The future of enterprise risk management

“The only thing that is consistent in life is change.” Today’s business climate continues to validate that statement as new threats and opportunities come online and continue to challenge organisational operating models. Events past and present such as the financial crisis, technological advances, COVID, and environmental, social and governance issues are critical steppingstones for the continuous development of enterprise risk management (ERM). These events will continue to usher in the future changes needed in ERM specifically, in the field of identifying and preparing for risks that can stop an organisation achieving its objectives.

 

Ironically, in this context, it can also be risky to make predictions. However, here are some of the challenges currently affecting organisations:

• Business stakeholder cooperation: Finance and risk leaders work closely, but don’t provide input jointly to inform corporate strategy.
• Customer expectations: Organisations struggle to balance the responsibilities of control and compliance against the need for effective customer service in the ever-changing digital landscape.
• Digital ecosystem: There is disruption of business models from tech start-ups.
• Regulatory and economic change: An increasing regulatory demand in multiple jurisdictions acts as a barrier to growth.
• Value of data: Organisations are actively exploring ways to integrate unstructured external data for better data-driven insights.
• Cost-effective and resilient ERM: Lack of budget to make necessary investments impedes an organisation’s effective risk management program.

 

With these observations as the starting point, we can make a few predictions about what will happen in the ERM practice over the next five to ten years.

 

An increase in investment and involvement in ERM

 

The risk landscape will continue to threaten robust financial budgets that can cause major setbacks in today’s and tomorrow’s important ‘winner takes all’ organisational investment strategies. Similarly, CFOs, especially in publicly traded organisations, can find themselves in regulatory deep water if they are not actively aware of the risks within the organisation and mistakenly misrepresent financial projections. Named officers and CFOs must be informed. Collaboration between ERM and the finance function is necessary for strategic financial planning to uncover or think through some of the risks the organisation might face.

 

In addition, items such as idiosyncratic stress-testing can help ‘bake-in’ another level of analysis and assurance for financial projections before there is sign-off on financial reports to internal and external stakeholders or regulatory agencies. Bringing in processes that align into finance and other departments will be critical in the future as sophisticated stakeholders, regulators and analysts look to foster good stewardship in organisations.

 

ERM as a key input in strategic planning

 

Most companies every year provide a strategic plan. One unintended consequence is that it is sometimes like dropping a rock in still water. The ripple effects can introduce risk throughout the organisation that sometimes can cause more harm than good if the risk is not well managed.

 

Strategic plans are sometimes vague and incongruent and, in some cases, lead organisations to speculate what needs to be done to carry out the plan, which can cause operational paralysis due to lack of prioritisation or competing interests. Some questions people have are: What part of the strategic plan should we do first? Do we have the capacity to do every project without exceeding budget? What are the most important strategic projects we need to complete now? What strategic projects can we hold off on?

 

There are methodologies and best practices out there that provide professionals with training on IT governance, resourcing, benefit realisation and risk optimisation. More and more CEOs are quickly looking for better ways to help mitigate these organisational challenges and, in the future, will need to incorporate the services of ERM to help prioritise the strategic plan based on the associated risks. This can be an important part of the reconciliation process to again provide assurance and figure out gaps in financial and non-financial strategic plans that could impact or improve the organisation’s posture.

 

Evolve from ERM to a centre of excellence (CoE)

 

Many departments have evolved over time; for example, many business intelligence departments have evolved to include data analytic reporting. Some could make the argument that this is a part of industry marketing and others could argue that this is a new role to solve for a new problem set. Whatever camp you are in, we can agree that the issues and complexities facing organisations and the pace at which they are debuting may not necessarily need an esoteric viewpoint.

 

To meet the demand and needs of the organisation and provide value, you instead need to create an interdisciplinary, agile unit to help address risks and provide process improvement services. Think of this as a mini triage unit in each area of the organisation. The CoE could become the nervous system of the organisation that augments lines of business, triages risks, gives governance, identifies synergies and provides reporting to senior leadership on risk appetite and KPIs through analytic reporting in semi-real time.

 

Transition from cost centre to profit centre

 

ERM has historically been viewed as a cost centre and, as a result, organisations and ERM have suffered due to preventable issues and unrealised value. While this may take time to dial in for some organisations, it is apparent that ERM can and has saved organisations money. Take into consideration the economic downturn of 2008; some banks that failed said "they could not have foreseen the mortgage crisis." Yet some banks did well and managed to survive despite having a big market share in mortgages. This comes down to many well-intentioned organisations having a cork at the top where information does not flow properly to leadership for decision-making. The truth is that the ERM team that was able to funnel information to senior leadership experienced savings and/or limited material risk during the economic downturn. Risks like these that were abated ultimately affect the bottom line of the company to ensure its solvency.

 

While each industry will have to find the right sizing for their company, the complex business environment will continue to drive the future of ERM – and ERM’s future has a bright outlook. However, we shouldn’t only leave it to chance. Professionals should exercise their muscle of storytelling, as it has never been more important in articulating a clear and compelling business case to showcase to internal stakeholders how COVID, customer expectations, digital transformation, regulatory and economic change, the value of data and resilience have all changed their organisations and how ERM can help add to the bottom line.

---