I previously wrote an article referencing the latest report from the Enterprise Risk Management (ERM) Initiative at North Carolina State University, in partnership with the American Institute of Certified Public Accountants (AICPA). Their 8th State of Risk Oversight report provides an overview of ERM practices for a variety of industries.
Although the previous article was specific to non-profits, this time we are going to talk about all industries because I am dismayed at the results discussed in the report. Only 20% of the 432 respondents feel that the organization’s risk management process is a “proprietary strategic tool that provides a unique competitive advantage.” Only 20%!
In reality, ERM (or just plain risk management to keep it simple) should be used to provide management with valuable information and insights as they make decisions about the strategic plan.
But the report tends to lead me down the thought that management just doesn’t see the connection between risk management and strategy.
Does that mean that as risk professionals, we are not articulating the case for ERM being integrated with strategy?
Or are we so caught up in the operational side of the house that we aren’t demonstrating value by identifying emerging risks related to the industry, market, and strategic plan?
I wrote about some possible ways of identifying external risks, but many experienced risk professionals like Norman Marks will say (and I agree!) that ERM should be linking identified risks to an organization’s objectives. Only then can management truly see the value of a robust ERM program.
What are your thoughts on linking risk management to strategy?
Please share your thoughts in the comment field below, or join the conversation on LinkedIn.
Do you want to help ensure your organization achieves its objectives but are unsure how to proceed? Are you struggling to get your risk management initiative off the ground or back on track? To discuss ways your organization can link risk management to strategy, contact me today.