3 Potential Approaches to Responsibly Outsourcing ERM

On the surface, outsourcing a support function seems to offer the path of least resistance.

Taking this path for a variety of operational areas is certainly tempting and may actually be the best option in many circumstances…but as naturalist and author Henry David Thoreau somewhat cynically puts it – “the path of least resistance leads to crooked rivers and crooked men.”

While outsourcing ERM may be preferable for different reasons, it isn’t always the correct (or best) option in many circumstances. Now I’m not trying to say there should be no outsourcing of ERM period – there are certainly situations where it’s advisable, especially since a consultant or some other outside party is not mired in the day-to-day office politics.

In the end, the heart of ERM and its potential value lies in embedding a certain culture and mindset into the very fabric of the organization’s approach to decision-making and leadership, while nurturing relationships, so it would naturally be counter-productive to  completely outsource ERM.

But it’s also important to remember that your organization may not have the expertise or tools to handle every situation.

There are certain aspects of ERM like developing processes and governance documents that can be outsourced provided that person/firm understands your organization and its culture.

Finding someone for tasks like these can be daunting though. What happens too often sadly is a big consulting firm is called in where they hand over a “standard” ERM framework that ends up not working. As risk professional and executive Julian Talbot puts it:

It can be challenging to find people who are genuinely subject matter experts, not just in risk, but also in developing real-world solutions to business risks.”

Before going any further, the focus of this article is not necessarily about finding the right consultant or ensuring engagements deliver exceptional value. Instead, let’s talk about different methods or approaches for outsourcing ERM in an effective way, which can include:

  1. Contractor

This person may seem like they are an employee. In fact, many will view this individual as just another co-worker in many cases since they’re embedded full-time in the day-to-day.  Instead, this person has specialty skills and was brought in for a clearly defined task and specific span of time (like six or 12 months). They receive a fee for their time and no other benefits that an “employee” would expect.

An example can include someone with specialized technical skills combined with risk experience to help setup an ERM software or some other system. Another example is someone with experience in certain markets or transactions your company wishes to enter into.

While this individual is focused on helping the company with its project and initiatives, part of their responsibility often involves training one or more employees, so the contractor can transition their work when the contract is complete.

  1. Direct consulting engagement

If there is an urgent issue or some other immediate need and the company does not have skills in-house to handle it, an external consultant can be brought in for a quick turnaround project. As a risk and strategy consultant (mostly for insurance companies), I encounter these situations on a regular basis.

One example of a quick turnaround project that comes to mind is developing a high-level plan for how ERM should look and function, then compiling the information into a presentation for the Board for a company with absolutely no ERM experience.

But depending on the need, it may be more beneficial to develop skills in-house in the long run.

Besides asking “can we?” before a potential engagement, the other question executive coach David Fields says company’s should be asking is “should we?” In his book The Executive’s Guide to Consultants: How to Find, Hire, and Get Great Results from Outside Experts, Fields explains:

For a great soup-to-nuts overview of how to get the results you’re after when engaging with a consultant, David’s book is a fantastic source.

  1. Ongoing advisory services

Many risk professionals and executives tend to overlook the possibility of hiring a consultant or expert as a long-term coach or advisor. At times, all that’s needed is the expertise and intellectual property a “consultant” brings to the table. This person can act as a sounding board for ideas, bring a fresh set of knowledgeable eyes to review a document, or provide some different perspectives into a challenge. .

Many risk and other managers don’t consider this as an option because of a mistaken belief that a consultant is only good for “doing the work.” It’s true that this is usually the case with bigger firms like KPMG, E&Y and PwC. However, smaller consulting firms (like mine) are better able to tailor an offering more to client’s needs and budget.

Many tend to think that hiring any sort of “consultant” in any way is going to cost lots of money, but this doesn’t have to always be the case.

What many tend to do instead is attend conferences and network with peers either at the event itself or online. The benefits to this approach are usually rather limited, which is why advisory or coaching on a continuous basis can meet this need without breaking the bank.

Outsourcing ERM may seem like a good option on the surface, but that isn’t always the case. But when it’s determined that outside help should be brought it for certain skills or knowledge, these three approaches are ways this need can be fulfilled in a safe and effective manner.

How does your company handle outsourcing ERM-related activities?

To share your thoughts, please feel free to leave a comment below or join the conversation on LinkedIn.

And if you prefer, you can send comments privately to comments@strategicdecisionsolutions.com.

Outsourcing ERM effectively can be more of a challenge that it initially seems, but it can be beneficial to the company as a whole if done right. For help on understanding what your company should outsource and what you should develop in house, please don’t hesitate to reach out to me or schedule a one-on-one meeting today to discuss your specific situation!

Sign Up For Our Newsletter

Sign Up For Our Newsletter


Meet Carol

Helping companies achieve their vision and strategy, and succeeding in today's turbulent world, is something I'm honored to be a part of. Whether you're an occasional blog visitor or a long-term client, thank you for letting us be a part of your journey.

Most Recent Posts

The 12 Days of ERM Christmas

Without a doubt, one of my family’s favorite holidays is Christmas. Part of the fun, especially for our son, is seeing what “Santa” brought, but most importantly, we treasure the spirit of peace and goodwill the season brings. And after what seemed to be a never-ending warm spell, the weather is expected to be good…

Read More

Don’t Let Goals and Initiatives Be Blindsided by External Events

As the end of the year draws near, I think we’d all agree that while it wasn’t without its challenges, this year also wasn’t quite as turbulent as the previous two. While a lot of people are juggling company parties, shopping for friends and family, and special activities for the kids, most companies are putting…

Read More

Going the Distance: Ensuring Successful Execution of Strategic and Annual Initiatives

Strategic planning is a challenge – of all people, I understand… After all the meetings, risk and data analysis, and brainstorming of the preceding months, it’s tempting to think this is the end of the road and you can relax. Contrary to this common perception though, this is exactly not the time to relax, but…

Read More

Avoid Rookie Mistakes and Protect your Internal Reputation

Be honest – have you ever done something that you soon realized was a real rookie mistake? Me raising my hand… Considering the nature of ERM’s role to ask questions and challenge assumptions (often during conversations with executives), it can be argued that, in at least some cases, the expectations bar for risk professionals is…

Read More

ERM at Thanksgiving – An Illustration of Risk Management in Action

On occasion, I like to take some of the concepts we risk professionals think about in our jobs and apply them to different personal situations…take some of the same concepts we use when working with executives to develop corporate strategy and manage risks or uncertainty around that strategy. It’s Thanksgiving week in the U.S. –…

Read More

Why Quantitative Risk Assessment is Not Just the Best But the Only Option – A Conversation

Periodically, I have the pleasure of speaking one-on-one with Hans Læssøe on a variety of topics around ERM, strategic risk, and other issues and trends. As you know from my previous conversations (here, here) and posts featuring his work, Hans was formerly a practitioner at the iconic LEGO Company, but even more notably, is a…

Read More

The Three Lines Model – 3 Reasons Why I Don’t Like It

Everyone likes a clear-cut template that offers an easy way to create or manage something…I mean what’s not to like about a step-by-step process for accomplishing what you want? Sometimes this can work without any issues, such as the case with the Project Management Book of Knowledge (PMBOK), ISO 9001 standard, or a new cooking…

Read More

5 Avenues for Expanding your ERM Knowledge

One thing I was taught to appreciate from a young age was the value of education and knowledge. It didn’t necessarily matter what the subject was, just that I always maintain a learning or growth mindset regardless of my current status in life. This mindset has served me well over the years, and it’s a…

Read More

Storytelling and Risk Management – Developing Skills that Technology Cannot Replace

It’s amazing how technology has developed and changed our working world over time. Imagine trying to run my risk and strategy consulting firm without tools like Zoom, Box, Slack, and other ERM-specific technology tools. There is no way we would be able to serve our clients the way that we do. Just consider how the…

Read More

3 Phases to Creating and Launching an ERM Program Focused on Organizational Success

If you’ve been handed the task of creating an ERM program for your organization, let me first offer my congratulations quickly followed by my empathy for the task ahead of you. I don’t say that to scare you but to provide a small dose of reality. Building, launching, and refining an ERM program that is…

Read More