This week the Harvard Business Review released findings from a study conducted with the insurance company Zurich on Enterprise Risk Management (ERM). And once again we see ERM being a topic that is getting more and more attention from boards and senior management. However, of the over 1,400 organizations surveyed, only 1 in 10 indicated their executive management was “highly-effective” in the area of risk management. Still lots of room for improvement.
This study produced a number of other great insights, but the one that caught my eye was what they found to be the top barrier to better risk management is “Over-focusing on compliance rather than fundamental processes (42%)”. This is what we have been finding with our customers. Governance, Risk and Compliance or GRC has failed to deliver on the promise of risk management. For the past decade this has been the focus of many organizations, in an attempt to gain better control of risk, but it simply has not worked. And now HBR and Zurich are citing this over-reliance on GRC as a major barrier to risk. It just makes sense.
Governance and compliance are of course important parts of the risk management process, but they are in no way the complete picture. If a business or organization is looking to really wrap their arms around their risk, Enterprise Risk Management is the only way to approach this.
HBR and Zurich also indicated that companies are putting increasing value on the ability to link risk to strategy. Again, this is something we see over and over again with our customers. ERM has no value if it is just about compliance and control. ERM has to provide organizations a way to grow, improve and inform strategic decision making. Put simply, Enterprise Risk Management is only valuable when it helps a company WIN.
As studies like this are coming out every week it seems, it is becoming more and more clear that a major shift is taking place in the risk management world. A shift away from GRC, which promised a lot and delivered little, and a shift towards Enterprise Risk management, which truly gives an organization a 360 degree view of risk and helps drive the business forward.
For a summary of the HBR study findings click here.