Skip to main content
Poole College of Management
Enterprise Risk Management Initiative
ERM Leadership and Governance

Enterprise Risk Management: The Full Picture

December 1, 2007 3-min. read

Now more than ever ERM is vital to an organization.  ERM investments are critical to establishing and maintaining a strategic advantage, as well as mitigating risks and creating opportunities that maximize shareholder value.  The demand to fully optimize an ERM function is driven by investors, market and credit analysts, stakeholders, and auditors.  Despite the demand, only one in ten organizations in North America (NA) and Europe, Middle East, and Africa (EMEA) has a fully integrated ERM strategy. 

While the typical compliance-driven attitude is important, ERM should be viewed as a holistic business approach that integrates an organization’s culture, improves performance, and enhances growth opportunities.  These synergies depend upon the degree of maturity of the ERM function as well as how embedded the function is within the organization’s key business processes.  The paper, published by AON, investigated three challenges that are critical to ERM succeeding in any global organization:  culture, resources, and strategy.

Culture is very important in how ERM is adapted.  Four types of culture identified are:  performance-driven, administrative-driven, intimacy-based, and development-driven. However, many organizations admit that culture is often ignored from the onset.

The ERM function must be wholly integrated in an organization’s culture by establishing and communicating a distinct vision and plan from the onset that involves everyone from top management to low-level employees.  Performance-driven, results-focused organizational cultures are more likely to incorporate culture while developing ERM, and once implemented, ERM has a much greater impact on this type of culture.

A majority of EMEA organizations surveyed report further developed, dedicated ERM functions than NA organizations that are less likely to have dedicated ERM functions and are typically at earlier stages in the development process than those in EMEA.

Typically the leader of the ERM initiative is a top-level executive, a CFO, or CRO.  These individuals lead ERM development and are responsible for communication to all levels of the organization.  Most risk lies with employees so by incorporating and communicating with them in the ERM function, they are more likely to embrace the approach and make the initiative successful. 

Communication is an imperative activity that drives implementation and success.  Activities undertaken by those companies with dedicated ERM functions include risk assessment and analysis; risk reporting and governance; and strategy development and policy setting.  Only one in seven companies interviewed cited communication with stakeholders as a key, effective activity of the ERM function. Intimacy-based organizations typically are more effective at communication, creating awareness, and training when implementing ERM.  In particular, NA organizations also cite communication to stakeholders as a key activity of the ERM function. 

Resources allocated throughout the ERM function depend upon the development stage:  the more dedicated the ERM function, more employees are engaged as well as higher tendencies to use external resources.  However, twenty-three percent of the organizations surveyed with fully embedded ERM functions still cited insufficient resources as a barrier to ERM implementation. Possible explanations could be lack of experienced ERM professionals, budget deficiencies, and high turnover within the ERM function.

Strategy design begins with understanding the objectives of the ERM function.  According to the survey, only one in four companies state their ERM initiative as having significant influence over their strategic planning process; therefore, the extent to which objectives were clearly defined and communicated throughout the organization correlates with an organization’s tendency to incorporate ERM into strategic planning. 

Survey participants cited embedding a risk management culture as a primary objective. Objectives tend to broaden beyond the typical compliance-driven processes as the ERM function moves along the maturity curve.  Performance-driven cultures covered all key objectives, while others focused on embedding culture and compliance processes. 

Drivers of ERM objectives include corporate governance and best practice.  Only forty percent stated improved performance as a key driver.  Barriers that impair effective implementation in embedded functions are not surprisingly lack of resources; however, less dedicated functions cite lack of top level leadership, vague responsibilities, and lack of tangible benefits as barriers to success.  Despite being further developed in ERM functions, EMEA encountered more barriers, especially lack of resources, than NA.  Above all, influence over strategic planning, effective communication of and definition of objectives, and integration of culture, all increase the likelihood that ERM will deliver growth opportunities. 

More From Enterprise Risk Management Initiative

How do you effectively communicate risk insights to a board of directors?

Approaches to Communicating Risk Insights
cover fo 2024 global risk oversight

2024 Global State of Risk Oversight: Managing the Rapidly Evolving Landscape
photo of woman with e-tablet.

Techniques to Prioritize and Monitor Risks