The COVID pandemic of the last year blew the lid of uncertainty wide open…
And while restrictions are easing and many are returning to the office, this uncertainty shows no signs of abating. In fact, it will continue to intensify.
Now this may seem like an incredible opportunity for ERM to help the Board, executives and other decision-makers navigate these uncharted waters to ensure the company’s success.
But as this year’s State of Risk Oversight report from NC State shows, very few companies view ERM as a tool for building a competitive advantage.
In fact, it’s abysmal, I must say…
When first writing on this subject four years ago, I was astounded that only 20% of respondents felt that their risk management processes “mostly” (16%) or “extensively” (4%) provides the company with a strategic advantage.
Unfortunately, it seems like things just keep getting worse. In this year’s report, only 12% of respondents believe their ERM processes deliver this level of value, which represents a significant drop of 5% from just a year ago.
Perhaps this abysmal showing is due to the lack of quick insight ERM could provide as the COVID pandemic unfolded. Besides the high chances of ERM being set up as a separate process, it’s hard to know exactly why…but one thing is clear, executives continue to see ERM as a check-the-box compliance exercise solely focused on preventing failure and not helping the company achieve goals and objectives and make informed and timely decisions.
So what can be done to improve this unfortunate perception of ERM?
We’ve previously explored the topic of the perception of ERM, and it’s certainly worth a quick read as those ideas are still quite relevant.
However, at the time it was published, I still subscribed to a very traditional, risk-centric, process-oriented view of ERM. It was through a combination of my experience as a risk and strategy consultant and the influence of different thought leaders that my perception changed. In a comment to a post on risk monitoring from a couple of years ago, Hans Læssøe, former strategic risk manager for the LEGO Group, explains:
I am, however, concerned about the inherent focus on risk-monitoring as this implies a risk-centric approach. Instead, your organization should monitor developments generally (i.e. legal, business, competitive, costing, vendor developments), and address if/how any of these may affect your risk assessment, and hence lead to revised decisions…It IS NOT about managing risks, it IS about optimizing performance.
Now as a risk manager, you may already understand this, but executives may need some convincing. Below are four actions you can take to help change executive perceptions of ERM, in addition to the steps outlined in our previous article…
- Start thinking like management – as I discuss in this article on last year’s State of Risk Oversight report, ERM practitioners “…need to stop thinking like ‘risk people’ and start thinking like management.” This includes talking the language of the business, not using risk terminology. What are ways that risk can be integrated into executives’ daily conversations and decisions?
- Examine potential scenarios – when it comes to big decisions involving uncertainty, work with relevant individuals and departments to develop scenarios, determine which ones are most likely to occur, determine how to ensure success, and develop plans around these likely scenarios. Consider also developing high-level plans for those unlikely scenarios; after all, you do not have a crystal ball into the future to know what will happen.
- Consider rebranding – this may be the biggest step you can take and one I’ve addressed in the past. If ERM is there to be an enabler of success and not a roadblock or “Debbie Downer” to initiatives, should its name within the company change? Some companies refer to it as “Enterprise Risk Advisory.” Or, you can take the “risk” out of the name altogether. Our friend Hans suggests that risk management should really be thought of as “Decision Quality Assurance.” Another potential option includes “Decision Management,” or as Norman Marks suggests, “Success Management.” Whatever title and branding you choose, it should be made clear that you are there to provide support, not follow a strict process.
- Closely examine reporting structure – where ERM resides in the company hierarchy is also important for improving the perception of ERM. If it’s housed within the internal audit function, executives and managers may feel they’re under the microscope. If it is taken out of management altogether and reports directly to the Board, ERM will be seen as preventing management from taking too much risks, as explained by Norman in this recent piece.
Whatever you do, it’s important to quit doing the things you’ve been doing all along and expect a different result as Norman points out in his analysis of the NC State report. After all, that is the definition of insanity–you keep doing the same thing and expecting a different result.
Following the chaos of 2020, more and more executives are open to making changes for better preparing and making their companies more agile in the face of increasing uncertainty.
However, if the perception of ERM does not change significantly, and fast, there’s a real risk (no pun intended) that automation will displace the need for an actual “risk manager” in the years ahead.
Do you struggle with the perception that ERM is just another compliance exercise at your company? What changes have you made to combat it?
It’s clear from this year’s survey of the dismal perception many executives have of ERM. If you have any thoughts on how to improve this beyond what I’ve mentioned above, please feel free to leave a comment below or join the conversation on LinkedIn.
If you’re struggling to change the perception of ERM from one of compliance and failure prevention to one of success enablement, please don’t hesitate to contact me to discuss your specific circumstance and options for making this change.