Is ERM Worth the Cost?
Updated: Oct 1, 2019
This is a world full of products. Companies convince consumers the latest version of a product is a must buy. A great example of this is Apple’s iPhone. Every year or so, Apple releases a new upgraded version of the iPhone, and like most, I find myself excited when the latest iPhone comes out. Like millions of customers, I even do the pre-order thing. I go through all the registration screens as quickly as possible. Finally, I get to that last screen, excited to hit submit, when something catches my eye.
What you ask? It is a $1,500 price tag. I am frozen. I find myself thinking, is the newly promoted phone worth the expenditure? A lot of the functions in the new iPhone I will never use. But guess what? We are a culture that thirsts for that next new thing. Maybe a small portion of the population will utilize the new enhanced functionality. I’m willing to bet a majority, however, just enjoy having the new device — a sort of bragging rights to family and friends.
Why do companies continually upgrade products? The obvious reason is to sustain profitability and relevance. At this point you are probably asking yourself, what does this example have to do with risk management?
The practice of risk management has been around in some fashion since the beginning of time. The traditional risk management process has always been: risk identification, risk analysis, choose a strategy to control or transfer the risk, implement that strategy and monitor.
An upgrade, enterprise risk management (ERM), emerged as a concept in the mid-90s. ERM is a strategic, continuous activity, involving all of management to analyze the risk of the business from a holistic perspective. The goal of an ERM initiative is to create, protect and enhance stakeholders’ value by managing the uncertainties that could influence achieving the organization’s objectives.
As risk management professionals, we are inundated with ERM marketing materials from consultants and industry organizations offering a version of a product we already have.
However, let’s look at the cost. To successfully implement an ERM program, the key is to be able to answer most of the following questions in the affirmative:
Is your organization capable of providing relevant information to all the stakeholders?
Is your organizational culture ready to make the change to an ERM approach? (Silos are probably the number one impediment to a successful transition from a traditional to an enterprise approach.)
Is your organization willing to define its risk appetite and risk tolerance levels?
Is this new initiative going to be driven down from the top?
Is this new initiative going to be supported by the executive team?
Is your champion for this initiative able to establish a clear vision of the program?
Here is my correlation.
Just like the Apple iPhone upgrade, in my opinion, ERM is an improvement over the traditional version of risk management. It can optimize risk assessment, improve risk management performance, secure shareholder value, strengthen business resilience and increase efficiencies.
But like the high price tag of Apple iPhone, ERM comes with significant cost. In other words, we are at the submit screen for ERM. Each organization must determine if can it afford the price tag.