Prior surveys conducted by the Risk and Insurance Management Society (RIMS) tended to hear that the risk management department isn’t perceived as a strategically valuable part of an organization. However, because of the economic uncertainty that came to fruition in 2008, that persona is changing for those in risk management. The C-suite is looking for more out of the risk management department, and now is the perfect time for risk management professionals to ensure that they are sitting at the strategic table.

Executives are pushing risk management professionals to integrate risk management deeper within operations and they are looking for them to execute daily risk management activities more efficiently.  They are also looking for improved analysis and quantification of key risk exposures.

The state of the economy is changing what executives expect of their risk management departments. This is shown in the simple fact that 80% of respondents say that the expectations in their company have increased noticeably. A major part in this growth is the expectation that ERM can create efficiencies and cut costs within the organization. Along with the increased role of risk management within businesses, executives want a better grasp of the return on investment (ROI) associated with their risk management strategy, which is sometimes hard to articulate.  Companies are looking to better use available tools and analytics.  In order to meet these expectations, key performance indicators (KPI) need to be defined.

For those companies beginning an ERM initiative, the biggest emphasis of the past year has been to integrate the risk management function within all other parts of the business, instead of simply having it in its own department.  The “silo” mindset of creating a separate risk management function is the biggest barrier that risk managers say is preventing them from having even more effective enterprise-wide risk management processes.  Respondents to the survey also say that not having relevant data to show senior management has been a struggle. However, risk management departments are trying to raise visibility regarding the importance of ERM with senior management, as many survey respondents are stating that it is a priority of their department to get an ERM process implemented within the entity. This is ironic, considering that senior management is increasingly expecting more from their risk management function. Also, when comparing expectations, the C-Suite tends to have the highest expectations, especially considering leading the pack in enterprise risk management activities and developing an understanding of non-insurable risks.

Most of the respondents to the RIMS survey (62%) do have a cross functional risk committee, which is a significant increase from the 47% that reported to have one just a year ago. Most of these committees were implemented in the past three years. The goals of these committees include involving risk discussions in the strategy discussions in the planning process of the firm. An interesting secondary goal of the committee is to prove that there is an ROI on enterprise risk management. Over 90% of respondents state that these committees are at least somewhat effective.

In line with many risk frameworks, the CEO and CFO are setting a strong tone at the top. COSO emphasizes that this is a key part of a successful risk management strategy. Growing together with the emphasis on risk management is the role of a Chief Risk Officer, or CRO. The top risks within a firm have converged among different sectors of the business, which is a positive development. Six of the top seven top risks identified between risk managers, C-suite executives, and financial officers have similar rankings. Examples of these risks are economic conditions, business disruptions, regulatory/compliance, legal shifts, and litigation.

Click here to download full survey report.

Link: RIMS – The Risk Management Society

Read ERM articles as soon as we post them

Keep up-to-date with current developments in ERM. Subscribe to the ERM Newsletter.

Privacy Policy

ERM Enterprise Risk Management Initiative 2011-11-01