Effective ERM depends on the right balance between behaviour & formal process

How to set up Enterprise Risk Management to drive competitive advantage

How to set up Enterprise Risk Management to drive competitive advantage

Good risk management helps organisations take measured proportionate decisions where the anticipated risks and expected outcomes are understood and assessed before a decision is made. Effective risk management depends on the right balance between behaviour and formal process.

Media headlines are quick to spotlight the consequences of failed risk management and oversight leading to significant loss and brand damage. Increasingly, this is reported across some of the biggest listed companies, as well as non-listed organisations who experience similar outcomes. Successful organisations embed clear risk ownership and promote high levels of risk awareness to maximise the value across business-as-usual. What this means in practice is that risk must be designed around business needs, be strategic and forward-looking, yet grounded in mitigating operations and employing lessons learnt from the past. Sounds quite simple, yet difficult to master.


The three most common examples of risk management not working effectively:
1. The approach to risk management is not aligned to business objectives
  • Risk voice missing from strategic discussions
  • Risk activities cannot be mapped to business objectives
  • Risk reporting/intel not fit for purpose to drive decisions

2. The approach to risk is purely operational and lacks a strategic view
  • No common vision/purpose for the role of risk
  • Reactive and focused on operational activities
  • Risk not well understood creating “us vs them” culture.

3. Risk management exists following a response to a risk event
  • Project mindset without winning hearts and minds
  • Template-driven approach vs. behaviour-led
  • Risk activities disconnected from other lines of defence.

Transforming enterprise risk management

There is no one recipe that helps determine how risk management can be embedded in an organisation. But the scope, cadence and delivery of an effective Enterprise Risk Managment (ERM) approach do rely on key fundamental principles that can sustainably empower your business in the long-term using a risk lens.

Successful risk management programmes exist in companies where:
  • The role and purpose of risk is clearly defined
  • Risk is aligned to business objectives
  • Strategic view is applied first, operational follows
  • Ownership and accountability for risk exists at all levels
  • A common language driving the risk approach
  • Risk is an enabler to business vs “Us vs Them”

Effective Enterprise Risk Management

Want to learn more?
Contact us

*Original content provided by BDO UK