4 Possible Paths Your ERM Program Can Take

Setting up an enterprise risk management (ERM) program is just the beginning of a continuous process to help your organization achieve strategic and operational objectives.

Like many things in life, this is easier said than done…

Companies will establish an ERM program for a variety of reasons – perhaps a simple question from a board member or senior management will prompt action. In some situations, a data request from a regulator or new reporting requirements (…as in the case of ORSA and U.S. insurance companies) will be the catalyst. Companies across a variety of industries are facing increasing pressure to ensure proper alignment of goals, risk appetites, and strategy.

Regardless of its reasons for coming into existence, an organization’s successful ERM program over the long term needs to, among other things:

  • Deliver timely, comprehensive and actionable risk information to decision makers;
  • Establish a consistent (but not burdensome!) process and common risk language throughout the organization;
  • Foster discussion between different business units on major risks;
  • Integrate risk into planning, compliance, and strategy; and
  • Hold risk owners accountable for their area(s) of responsibility.

Despite these goals, the progression or trajectory of ERM programs at many companies prevents them from realizing tangible benefits from establishing the program in the first place. The following four trajectories were outlined in an article published by PWC entitled How ERM Programs Evolve and are based on several years of observing programs in a wide variety of organizations and industries.

Continue reading for a brief breakdown of each of these four trajectories…

ERM program courseStart and stop – This course is characterized as failing to go beyond the assessment phase of the ERM process. As time goes on, senior and mid-level management will lose interest in the program and begin questioning its value. Rather than risk becoming ingrained in the company’s day-to-day operations, interest and attention in ERM will wax and wane based on when risk assessments are scheduled for an update. Organizations that fit this description will start out with quarterly assessments but soon push them out to once a year or even bi-annually as interest in the program declines. Management will come to view ERM as a one-time exercise of little value or a complete failure.

ERM program course

Start and stagnate – In many cases, as time goes on, interest in new initiatives begins to level off. In the case of an ERM program, interest will peak during the initial assessment and action plan(s) phases. Periodic meetings will keep the interest going, but the program isn’t adding any new capabilities, which leads many to mistakenly believe that the assessment is the entire ERM program when it is in fact just a single process within a larger framework. As a result, management and risk owners will come to see these activities as a “check-the-box” exercise for the board of directors or a regulatory requirement rather than an ongoing process that can add value to the organization.

ERM program courseStart slow, react, and atrophy – Maybe the organization has started an ERM program but it is moving slowly – then some big event comes along and motivates management to update strategies, objectives and capabilities in response. Events like going public, integrating an acquisition, a large-scale product failure, or expansion into a different business, product or location are just a few examples of these trigger events. However, if there isn’t a sustainable process behind it or if the integration of new capabilities into decision-making is weak, interest in the program will decline.

ERM program courseEvolve steadily and consistently – The fourth and final possible trajectory of an ERM program is the most desirable, but sadly, the least common according to PWC. This trajectory involves the ongoing introduction and integration of new capabilities, which of course helps maintain interest in the program from the highest levels of management all the way down the chain. Programs that are steadily growing will be carefully planned, but flexible. Objectives of the program and steps for improving capabilities are clearly understood throughout the organization. Also, ERM programs that are constantly evolving will have a clear mission and value proposition.

ERM programs can start/stop, start/stagnate or start slow, react and then drop off again for a variety of reasons, including change in leadership, poor communication, distractions, low budget and staffing, and lack of proven value creation.

Check back again as I explore some methods organizations can employ to maintain interest and growth in its ERM program.

If you feel your company’s ERM program is stuck in a rut and in need of a shakeup, an outside voice can be very helpful in getting things back on track.

Feel free to contact me today to discuss your company’s ERM program today.

Has your organization’s ERM program stalled or stopped altogether?

If not, what tactics has your company used to keep your program on track and steadily growing in capabilities?

Let us know in the comments below, or join the discussion on LinkedIn.

, , , ,

Related Posts

2 Comments. Leave new

  • Carol, I like what you have to say.

    I would suggest that before anybody starts or tries to restart an ERM program they should answer these questions:

    1. What are we trying to achieve? What is the ideal state of ERM, the value it will provide to the organization?
    2. What will it take for the CEO and the rest of the executive team to WANT risk management, because it contributes to the extent and likelihood of their and the organization’s success?
    3. What is already in place? Are you sure you need a separate ERM program? Can what is already in place, as a management process, be strengthened? For example, are projects managed well; are capital decisions based on sound analysis; do performance management reports already include the consideration of what might happen; and so on?
    4. What are the factors that could cause the ERM program to fail? Are you applying risk management thinking to the risk management practice?
    5. How will you measure success?

    I suggest the last is when the executive team not only assert that it helps them select and then execute on their strategies, but they are keen to invest in it.

    • Thanks for your comments, Norman. I agree that your 5 questions should definitely be asked FIRST! Otherwise, the first three paths are a given…because the executives are not willing to invest in ERM.


Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.