December 1, 2012

Cover Story

Rocky Recovery

Naughty boys and girls in Utah may not find lumps of coal in their stockin...Read More

Featured Articles

Joel Peterson: The Secret to Great Leadership

Jeanette Haren: A Passion for Education



Around Utah
Around Utah

Legal Briefs
Profits Interest

Money Talk
An Alarming Trend

Economic Insight
A Time of Giving

Lessons Learned
The Right Consistency

Smart Strategy

Don’t Peeve the VC

Business Trends
On the Map

Living Well
Off the Beaten Slope

Editor's Note
Is Your Company Headed Toward an Employee Shakeup?

From the Get-Go

Best Companies to Work For

Reader's Choice
The Goods at Sweet Cake Bake Shop

Innovative and Invisible

Industry Outlook


An Alarming Trend

Does Enterprise Risk Management Really Work?

Frank Campagna

December 1, 2012

Enterprise risk management (ERM) has become a buzz term over the past several years. Most likely, if you are in management at your company, you have been inundated by articles, fliers, emails and consultants trying to sell you on the idea of implementing ERM at your organization. As practitioners of ERM implementation, we are surprised just how few professionals truly understand the spirit of ERM and what it is meant to accomplish at your organization.

ERM will never be the same at any two organizations, but it does have common elements that are often overlooked. ERM is meant to address four key elements:

  1. apply the company strategy
  2. across the whole enterprise
  3. within the company’s risk appetite
  4. while trying to achieve the company’s objectives

We’ve never offered our clients a piece of paper with a definition written on it and expected them to think they got their money’s worth, and that is not how we approach ERM. However, in the spirit of enterprise risk management, a definition is something that we often start with when assessing our clients’ needs. We find that most companies do not have the four key elements defined for their organization. Without this, we can’t begin to create the platform that will define your organization’s risk management.

When our firm is asked to assist in the creation of an ERM program at an organization, we are often boldly asked how often the program actually works as designed and, more importantly, how often it fails. It’s difficult to put on a stoic face and pretend, so the response is “most don’t work as designed, and eventually most fail.” Although this sounds like ERM is actually an act of futility, it really doesn’t have to be. Adequate preparation can prevent the catastrophe of a lot of wasted time documenting a charter, identifying KRIs (key risk indicators), appointing personnel within your organization to the ERM committee, and so on.

It is here that we are reminded of an oft repeated saying: “When you fail to prepare, you prepare to fail.” While at times this may not sound all that profound, in essence, it really is!

Let’s take a look at the trends of failed ERM programs:

Poorly Defined Strategy or No Strategy at All
So many times we are asked to assess a company’s ERM platform only to find that few, if any, within the organization (the “enterprise”) have a clue as to their organization’s corporate strategy. This is why it’s one of the first questions we ask. Additionally, there are often issues surrounding a “need-to-know basis” mentality.

No Executive Buy-in
Let’s face it, ERM starts at the top. If the executive management and/or board of directors are not sold on it, that leaves little chance of success. For example, if the ERM committee recommends not moving forward on a company initiative because of risks that may be harmful to the organization, but the CEO (who doesn’t believe in the value of the committee) doesn’t agree and moves forward anyway with little regard to the recommendation—this can be the start of the unraveling of the ERM program (because the group really is an act of futility).

Inability to Demonstrate Value
This is an obstacle that is a danger at so many levels. Obviously, if executive management does not feel that ERM provides value to the organization, it is doomed. However, the same goes for operational personnel—those that are the revenue generators. If the corporate culture is not one of open communication, it will be difficult to keep them on board. Even if senior management is 100 percent behind ERM, if the masses do not get behind it, it is, once again, doomed.

Lack of Dedicated Resources
All too often, organizations think that the ERM function is a part-time job. The truth is, ERM needs a dedicated leader to be successful. There are many moving parts of a world-class ERM function, and organization of those parts is vital. If you think your organization can have a great ERM function without a leader that is dedicated to the ERM program, or he/she does not completely understand the risk profile of your company…well, good luck! We have seen all too often the many failed attempts because this occurs.

ERM is probably the best gauge your company can put in place to manage your company’s risk. This commentary is not meant to deter any company from ERM. On the contrary, this is meant to touch upon some of the obstacles each and every company faces in its endeavor to apply a successful risk management program. All of the above-mentioned obstacles are examples of a lack of preparation. If you are serious about ERM and hire an experienced professional, either internal or external, to help you prepare your ERM program, these pitfalls are avoidable. Don’t let your program become a statis.

Frank Campagna is the Midwest Regional Director for CBIZ Risk & Advisory Services, LLC

Utah Business Social
UB Events View All
Community Events View All  |  90 South 400 West, Ste 650 Salt Lake City, Utah 84101   |  (801) 568-0114

Advertise with Utah Business

Submit an Event

* indicates required information
* Event Name:
Price (general):
Website (if applicable):
Coordinator's Name:
Coordinator's Email:
Coordinator's Phone:
Venue Name:
Venue Address:
Venue City:
Venue Zip:
Event Capacity:
* Event Description: