I often receive inquiries from companies who have launched an Enterprise Risk Management (ERM) initiative, but are unable to move beyond their initial risk assessment effort. The exact reasons differ by company, but generally they include limited linkage of large risks and influence of those risks on business performance and lack of business unit understanding of their accountabilities for risk management. In most cases, the cause of the impasse stems from an approach that is overly focused on risk identification and awareness rather than on using ERM to improve return on capital and earnings and cash flow stability.
In many companies, ERM efforts stem from a board request to better understand risk or an attempt by management to achieve a standard of "good practice." Programs arising out of such mandates, though, are often undertaken without a clear understanding of objectives beyond the desire to "do something." Boards often don't clearly articulate what they want, and management does not know what they should be delivering or why, over both the short and long term. Unfortunately, ERM efforts with such beginnings are challenged from the start.
In such instances, the first step is often the creation of a risk profile in which the company develops a comprehensive list of risks and prioritizes these according to probability and severity of impact. The presentation of this risk profile frequently takes the form of an n-by-n matrix or "heat-map." It is here where-absent clear objectives-progress may begin to slow when, after investing great effort, management is unsure of what to do with the risk assessment output.
Recommended For You
Conducting an initial risk assessment is a logical and necessary starting point for most ERM efforts. But this assessment is only the first milestone of what should be a well-articulated plan. The key to success with ERM programs is in setting clear objectives from the start. These objectives should focus not only on risk awareness, but better management of risk. To enable such a focus, successful companies take a performance-oriented approach in which risk information is embedded into key management processes, including strategic planning, budgeting, forecasting and management reporting. It is the assessment of large and interrelated risks across the enterprise and a risk management process integrating strategy, performance and compliance that creates real value.
It is hard to argue that better risk management does not have value. Yet, it is equally hard to ignore how many ERM initiatives do not live up to expectations by losing sight of this intuitively obvious fact. If you are in the midst of an ERM effort or contemplating one shortly, you can help ensure the success of your program by simply keeping the focus on improving performance and creating long-term, sustainable economic value.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
