The Siloed Nature of ERM: A Barrier to Comprehensive Risk Management

A recent report by the Association of International Certified Professional Accountants (AICPA) and North Carolina State University's ERM Initiative highlights a critical challenge in enterprise risk management (ERM): its isolation from other risk disciplines. Despite the growing complexity and volume of corporate risks, only 37% of organizations report having complete ERM processes, with 30% rating their risk management as "mature" or "robust."

The limited adoption of ERM often stems from its isolation at the top levels of organizations. Typically, a small team manages ERM, focusing on identifying and communicating a top ten list of risks to the board. While useful for high-level oversight, this approach fails to integrate ERM with other crucial risk management functions such as operational risk management (ORM), technology risk management (TRM), and governance, risk, and compliance (GRC) programs. This lack of integration prevents organizations from gaining a holistic view of risks internally and from their growing network of suppliers, vendors, and partners.

The report indicates that many organizations do not view their current risk management processes as providing significant strategic advantage, with 65% of executives stating that their processes offer minimal to no benefit in identifying emerging strategic risks. This disconnect likely results from ERM's siloed nature, which inadequately addresses the interconnectedness of risks across various domains of an organization's operations.

The Role of Wheelhouse Advisors' IRM Navigator™

Integrated risk management (IRM) offers a more comprehensive approach, linking ERM with other risk management disciplines. Wheelhouse Advisors' IRM Navigator™ is a prime example of a tool designed to facilitate this integration. The IRM Navigator™ helps organizations break down silos, ensuring that risk information flows seamlessly across departments and levels of an organization. This integrated approach enhances risk identification and management and supports strategic planning and decision-making by providing a clearer picture of the risk landscape.

The 2024 IRM Navigator™ Annual Viewpoint Report by Wheelhouse Advisors underscores the importance of viewing risk comprehensively, highlighting the interconnected nature of various risk types. The report notes that organizations leveraging integrated approaches are better positioned to anticipate and respond to risks, thereby protecting their business models and enhancing strategic decision-making. The IRM Navigator™ enables organizations to see beyond traditional ERM boundaries by incorporating elements of ORM, TRM, and GRC. This holistic view is crucial in today's environment, where risks associated with disruptive technologies, cybersecurity threats, and geopolitical shifts are increasingly prominent.

Moreover, the external environment is evolving rapidly, with new risk factors continually emerging. Organizations that fail to integrate risk management processes may be ill-prepared to navigate these challenges. The report notes significant variation in how frequently risks are communicated to the board, and only a minority of executives believe their ERM processes would effectively manage a considerable risk event impacting their organization's reputation and brand.

Call to Action: Embrace Integrated Risk Management

To address these challenges, organizations must re-evaluate their approach to risk management. Senior executives and CFOs should prioritize developing integrated risk management frameworks that bridge ERM with ORM, TRM, and GRC disciplines. This integrated approach will enable organizations better to manage the complexities of today's risk environment and support long-term business viability and value creation.

Organizations looking to implement or enhance their IRM practices can benefit from tools like the IRM Navigator™, which offers a comprehensive framework for aligning risk management processes with strategic objectives, ensuring a proactive and coordinated approach to risk oversight. Resources such as NC State's ERM Initiative, its searchable ERM Library, and executive learning opportunities are invaluable for building a robust, integrated risk management capability. By embracing integrated risk management, organizations can protect themselves against a rapidly evolving risk landscape and turn risk management into a strategic asset that drives better decision-making and business outcomes.

References:

• O'Bannon, I. M. (2024, July 25). Uncertainty and Global Risks Outpace Risk Management Processes. CPA Practice Advisor. 

• Beasley, M., Branson, B. (2024) State of Risk Oversight Report: 15th Edition.

• Wheelhouse Advisors. (2024). IRM Navigator™ Annual Viewpoint Report.