Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.

 

In this episode, Justin interviews Lori Flaherty and Bill Coller of Paychex about how the ERM Team serves as the "conscience" of Paychex and how it operates within the organization. Some of the topics include winning the RIMS ERM Global Award of Distinction in 2024, structured peer reviews, risk rotation, a strong culture of risk management, interviewing new team members, fostering curiosity, and preparing for mergers and acquisitions. They talk about having the ear of the executive team and promoting a culture of risk management for the entire organization.

Listen for tips on presenting to an audience of ERM practitioners.

 

Key Takeaways:

[:01] About RIMS and RIMScast.

[:17] About this episode of RIMScast. I'm delighted to be joined by Lori Flaherty and Bill Coller of the ERM Team at Paychex. They won the RIMS Global ERM Award of Distinction in 2024. We're going to talk all about their risk and RM philosophies. But first…

[:53] The next RIMS-CRMP-FED Exam Prep with AFERM will be held on December 3rd and 4th. The next RIMS-CRMP Exam Prep with PARIMA will be held on December 4th and 5th. These are virtual courses.

[1:10 ] Links to these courses can be found through the Certifications page of RIMS.org and through this episode's show notes.

[1:18 ] RIMS Virtual Workshops! On November 19th and 20th, Ken Baker will lead the two-day course, "Applying and Integrating ERM."

[1:31 ] "Managing Data for ERM" will be led again by Pat Saporito. That session will start on December 11th. Registration closes on December 10th. RIMS members always enjoy deep discounts on the virtual workshops.

[1:46 ] The full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's notes.

[1:59 ] The RIMS ERM Conference 2025 will be on November 17th and 18th in Seattle, Washington. The agenda is live, and this is the last week to register so click the registration link in this episode's show notes or visit the events page on RIMS.org.

[2:16 ] The RIMS-CRMP Exam Prep will be held on-site, on November 15th and 16th in Seattle. You can learn more by clicking the link in this episode's show notes.

[2:29 ] On with the show! Our guests today are winners of the RIMS Global Award of Distinction in 2024. Bill Coller and Lori Flaherty are past presenters at the RIMS ERM Conference.

[2:44 ] They let us into their thought process a little bit this year in the RIMS ERM Q&A Series, with an interview titled, "Risk Optimized Decision-Making at Paychex." We will expand on that dialog a bit here today on RIMScast, so Let's get to it!

[3:03 ] Interview! Lori Flaherty and Bill Coller, welcome to RIMScast!

[3:21 ] Lori and Bill were winners of the RIMS ERM Global Award of Distinction in 2024, in Boston.

[3:42 ] ERM is a passion for Lori and Bill. Bill says, You have to love it to be in it as long as we've been in it. It's always something new every day. There's always some new challenge that we have to keep our eyes on.

[4:07 ] Lori has been in risk management, in different roles, for a little over 25 years. She has been with Paychex for eight years, leading the ERM Team.

[4:31 ] Bill has been in risk management for over 20 years. He has been in the ERM space for about four years.

[4:53 ] Lori loves the diversity on her team. In an ERM program, you need a diverse team without groupthink. Bill and Lori are not the same at all, and they complement each other. Bill agrees.

[5:42 ] Lori says the whole risk organization at Paychex has more than 800 people, some were added due to the recent acquisition of Paycor. The ERM Team has about 10 people.

[6:21 ] Justin says listeners can learn about the contributions Lori and Bill made during a complex and time-consuming acquisition by checking out the ERM Q&A from 2025, "Risk Optimized Decision-Making at Paychex", by Russ Banham, in this episode's show notes.

[6:52 ] In the interview, Paychex described ERM as acting like the company's conscience. Lori says ERM, a small but mighty team within a large risk organization, may seem challenging to have the ear of leadership, but they have a direct line.

[7:25 ] One of the values as a risk organization, as well as a Paychex organization, is talking about integrity. Integrity is a key cornerstone of the team. The ERM Team remains independent.

[7:38 ] Although the ERM Team reports to the risk organization, where the risk organization sits within the enterprise, this is part of what enables the ERM Team to remain independent. ERM is not transactional or client-facing.

[7:55 ] The ERM Team has strong partnerships with the Enterprise Strategy Team and other key leaders across the enterprise. Leaders count on the ERM Team and reach out to them. Being independent allows the ERM Team to be the conscience of the company.

[8:29 ] Bill says, The ERM Team has several different risk review programs. They always have an actionable remediation plan that comes out of any risk review. They are reporting and remediating any residual risk.

[8:54 ] Before the completion of any program, the ERM Team gains commitment from the risk owner to own the remediation plan. That allows the ERM Team to continually follow up and make sure that the remediation plan is taking form and remediating the risk.

[9:19 ] It's easy when they get that commitment before the end of the program. That sets the stage. Then they follow up.

[9:36 ] Bill says he is going through the process now to hire a new team member. He is looking for someone who has ERM experience. That can be difficult to find. There are a lot of people out there with experience who love the job they have, stay, and continue to build their programs.

[10:17 ] First is true ERM experience. Outside of that, someone with internal audit experience, with the ability to view risks from a data-based perspective, and identify what could happen and how often it could happen, the impact of it happening, and how to mitigate the risk.

[10:47 ] With any interviewing, you have to get the best that you can through many different characteristics and experiences.

[10:57 ] Lori adds, We want someone who complements the diversity and the team. You can teach methodologies, like COSO, internal audit, and business processes. It's hard to teach people to be curious and to think from a risk mindset.

[11:36 ] Those are key skills, no matter the role; certainly for this role. For anyone joining the team, it's that mindset. You need to remain curious. Channel your inner toddler, asking the why.

[11:59 ] Quick Break! The RIMS CRO Certificate Program in Advanced Enterprise Risk Management is our live virtual program led by the famous James Lam. Great news! A third cohort has been announced, from January through March 2026!

[12:21 ] Registration closes January 5th. Enroll now. A link is in this episode's show notes.

[12:29 ] Save the dates March 18th and 19th, 2026, for The RIMS Legislative Summit, which will be held in Washington, D.C.

[12:37 ] Join us in Washington, D.C., for two days of Congressional Meetings, networking, and advocating on behalf of the risk management community. Visit RIMS.org/Advocacy for more information and updates and to register.

[12:52 ] We've got more plugs later. Let's return to our interview with Bill Coller and Lori Flaherty of Paychex!

[13:10 ] Does inquisitiveness enhance the risk culture? Lori says that staying curious is key, especially when looking at remediation, defining risks, thinking about scenarios, and what could go wrong. Being curious opens your mind up to what could be.

[13:47 ] Bill says it's tough to measure a strong risk culture. Bill looks at interactions with key partners across the enterprise. ERM meets with folks across the enterprise very frequently in Key Partnership Meetings.

[14:13 ] The key partners are engaged with ERM, and they're having productive conversations. A lot of the risk programs the ERM Team performs are at the request of those partners. That's one way to measure a strong risk culture: full engagement and asking ERM to perform risk reviews.

[14:33 ] Lori and Bill accepted the award last year, with Frank Fiorille. Lori says Frank is the Chief Risk Officer. He is the VP of Risk for Paychex. Lori and Bill report directly to Frank. He is over all the other risk teams, also.

[15:15 ] Lori and Bill were heavily involved with the Paycor acquisition. Their involvement in the acquisition was critical. If you're in ERM and you're not a part of the M&A process, you should definitely be. It's aligning the strategic objectives of your company. M&A strategy is part of that.

[16:13 ] The ERM Team is involved in the due diligence and the whole process. It's a critical part of your ERM program.

<p dir=