There is often a shared underlying theme in the experiences of enterprise risk management (ERM) professionals. The traditional ERM approach and tools—the risk register, annual risk assessment and standard heat map—play an important role in helping to avoid missteps and plan for potential disruptions. But, they are not always valuable when it comes to helping those companies get better at making the big decisions that matter most. New tools and a new way of thinking about ERM’s role in the business are needed to ensure that ERM doesn’t become a check-the-box exercise, but rather maximizes the program’s value for planning, M&A, capital investment and other strategic processes.
With this in mind, business advisory services provider CEB asked corporate strategists at Fortune 500 companies what they saw as the biggest impediments to growth in their organizations. The majority reported that the key impediment was either an inability to make decisions fast enough or the inability to execute. As a result, they are leaving money on the table. Strategists estimated that poor decision-making in their organizations cost them more than five percentage points of growth last year.
For ERM leaders looking for a way to demonstrate their business value to skeptical stakeholders, this is it. CEB research suggests that several very specific activities are linked with demonstrably better “decision quality.” By using ERM to help senior stakeholders get the big decisions right more often, risk management professionals can play a direct role in creating shareholder value and capturing revenue that would otherwise be lost.
CEB data suggested that getting three specific things right matters most:
1. Embed ERM at key strategic decision points. For many ERM shops, being “strategic” means using the organization’s strategy as the starting point for risk assessment. This is a good idea, but it doesn’t get us all the way there. Embedding ERM disciplines and approaches into strategic planning processes ensures that uncertainties inherent in strategic objectives and the risk implications of those objectives themselves (for example, how does our risk profile change if we succeed in our plan to enter the China market?) have been fully baked into the strategy.
2. Create ERM tools that convert information into insight. The ERM “1.0” toolkit focuses primarily on the “known knowns”—reaching out to the far corners of the organization to gather existing risk information, aggregate and analyze it and report it onward. This is, of course, an important step. Some practitioners are now taking the basic toolkit and refitting it for the future. For example, applying a rolling six-month forecast to a traditional heat map gives senior leaders a sense of where over-the-horizon risks—and opportunities—may be coming from and ensures the organization is prepared to exploit them.
3. Empower risk-informed behavior. To truly drive better strategic decision-making, ERM needs to find the most effective levers to extend its reach. Focusing on specific audiences within the organization (like high-potential future leaders) and adopting a “train-the-trainer” approach maximizes ERM’s effectiveness and efficiency. Building informal networks of ERM liaisons or champions to act as eyes and ears on the ground and ensure consistent application of ERM processes also increases a program’s efficacy.