commitment from the risk owner to own the remediation plan. That allows the ERM Team to continually follow up and make sure that the remediation plan is taking form and remediating the risk. [9:19] It's easy when they get that commitment before the end of the program. That sets the stage. Then they follow up. [9:36] Bill says he is going through the process now to hire a new team member. He is looking for someone who has ERM experience. That can be difficult to find. There are a lot of people out there with experience who love the job they have, stay, and continue to build their programs. [10:17] First is true ERM experience. Outside of that, someone with internal audit experience, with the ability to view risks from a data-based perspective, and identify what could happen and how often it could happen, the impact of it happening, and how to mitigate the risk. [10:47] With any interviewing, you have to get the best that you can through many different characteristics and experiences. [10:57] Lori adds, We want someone who complements the diversity and the team. You can teach methodologies, like COSO, internal audit, and business processes. It's hard to teach people to be curious and to think from a risk mindset. [11:36] Those are key skills, no matter the role; certainly for this role. For anyone joining the team, it's that mindset. You need to remain curious. Channel your inner toddler, asking the why. [11:59] Quick Break! The RIMS CRO Certificate Program in Advanced Enterprise Risk Management is our live virtual program led by the famous James Lam. Great news! A third cohort has been announced, from January through March 2026! [12:21] Registration closes January 5th. Enroll now. A link is in this episode's show notes. [12:29] Save the dates March 18th and 19th, 2026, for The RIMS Legislative Summit, which will be held in Washington, D.C. [12:37] Join us in Washington, D.C., for two days of Congressional Meetings, networking, and advocating on behalf of the risk management community. Visit RIMS.org/Advocacy for more information and updates and to register. [12:52] We've got more plugs later. Let's return to our interview with Bill Coller and Lori Flaherty of Paychex! [13:10] Does inquisitiveness enhance the risk culture? Lori says that staying curious is key, especially when looking at remediation, defining risks, thinking about scenarios, and what could go wrong. Being curious opens your mind up to what could be. [13:47] Bill says it's tough to measure a strong risk culture. Bill looks at interactions with key partners across the enterprise. ERM meets with folks across the enterprise very frequently in Key Partnership Meetings. [14:13] The key partners are engaged with ERM, and they're having productive conversations. A lot of the risk programs the ERM Team performs are at the request of those partners. That's one way to measure a strong risk culture: full engagement and asking ERM to perform risk reviews. [14:33] Lori and Bill accepted the award last year, with Frank Fiorille. Lori says Frank is the Chief Risk Officer. He is the VP of Risk for Paychex. Lori and Bill report directly to Frank. He is over all the other risk teams, also. [15:15] Lori and Bill were heavily involved with the Paycor acquisition. Their involvement in the acquisition was critical. If you're in ERM and you're not a part of the M&A process, you should definitely be. It's aligning the strategic objectives of your company. M&A strategy is part of that. [16:13] The ERM Team is involved in the due diligence and the whole process. It's a critical part of your ERM program. [16:31] Bill explains that Risk Rotation is an ERM program. They bring in people from outside of the risk management organization to spend a week with the ERM Team. Since COVID [17:17] The ERM Team shares exactly what they are doing and puts the people through exercises. Bill has a risk scoring exercise. He asks them to bring some risks that they face in their roles. Bill talks about impact, likelihood, and control effectiveness, and makes a heatmap. [17:57] Frequently, after a Risk Rotation, some will ask to participate in a future Risk Review. [19:02] Lori shares tips for presenting at a RIMS conference. Knowing your material and being passionate about the topic are important. A presenter should know the audience. You are the audience. What would you want to know? [19:24] When Lori goes to a session, she wants to know how to practically apply what this means. She wants some takeaways. She wants to know how the presenter is doing it, what's working, and what's not working. Keeping that in mind is super helpful. [19:42] When Lori has presented, she tells them, This is what's worked at Paychex. She can see the audience becoming much more engaged, even in the questions afterward. They're super interested in what worked. [20:30] Justin recalls how Lori was at the 2021 New York ERM Conference and how engaged she was in asking questions of that year's award winners, and what they had to do to win. [21:02] One Final Break! As many of you know, the RIMS ERM Conference 2025 will be held on November 17th and 18th in Seattle, Washington. We recently had ERM Conference Keynote Speaker Dan Chuparkoff on the show. [21:20] He is back, just to deliver a quick message about what you can expect from his keynote about "AI and the Future of Risk." Dan, welcome back to RIMScast! [21:30] Dan says, Greetings, RIMS members and the global risk community! I'm Dan Chuparkoff, AI expert and the CEO of Reinvention Labs. I'm delighted to be your opening keynote on November 17th, at the RIMS ERM Conference 2025 in Seattle, Washington. [21:45] Artificial Intelligence is fueling the next era of work, productivity, and innovation. There are challenges in navigating anything new. This is especially true for risk management, as enterprises adapt to shifting global policies, economic swings, and a new generation of talent. [22:03] We'll have a realistic discussion about the challenges of preparing for the future of AI. To learn more about my keynote, "AI and the Future of Risk Management," and how AI will impact Enterprise Risk Management for you, listen to my episode of RIMScast at RIMS.org/Dan. [22:22] Be sure to register for the RIMS ERM Conference 2025, in Seattle, Washington, on November 17th and 18th, by visiting the Events page on RIMS.org. I look forward to seeing you all there. [22:33] Justin thanks Dan and looks forward to seeing him again on November 17th and hearing all about the future of AI and risk management! [22:41] Let's Return to Our Interview with 2024 RIMS Global ERM Award of Distinction Winners, Lori Flaherty and Bill Coller of Paychex! [22:57] Bill presented at the New York ERM Conference 2021, before he joined the ERM Team. Presenting is a great experience. Knowing your audience is a big part of it. He especially appreciates the questions from the audience. It's wonderful to have an engaged audience. [23:34] If you haven't presented in the past, Bill recommends it. It's a great experience. You just have to know your stuff before you get up there. Feel confident about it. [23:47] Justin advises, Definitely don't wing it! [24:01] Bill is a RIMS-CRMP holder. He has held the designation for about two years. He attended a virtual program to prepare for the test, and it was very beneficial. He had talked with people before and after they certified, who fully recommended it. That prompted him to certify. [24:59] Bill has been in risk management for a long time. It wasn't an easy certification, but he had a good basis to go from. He had to put the time in preparing for it. It felt great to pass. [25:45] Bill also took the James Lam course for CROs. He was in the first cohort. It was a great experience. Learning directly from James is incredible, hearing some of his stories from over the years, and being in a class with other risk professionals, and hearing their stories. [27:17] Lori says that AI is definitely on the Emerging Risk Register at Paychex. It has a very high velocity. The ERM Team has done a number of scenario analyses on the AI side through the years. They just completed another one. [27:36] In addition to AI, there are other emerging risks. Quarterly, the ERM Team issues a Key Risk Profile that highlights the emerging risks on the radar. They plot out all the risks they are monitoring. [28:00] On the radar currently are macroeconomic and geopolitical risks. They are looking at scenarios and repivoting after the election on November 4th. They spent a tremendous amount of time on the geopolitical risk and related macroeconomic impact. It's not going away soon. [28:34] AI is at the forefront. They just had a meeting, going through a scenario analysis on AI impacts. [28:45] Paychex is also leveraging AI. They have a number of tools they are using to build those scenarios. They are looking at controls around the governance structure for AI. It's a disruptor that has a lot of benefits. Disruption can be a great thing! [29:42] Justin asks what mindset they would need for another acquisition of the size of Paycor. Lori says, Stay curious and be involved early. From an ERM perspective, any merger or acquisition is triggered by the strategic objectives of the company.  [30:07] Understand what the goal is. How does this fit into the strategic objectives of the company? Keep your eye on the ball. Often, the other folks in the organization are focused on the details of how to integrate and how to get the deal done. [30:23] It's up to us, as ERM professionals, to keep our eye on the ball. Is this fitting within our risk appetite? Keep your eye on strategic objectives and big-picture risks. [30:36] Bill says curiosity is the biggest characteristic to look for in new team members. Asking questions about why things are happening and why certain things are not happening. And the drive to insert yourself where you need to be to make sure that you're involved and engaged. [31:23] Justin says you've given us a lot to think about, with the ERM Conference coming up on November 17th and 18th. [31:34] The Q&A about Paychex's big win last year is in this interview's show notes. Justin says, It's been a pleasure getting to know you both over the last few years. I look forward to seeing you at another RIMS event. Congratulations again on winning the ERM Award of Distinction. [32:06] Lori says the award is prominently displayed, with a light on it, in the Paychex front lobby. Justin asks for a photo of it displayed to show that it is held in high regard. He says, You both did great. I really appreciate your time. [32:40] Special thanks to Bill Coller and Lori Flaherty of Paychex for joining us today here on RIMScast. A link to their special ERM Q&A Series article, "Risk Optimized Decision-Making at Paychex", is available in this episode's show notes. [33:00] Be sure to look for an upcoming installment of the RIMS-CRMP Stories Series, with Bill Coller, since he is a RIMS-CRMP holder. Congratulations again to them for winning the RIMS ERM Global Award of Distinction in 2024. [33:17] Plug Time! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in the show notes. [33:46] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [34:04] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [34:22] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [34:38] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [34:53] Justin Smulison is the Business Content Manager at RIMS. Please remember to subscribe to RIMScast on your favorite podcasting app. You can email us at Content@RIMS.org. [35:04] Practice good risk management, stay safe, and thank you again for your continuous support!   Links: RIMS ERM Conference 2025 — Nov. 17‒18 | Register Now Pre-ERM Conference RIMS-CRMP-Prep | Onsite in Seattle, November 15‒16, 2025 RIMS-CRO Certificate Program In Advanced Enterprise Risk Management | Jan‒March 2026 Cohort | Led by James Lam RISK PAC | RIMS Advocacy | RIMS Legislative Summit SAVE THE DATE — March 18‒19, 2026 RIMS-Certified Risk Management Professional (RIMS-CRMP) The Strategic and Enterprise Risk Center RIMS Diversity Equity Inclusion Council RIMS Risk Management magazine | Contribute RIMS Now RIMS ERM Q&A Interview with Bill Coller and Lori Flaherty (2025) "RIMS Honors Three Organizations with the 2024 Enterprise Risk Management Global Award of Distinction" Upcoming RIMS Webinars: RIMS.org/Webinars   Upcoming RIMS-CRMP Prep Virtual Workshops: RIMS-CRMP-FED Exam Prep with AFERM Virtual Workshop — December 3‒4 RIMS-CRMP Exam Prep with PARIMA — December 4‒5, 2025 Full RIMS-CRMP Prep Course Schedule "Applying and Integrating ERM" | Nov 19‒20, 2025 | April 4, 2026 "Leveraging Data and Analytics for Continuous Risk Management (Part I)" | Dec 4. See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Related RIMScast Episodes about ERM: "AI and the Future of Risk with Dan Chuparkoff" (RIMS ERM Conference Keynote) "Energizing ERM with Kellee Ann Richards-St. Clair" "Talking ERM: From Geopolitical Whiplash to Leadership Buy-In" with Chrystina Howard of Hub "Shawn Punancy of Delta Flies High With ERM" "Tom Brandt on Growing Your Career and Organization with ERM" "James Lam on ERM, Strategy, and the Modern CRO" "ERM, Retail, and Risk with Jeff Strege" "Bigger Risks with the Texas State Office of Risk Management | Sponsored By Hillwood" "ERMotivation with Carrie Frandsen, RIMS-CRMP" "Live from the ERM Conference 2024 in Boston!" "Risk Quantification Through Value-Based Frameworks"   Sponsored RIMScast Episodes: "The ART of Risk: Rethinking Risk Through Insight, Design, and Innovation" | Sponsored by Alliant (New!) "Mastering ERM: Leveraging Internal and External Risk Factors" | Sponsored by Diligent "Cyberrisk: Preparing Beyond 2025" | Sponsored by Alliant "The New Reality of Risk Engineering: From Code Compliance to Resilience" | Sponsored by AXA XL "Change Management: AI's Role in Loss Control and Property Insurance" | Sponsored by Global Risk Consultants, a TÜV SÜD Company "Demystifying Multinational Fronting Insurance Programs" | Sponsored by Zurich "Understanding Third-Party Litigation Funding" | Sponsored by Zurich "What Risk Managers Can Learn From School Shootings" | Sponsored by Merrill Herzog "Simplifying the Challenges of OSHA Recordkeeping" | Sponsored by Medcor "How Insurance Builds Resilience Against An Active Assailant Attack" | Sponsored by Merrill Herzog "Third-Party and Cyber Risk Management Tips" | Sponsored by Alliant   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS President Kristen Peed!   RIMS Events, Education, and Services: RIMS Risk Maturity Model®   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guest: Lori Flaherty, Paychex Bill Coller, Paychex   Production and engineering provided by Podfly.