What is Enterprise Risk Management?

Written by Brad Pickering on . Posted in Enterprise Risk Management Consulting

It’s the new green. Enterprise risk management is a great buzzword; you can’t go far without tripping over it in one context or another. It is what people say they want, and it is what they say they’re working on. Stakeholders are demanding increased action on this front: Standard & Poor’s, for instance, now evaluates an organization’s enterprise risk management process as a factor in their credit rating analysis and government bodies have instituted stricter regulations. Has this had an effect on how businesses look at risk? And what needs to happen to make enterprise risk management more than a buzzword?

Risky Business

The North Carolina University Report on the Current State of Enterprise Risk Oversight looked at over 700 different organizations to determine their positions on enterprise risk management. The findings clearly point to a need for a comprehensive strategy:

  • Over 60 percent of respondents say that volume and complexity of risks have changed significantly in the last five years.
  • 36 percent said they were “caught off guard” by an operational surprise.
  • 50 percent say their companies have “strongly risk averse” or “risk averse” cultures.
  • We can agree that the world has no shortage of risks for any of us. But despite this:

  • 44 percent had no enterprise-wide risk management process in place AND have no plans to implement one. Another 18 percent reported that they’re considering it.
  • 75 percent say that key risks are discussed at management meetings on an “ad hoc basis” and about half say they are not satisfied with the “reporting of key risk indicators to senior executives” regarding top risks.
  • Half say their boards of directors are calling for increased oversight from executives via audit committees. Of these committees, 19 percent monitor financial risks only, “63 percent monitor operational and compliance risks,” and only 18 percent monitor “all entity risks, including strategic risks.”

Forgive the deluge of numbers, but they are incredibly telling (and you can read more of the report here). Very few businesses have treated enterprise risk management as more than a trendy term, and fewer have created the position of Chief Risk Officer, a high-level executive position, to facilitate enterprise-wide processes.

Putting Enterprise Risk Management in Its Place

One fundamental shift has to happen to enable real enterprise risk management: the objectives and goals for the business, as well as the risks, enterprise wide (not just health and safety), need to drive business planning. That it most often does not is a huge stumbling block to success.

What usually happens is that business planning happens at a high level and is undertaken by people with strategic and/or financial backgrounds. Risk management does not get invited; it is a mid-level or operations mandate, and typically the enterprise risk management team is not comprised of planning people. But your agenda actually needs to be driven from risk information. For it to work, risk management needs to be done on a high level, as part of the planning process, and by individuals or teams that are able to influence key decision-makers (or are key decision-makers).

As long as those who control the planning process remain aloof from risk management, the challenge will remain and companies will continue struggling with to achieve business objectives

Brad Pickering

Brad Pickering, P.Eng., MBA, and President and Founder of Innovate Advisory, has built a career on innovation. He was the primary inventor of a manufacturing system that resulted in capital cost savings of $3 million and ongoing cost savings of $1 million annually. He has also developed business processes and methodologies that drive profitability and sustainability and which can help your business achieve its goals. Contact Brad for more information.


Stay up to date with the latest news from Innovate Advisory!

This monthly eNewsletter gives you access to Brad Pickering’s best thinking on Strategic Planning, Enterprise Risk Management and Operational Profitability.

Subscribe Now