The risky business of enterprise risk management (ERM)

ERM has been a key part of most organizations’ strategic and operational plans for decades. Now, in one of the most turbulent economic environments ever, it’s taking on even greater importance. Learn how risk managers are navigating the future.

Accountants, to a large extent, have always been guardians of organizational risk. But, the holistic approach to risk management that’s popular today isn’t something that really took hold until the early 1970s, when Gustav Hamilton, risk manager for Sweden’s state-run holding company, Statsforetag, proposed a “risk management circle” to account for all the ways in which risk plays out within an organization, from assessment and controls to financing and communication. Risk managers became key players in each major strategic move that was made.

Today, however, the idea of a risk manager is somewhat passé. “We are all now responsible for understanding and communicating the risks our organizations face,” explains Gord Beal, CPA Canada’s vice-president, Research, Guidance and Support. And it’s not just about financial risk. “Enterprise risk management has to consider everything from ‘Will this organization continue to exist in the longer term?’ to reputational risk to operating risk to human resource risk,” he notes. “ERM is really a full-scale embedded approach to managing risk.”

Beal also argues that one of the major changes in recent years is how the field of risk management has become more proactive — not just accounting for what’s happened, but also for where things might be going. “The strategy and opportunity side of risk certainly has become a bigger part of the conversation,” he says. “So it’s not just about managing risk; it’s now about where there are opportunities to innovate, to transform, and to be prepared for issues that are coming at the organization.”


CPA Canada recently released a report, Drivers of Change: Navigating the Future, that aims to help organizations be prepared for such issues. Based on conversations with Canadian leaders in business, government and academia—as well as an extensive review of literature from thought leaders around the world—the report is part of a multiyear process to help inform and educate CPA members, as well as the broader business community. From economic to environmental to technological issues, as well as societal and geopolitical factors, it’s clear that risk is now all-encompassing.

The key challenge facing business leaders, whatever their industry, is that the risks of yesterday aren’t the risks of today—and they won’t be the risks of tomorrow. So how does a leader prepare for the unknown pitfalls ahead? By having the courage—and taking the time—to ask a lot of tough questions, suggests Beal.

“It’s very easy to say, ‘We’re too busy — we’re running our business, we’ve got to make sure that we meet the demand, we’ve got to live up to our customer expectations, deliver on time.’” The whole busyness of just running your organization, says Beal, can sometimes be used as an excuse for not asking those tough questions. He points to the example of NAFTA, and the uncertainty many organizations on both sides of the border now face with its proposed renegotiation. “In an organization that’s highly reliant on the U.S., they should be taking a fair amount of time right now and stepping back and asking themselves some very difficult questions. And to start to think of, ‘Okay, let’s think of the worst-case scenario. Let’s say that NAFTA is thrown out and all the benefits that we’ve been getting for the last however many years are going to be gone. How is our organization going to look?’”

Ultimately, those organizations that are best able to manage risks are the ones that are willing to embrace turbulence and not rigidly adhere to the way things were.

“I think organizations have a tendency to expend a ton of energy on trying to stay the same,” Beal says. “And in fact, in trying to do that, they’re actually changing more than they realize—because the reality is the outside world is changing.”

The key to future success, Beal argues, comes down to organizational learning. “You need to establish the signals within the organization so that you can identify what’s going on quickly—and then quickly turn it into how the organization behaves and, ultimately, operates.”


How does your organization handle ERM? Does it at all? Post a comment below.


The views and opinions expressed in this article are those of the author and do not necessarily reflect that of CPA Canada.

You may also be interested in:

Climate change is a business issue. This publication outlines 20 questions for boards of directors to ask in overseeing organizational risk management, business strategy and performance in the context of climate change.

Re-examining the board's role in the oversight of risk continues to be a hot topic in the aftermath of financial crises and global recession. Go beyond principles and receive valuable guidance and tools that help directors discharge their responsibilities.