At a recent St. John’s Center for Excellence in ERM Summit ERM leaders reported the top ERM ways they support their organizations. One ERM leader noted that they provide gap/risk assessments to business units before new systems and programs are deployed. Another ERM leader stated they do pre-business partner risk assessments, and another has ERM get involved in projects above a dollar threshold. As seen in the numbers below, around 60 percent or more of ERM leaders provide definitions, tools, deep dives, and bring in external thought leaders. Others help with monitoring, building ERM, and offering risk guidance, risk workshops, and risk assessments. ERM has clearly become a busy job with many tasks and an expanding job description. Gone are the days of the annual survey being the only thing some ERM leaders achieved. 

One ERM leader highlighted that the tools not only enable ERM but they also change the culture, specifically noting that the tool helps them drive focus and message and also help communicate risks. Another ERM leader shared the importance of a risk taxonomy and how it can be used to create transparency across processes, thereby furthering ERM integration. Other interesting ERM offerings include independent review/challenge, quantitative assessments, and linking risks to other risks (emphasized in the new COSO 2017 Framework). 

Independent review & challenge

2%

Quantitative risk assessments

36%

Development of risk training and videos

43%

Policies

45%

Risk consulting

50%

Linking risks to other risks

55%

Definitions

61%

ERM tools

61%

Risk deep dives

64%

Bringing in external risk thought leadership

66%

Risk monitoring

68%

How to identify and build an ERM approach

68%

Risk guidance

70%

Risk workshops

70%

Risk assessments

89%