An uprising in Egypt or a catastrophic natural disaster in Japan can make a company stop and think about how that event impacts their business. And events like these are helping to spur companies to fully embrace enterprise risk management (ERM).
This is a good thing. And, according to some, it’s only going to get better.
James Lam, president of risk-management consulting firm James Lam & Associates, has high expectations for the future of ERM, telling CFO magazine that “We’re going to make more progress in ERM implementations and its standardization in the next couple of years than we did in the last dozen.” According to his research, almost 90% of global organizations with more than $1 billion in revenue are either putting an ERM program in place or, in 25% of those cases, already have a program up and running.
Russ Banham, a contributing editor of CFO magazine, also has some great insight into the present state and future situation of the risk management movement. He penned quite an interesting ERM article that was published today. In it, Banham states that it’s not just black swan events that are to credit for the spike in ERM popularity, three trends have also caused an increase in interest.
- Corporate boards are under regulatory pressure to address risk management explicitly.
- Proponents of ERM are making progress in having it acknowledged as a best practice for overall risk management.
- New technologies are enhancing companies’ ability to evaluate, measure, and prioritize risks, and to test and report on their potential impact.
Banham points to the Dodd-Frank Act, the fact ratings agencies factor in ERM criteria into their ratings process, COSO II (the Committee of Sponsoring Organizations) and the SEC’s sharpened stance on risk management as why some companies, especially larger ones, have no option other than the fully implement an ERM program.
Governance issues aside, ERM would get a major boost if it were widely regarded as an industry standard for best practices. “We are not talking about a one-size-fits-all standard, since risk management is part art and part science, and organizations differ by geographies, markets, business lines, and organizational structure,” Lam says. “It can, however, be an industry-by-industry standard, customized by companies within a given industry.”
Optimism aside, most companies still have a long way to go in terms of developing a comprehensive, efficient and successful ERM strategy. As we see by the second graphic below, more than half of companies still have little or no common risk management processes implemented.
Let’s hope Lam’s predictions come to fruition.
