Every spring, NC State’s ERM Initiative in partnership with the AICPA releases their State of Risk Oversight report. Data for the report is obtained through a survey sent to senior executives across a variety of industries this past fall. For this year’s report, 563 surveys were completed, which is a significant increase over prior years.
While questions in the report do vary slightly from one year to the next, there are recurring themes or pillars.
One of these pillars – the connection between risk management and strategic planning – is one I’ve discussed in one way or another each year since the inception of my blog.
My first post on this topic in April 2017 explains:
Only 20% of the 432 respondents feel that the organization’s risk management process is a ‘proprietary strategic tool that provides a unique competitive advantage.’ Only 20%!
This was both surprising and disappointing at the same time…
If one of the core purposes of “ERM” is to identify and threats and opportunities to achieving strategic objectives, then how can only 1 in 5 firms feel their process delivers this benefit?
Well, I’m sad to report that it’s only gotten worse, declining 1% each year since my first foray into this topic. In 2020, only 17% of respondents either mostly or extensively believe their “…organization’s risk management process is a proprietary strategic tool that provides a unique competitive advantage.”
Ten years ago, only 11% of companies responding to the survey reported their firms as having complete ERM processes in place. While this number has remained flat in the last couple of years, it now stands at 30%.
So with more companies adopting ERM, it stands to reason that more would realize a strategic benefit from these activities, but that doesn’t seem to be the case.
This naturally leads to the question…
Why are fewer companies realizing a strategic benefit from ERM?
If you’ve been visiting my blog for any length of time, you should notice that posts from before last year mainly focused on ERM processes like risk assessment, risk appetite, risk ownership and more.
However, in the last year or so, my focus has pivoted to include more on embedding risk into decision-making and the daily operations of the organization.
And therein lies the answer to the question above – as long as “ERM” is considered a separate activity from managing the company, executives will continue to see little strategic benefit.
(This coincidentally is one of the main reasons for the rebranding of my consulting services to Strategic Decision Solutions.)
Many of the organizations responding to the survey are financial firms who are required to report their biggest risks to regulators. Their processes for identifying and assessing these risks can be long and drawn out. Therefore, executives view ERM as just another compliance exercise that provides no real value for helping the organization succeed.
As I’ve learned over the course of my career, robust enterprise risk management is about more than holding tight to a certain standard or process. It’s not just about minimizing harm and producing a list of risks, but maximizing success, ensuring risk-informed decision-making and better agility in these fast-changing, uncertain times.
ERM practitioners need to stop thinking like “risk people” and start thinking like management. How can management’s practices be improved to include risk into their daily conversations and decisions? What about the governance of the organization?
The organization shouldn’t need another person at the table providing the risk perspective – this risk perspective should be provided by each manager at the table already.
Although the principal ERM standards are starting to reflect this, it’s clear from this year’s report that things have a long way to go.
What other reasons might there be to explain the continued decline in company’s realizing a strategic benefit to ERM?
I’m always on the lookout for additional perspectives to questions like this, so don’t be shy. Feel free to leave a comment below or join the conversation on LinkedIn.
And if your company is struggling to realize any strategic benefit to its ERM activities and would like an outside perspective to help get things unstuck, reach out to me to discuss your specific situation today!
Featured image courtesy of Sean Pollock via Unsplash.com