A survey of 192 U.S executives conducted in the spring of 2012 revealed a significant finding that 91% of respondents “plan to reorganize and reprioritize their approaches to risk management in some form in the coming three years” Respondents made several recommendations to improve the efficiency of their ERM processes and to make it more of a valued strategic tool. This Deloitte thought paper outlines several key implications to strengthen enterprise-wide risk oversight.  Because preconceived notions and lack of awareness of ERM knowledge can stagger the benefits that are to be reaped, this thought paper is designed to spur thinking and dialogue to help executives to be better equipped to understand and implement effective ERM strategies.

What is driving major ERM transformation across organizations?

Anticipation of increased volatility of markets over the next three years, as a result of the recent crisis, is triggering over two-thirds of respondents to react through a different approach to risk management.

Rick Kulevich, senior director, Ethics and Compliance at CDW, a leading provider of technology products and services for business, government, and education explains that the recent catastrophe has warranted a lower tolerance for unforeseen circumstances and surprises, and that ERM is an important tool to “bring consistency to the risk management process.”

Many organizations are evaluating the current approaches to risk oversight and looking for opportunities to strengthen its value.  Fifty-two percent of respondents stated that they would increase awareness about ERM throughout the entire organization. In this way, a “silo mentality” of keeping risk issues and information within the realm of one function would be avoided. Organizations are realizing that they need to focus on accountabilities and delegation of risk management. And many believe that part of current ERM should be automated.

How serious are organizations about ERM?

When the largest group in the survey believes that the primary responsibility of the ERM belongs to the Chief Executive Officer (CEO), it can be inferred that this topic is not one to be discussed in the hallway after a meeting among lower-level managers. ERM is to be a “C-Suite issue”. To help the C-suite embrace this kind of thinking, there needs to be a paradigm shift in how ERM is presented and viewed.  The more that leaders begin to see ERM as a strategic tool designed to not only mitigate risks in order to protect the company from losses but also create value for an organization by make smart decisions based on future risks, the more likely senior executives will buy-in to the benefits of effective ERM processes.

Expectations About Future Risk Landscape

According to the Deloitte thought paper, eighty-five percent of the survey respondents believe that all risk categories are going to get worse over the next three years. The top three categories include

1. Financial risk (66% believe this will become more volatile)
2. Strategic risk (63% believe this will become more volatile), and
3. Operational risk (58% believe this will become more volatile)

A noteworthy and emerging risk area for organizations is the social media space. Social media can aggravate other areas of risk through violation of disclosure agreements and reporting standards. With easy access to digitized information instantaneously, the line between what an employee can and cannot do can become easily blurred, and thereby cause reputational risks. Hence, managing risks of social media is proving to be a necessity.

How should organizations employ ERM practices effectively?

With so many risk areas, the management of all these areas of risk can be perceived to be very complex and discouraging. Respondents in the survey highlighted a few important improvements and areas to focus on that could boost the process of ERM.

The starting point to ensure ERM is connected with strategy is a rich understanding of the organization’s business model and strategic goals.  With an organization’s strategic goals in mind, executives then use that to drive their identification and prioritization of the most significant risks. That helps organizations focus on risks in the context of what makes the business work. 

Committees and task forces that work continuously on addressing and evaluating these risks should be put in place.  A key is to have continuous monitoring. Having a periodical review of some risks that emerge or may emerge in the near future can prove disastrous to an organization, leaving it vulnerable to unforeseen and unexpected shocks. Jeffrey Williams, Vice President, Pfizer Inc. said that getting “complacent” with the ERM process of an organization should be the last thing to do as it requires continuous evaluation and enhancement.

Although continuous risk monitoring is now on the rise, only 25% of respondents stated that their companies continuously monitored risks. IBM’s Custodio says that their “risk map is a living document,” meaning that the management of risk is constantly evolving and adapting to changes in the environment. The gap between risk and its continuous monitoring can be narrowed down by having more resources spent on ERM. Respondents (56%) have said that they will focus on continuous monitoring of strategic risks, and thereby use ERM as a strategic tool to increase growth of the organization.

Do ERM transformations mean budget increases for organizations?

As mentioned earlier, more resources are required to effectively run an ERM program. But respondents in the survey identified two areas of risk management in their companies where more resources would be spent:

1. Strategic risk management, and
2. Technology risk management.

Respondents say that these two areas would likely experience more than a 50% increase in budget. They are willing to pool in more resources and funds to create a framework of ERM that works and is effective. But 50% of respondents also said that there would be very little change in risk management budget.

A number of other organizations that do not have significant ERM knowledge are looking to expand their understanding without huge budget increases. One of the ways, which is gaining widespread popularity, is by organizing platforms such as ERM conferences, discussions and roundtables that allow organizations to hear from the leading ERM experts and proponents, and learn about how to effectively run an ERM program.


The Deloitte thought paper goes into more detail on managing risks differently in different industries and areas of risk factors. The findings strongly suggest a trend that will bring major changes in the general mindset of current organizations for the need of an improved and enhanced ERM program. Restructuring the entire risk management policies to connect thought leadership, identification of risks, and action should move to the forefront of every organization’s strategy. After all, being able to anticipate a possible crisis in the future and adapting to a “new world of risk management” in order to emerge and thrive would seem like the most strategic move towards an organization’s growth.

To view the full article and learn more in depth about what other details the top executives and directors mentioned in the survey findings with respect to the adjusting to new world of risk management, click below.

Link: Deloitte & Forbes Insights

Subscribe to ERM Insights

The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.

ERM Enterprise Risk Management Initiative 2012-06-01