While a number of organizations have embraced the concept of enterprise risk management (ERM) over the past couple of decades, the discipline of ERM is still relatively new.  Many organizations are realizing tremendous strategic value from their ERM efforts, and they continue to innovate their risk oversight processes over time. Unfortunately, other organizations have experienced “fits and starts” to their ERM processes, often struggling to gain the traction needed for ERM to be helpful in business decision making.

In this video interview, Mark Beasley, KPMG Professor and Director of the ERM Initiative, interviews Jim Traut, founder of Risk Transparency, Inc., about his views of how organizations can elevate the strategic value of their ERM processes.  Building on his prior experiences of leading the ERM efforts at H.J. Heinz and Clemson University, Jim offers insight about practical next steps business leaders can consider to elevate the strategic value of their risk governance.

ERM May Still be in its Infancy

The creation of ERM has helped organizations focus more thoroughly on the risk/reward relationship. ERM is designed to help business leaders look into the future to better anticipate gaps in their organization’s processes that may impact the advancement of their business model and strategies. But, we are still learning what works well for ERM to be truly value-adding. 

Jim notes that in many organizations, business leaders haven’t fully embraced the importance and value of how ERM can strengthen strategic decision-making. The level of investment in infrastructure to enhance risk management processes remains relatively low compared to other infrastructure investments (such as investments in accounting and financial reporting systems).  Jim describes ERM as still in its infancy stage, warranting further innovation and investment.

Need to Examine Risk Governance

Jim argues that business leaders need to innovate their ERM programs by elevating risk governance processes. ERM processes that focus on inter-connectivity of siloes, engage business leaders, and embrace greater leadership accountabilities for risks are likely to be more value-adding.  Jim further describes four key pillars for “REAL” risk governance:

R = Respond:  Management should focus on responding proactively to the most important issues facing the organization in a cross-functional manner (versus waiting to determine reactions to issues once they emerge).

E = Excellence:  An organizational mindset that embraces excellence is one that accepts change as a constant in life and continually seeks opportunities for improvement.  All functional areas should focus on changing conditions and assumptions that lead to risks and opportunities.

A=Accountable:  This is the heart of governance. Each risk category under each functional area represents a key “brick” to be linked to ownership and responsibility.

L= Leaders:  Leaders are where decisions are made.  First create connected leaders who are engaged with one another.  Second, develop a leader’s mindset regardless of position.  Ask for leaders to provide a risk mindset that focuses on risk issues facing the organization.

Raising the Value Proposition of ERM

Jim notes how the COVID experience has helped breakdown siloes in organizations. Leaders have been forced to “lean into” risks and that perspective should be continued.  During COVID, leaders came together collectively to deal with the challenges of the pandemic.  Elements of trust ensued.  That collective effort and trust has strengthened the culture for many organizations and fostered innovation in risk governance.

Jim concludes with a few practical suggestions for ERM leaders:

  1. Map functional leaders to board risk oversight leaders and responsibilities. Share that organizational chart with all leaders
  2. Map the risks by functional area category and connect those categories to each functional area
  3. Map what is currently the top list of risks to risk categories
  4. Identify current vs. target risk levels and actions to close the gaps

Read ERM articles as soon as we post them

Keep up-to-date with current developments in ERM. Subscribe to the ERM Newsletter.

Privacy Policy

ERM Enterprise Risk Management Initiative 2021-08-03