ERM on a Budget: It is Possible! – 7 Key Considerations

When I started my consulting firm in August 2016, I knew I wanted to help organizations perform better by using enterprise risk management (ERM) instead of just traditional risk management. After all, I know how well ERM can work when done right and how much the organization can benefit from it.

But as a start-up, I had more time than money, so I was focused on seeing what I could do for the least amount of money. I used the free versions of software (and still use several of them!), asked my husband to build my website, and spent hours each day creating the foundation for my business.

Just like a start-up company has a lean operating budget, so do many organizations when it comes to ERM. You may feel like you squeeze every dollar for value, and you are wondering how in the world you will be able to have ERM.

When you search for ERM information online, most of what you will read talks about the full-blown version, with formal governance structure, a dedicated ERM team, a formalized process, etc. And having these things can be extremely beneficial…and sometimes required, especially for a regulated industry like healthcare, banking, or insurance.

But what if you don’t have money for those things? Or you want to dip your toe in the ERM water to see if it is right for your organization?

Well, it is definitely possible to have “ERM on a budget!”

Let’s walk through each part…

ERM on a budget

1. Governance – is it necessary?

My response to this question is with the caveat that this information does not apply to those industries required to have a formal ERM program or show audit any governance documents…

Is a formal ERM program governance structure critical to an organization reaping the benefits of ERM? No.

Can governance be helpful? Yes. Because it sets up the foundation of what, who, why, how, and when ERM will be conducted, so that everyone is on the same page.

Many organizations struggle to get it right on their own, so they call on a big consulting firm to help them. Unfortunately for them, they are handed a “standard” ERM framework that ends up not working.

As I have mentioned before, ERM has to be tailored to the organization, and a standard framework isn’t going to do that. I know that “tailored” sounds like it will be expensive, but you don’t have to spend a lot of money to get what you need.

2. What about a dedicated ERM team?

I am a true believer in having at least one person doing ERM full-time, simply because of the amount of work that is needed to demonstrate the value that ERM brings to the organization. However, some organizations just can’t afford it and have to sacrifice the speed of making progress in exchange for the money.

If your organization cannot afford a full-time person, then you can look for someone with certain qualities rather than strictly focusing on skill sets. Don’t get me wrong – specific skill sets are very helpful, but not the only requirement due to the role that ERM plays within the organization.

A negative consequence to having a part-time ERM person means that momentum may be difficult to sustain. Say a great workshop was held with a business unit. But now the ERM person cannot have the next conversation for a few weeks due to other priorities. This means that most likely, those who participated in the first conversation will have to be reminded of the content and conclusions in order for the second conversation to take place.

Essentially, the timeframe for getting things accomplished will be extended. In some circumstances, this extended timeframe can be good, as it demonstrates that it is not being pushed onto unwilling people. The flip side is that it can be harder to convince people of the benefits of ERM because it takes so long to realize value and outcomes.

But if the organization is willing to manage the timing, then the part-time route may be doable.

3. Is a formalized ERM process necessary?

Actually, this answer will apply regardless of industry or size of the organization. I will say that ERM should have a blend of both formal and informal processes.

On the formal process side, risk identification should not be haphazard, which I discuss in my free eBook 5 Effective Methods of Risk Identification for Your Organization. And assessing risks should be thoughtful and consistent across the organization. So designing this process should be done with the end in mind, not focused on whether it is “formal” or not.

But a key aspect of ERM is the perspective being provided in various conversations across the organization. Whether ERM is engaged in planning discussions or working closely with project management, there is a unique point of view from the risk and opportunity angle. But luckily, these conversations do not have to be structured or formalized.

All the other Aspects of ERM

With the idea that you are willing to invest more time than money, these four things can be done inexpensively:

4. Communicate!

  • Focus on getting buy-in from executives and management. This doesn’t take money, but it takes time and energy to build those relationships and understand what they need, so ERM can provide that value.
  • Use different types of mediums for communications. Remember that people learn differently, so vary it up between written (emails, documents), videos, and face-to-face conversations. And it doesn’t have to be fancy or formal; it may be appreciated to have a quick video that is recorded on your phone or laptop.

5. Be Creative with the Technology You Have

  • Have people spread out in different locations? Instead of traveling to them, use video conferencing tools like Skype or Zoom to talk “face-to-face” without the travel expense.
  • You don’t have to buy fancy GRC or ERM software.
    • Use Excel and/or Access (or similar tools) to capture and track risk information. Using Excel can cause some headaches when it comes to tracking historical information, so make sure to spend time thinking about what you need over a period of time and designing the spreadsheet accordingly. An Access database can also be a simple solution to capturing risk information, especially as it allows for historical versions of information and can be a good way to ensure data quality. Look for someone within your organization who can give you advice on setting up a simple relational database. (Or I can help you with it!)
    • Reports for the executives and the board don’t have to be boring. Use PowerPoint or Word to create meaningful ways of communicating risk and opportunity information. Charts in Excel can be pretty neat and provide some great insights without needing special software.

6. Skip the Expensive Conferences and Events

  • Tons of information exists online both on my website and through thought leaders like NC State University, RIMS, Norman Marks and others. Having more time than money means you can spend time sorting through the theory and advice to figure out what you can do to overcome a challenge, while still working within your tight budget. In fact, I recently compiled some of my favorite risk management resources.
  • Develop a professional network of peers. Use LinkedIn to the fullest to find fellow risk professionals and start having meaningful conversations. Join LinkedIn groups for both ERM and your industry to find helpful information. If you find people in your area, schedule a face-to-face meeting to talk in more detail.
  • Some organizations will post summaries of the presentations after the event. Use this as a way of seeing what challenges and solutions others are talking about.

7. Find Alternatives to the Big Consulting Firms

  • Sometimes you just need some support to address a specific problem, but you know the big firms will not be the right fit. Smaller, boutique ERM consulting firms exist (like mine!) and can be more flexible with solutions to fit your budget. It never hurts to reach out and talk to see what they have to offer and if they will fit your needs.

While it may feel like a struggle or uphill battle, it is possible and doable to get all the value of ERM without spending a ton of money.

What are ways that you have been able to succeed having ERM on a budget in your organization?

I would love to hear from you. Please comment below or join the conversation in LinkedIn.

And if you are one of those organizations who needs a little support to get moving in the right direction without spending a ton of money? Feel free to send me an email, schedule a meeting or contact me by phone or email to discuss your specific situation.

Sign Up For Our Newsletter

Sign Up For Our Newsletter


Meet Carol

Helping companies achieve their vision and strategy, and succeeding in today's turbulent world, is something I'm honored to be a part of. Whether you're an occasional blog visitor or a long-term client, thank you for letting us be a part of your journey.

Most Recent Posts

The 12 Days of ERM Christmas

Without a doubt, one of my family’s favorite holidays is Christmas. Part of the fun, especially for our son, is seeing what “Santa” brought, but most importantly, we treasure the spirit of peace and goodwill the season brings. And after what seemed to be a never-ending warm spell, the weather is expected to be good…

Read More

Don’t Let Goals and Initiatives Be Blindsided by External Events

As the end of the year draws near, I think we’d all agree that while it wasn’t without its challenges, this year also wasn’t quite as turbulent as the previous two. While a lot of people are juggling company parties, shopping for friends and family, and special activities for the kids, most companies are putting…

Read More

Going the Distance: Ensuring Successful Execution of Strategic and Annual Initiatives

Strategic planning is a challenge – of all people, I understand… After all the meetings, risk and data analysis, and brainstorming of the preceding months, it’s tempting to think this is the end of the road and you can relax. Contrary to this common perception though, this is exactly not the time to relax, but…

Read More

Avoid Rookie Mistakes and Protect your Internal Reputation

Be honest – have you ever done something that you soon realized was a real rookie mistake? Me raising my hand… Considering the nature of ERM’s role to ask questions and challenge assumptions (often during conversations with executives), it can be argued that, in at least some cases, the expectations bar for risk professionals is…

Read More

ERM at Thanksgiving – An Illustration of Risk Management in Action

On occasion, I like to take some of the concepts we risk professionals think about in our jobs and apply them to different personal situations…take some of the same concepts we use when working with executives to develop corporate strategy and manage risks or uncertainty around that strategy. It’s Thanksgiving week in the U.S. –…

Read More

Why Quantitative Risk Assessment is Not Just the Best But the Only Option – A Conversation

Periodically, I have the pleasure of speaking one-on-one with Hans Læssøe on a variety of topics around ERM, strategic risk, and other issues and trends. As you know from my previous conversations (here, here) and posts featuring his work, Hans was formerly a practitioner at the iconic LEGO Company, but even more notably, is a…

Read More

The Three Lines Model – 3 Reasons Why I Don’t Like It

Everyone likes a clear-cut template that offers an easy way to create or manage something…I mean what’s not to like about a step-by-step process for accomplishing what you want? Sometimes this can work without any issues, such as the case with the Project Management Book of Knowledge (PMBOK), ISO 9001 standard, or a new cooking…

Read More

5 Avenues for Expanding your ERM Knowledge

One thing I was taught to appreciate from a young age was the value of education and knowledge. It didn’t necessarily matter what the subject was, just that I always maintain a learning or growth mindset regardless of my current status in life. This mindset has served me well over the years, and it’s a…

Read More

Storytelling and Risk Management – Developing Skills that Technology Cannot Replace

It’s amazing how technology has developed and changed our working world over time. Imagine trying to run my risk and strategy consulting firm without tools like Zoom, Box, Slack, and other ERM-specific technology tools. There is no way we would be able to serve our clients the way that we do. Just consider how the…

Read More

3 Phases to Creating and Launching an ERM Program Focused on Organizational Success

If you’ve been handed the task of creating an ERM program for your organization, let me first offer my congratulations quickly followed by my empathy for the task ahead of you. I don’t say that to scare you but to provide a small dose of reality. Building, launching, and refining an ERM program that is…

Read More