WillisWire Contact Author

Issue 07 / October 2015

How ERM can help risk managers to support the C-suite

At a glance
  • ERM programmes can reduce variability in financial results and minimise operational losses
  • Risk managers need to demonstrate positive ROI for their enterprise risk-related efforts
  • Must also be able to articulate and manage strategic, operational, financial and compliance risks
Risk management is fast becoming a strategic function within large organisations, and risk managers are integral to the decision-making process, says Todd Williams

More than four fifths (84%) of insurance risk and enterprise risk managers formally report top risk exposures to the board of directors or one of its committees at least annually, found the study 2015 Report on the Current State of Enterprise Risk Oversight, produced by the AICPA & NC State Poole College of Management ERM Initiative.

C-suite's top 7 concerns


The same study cites that, over the past five years, 91% of organisations experienced a “somewhat to extensive” increase in the volume and complexity of risks and 65% experienced operational surprises or “real risk events”.

Systematic approach

The C-suite is demanding more input from risk managers because the biggest risks now facing their businesses are interconnected and often intangible, such as reputation and brand, supply chain resilience, data/cyber security, regulatory risk, competitor actions and geopolitical risk.

Dialogue between risk management and senior management is increasing


As a result, the conventional siloed structures that were used for understanding and managing risks are no longer able to adequately respond to risk issues that have relevance across an organisation.

To manage risk consistently and effectively across functions and business units, businesses increasingly turn to enterprise risk management (ERM), defined simply as “a systematic approach to effectively identify, manage and communicate risk across an organisation”. ERM allows organisations to:

  • Develop a consistent sustainable approach to identify and evaluate risk
  • Agree on common risk management objectives
  • Assimilate/coordinate organisational risk management silos
  • Assign roles/responsibilities for managing risk
  • Define the types and levels of acceptable risk
  • Effectively communicate risk issues
  • Embed risk awareness/risk management throughout the organisation.

Senior management that risk managers most often report to

Largest Organisations

Board of directors or committee of the board

CEO or president



Strategic tool

An effective ERM programme can increase organisational value by reducing variability in financial results and minimising operational losses by identifying, managing and communicating the most critical risks to achieving strategic and organisational objectives.

Businesses find they can capitalise on risk opportunities and protect or enhance their market reputation as well as support governance and credit rating requirements.

Causes of increased risk awareness


Almost half (48%) of organisations view ERM “somewhat to extensively” as a “proprietary strategic tool that provides unique competitive advantage”, found the 2015 Report on the Current State of Enterprise Risk Oversight.

An enterprise-wide remit means that the risk managers of tomorrow must have a substantial toolkit that helps them to assess, articulate and manage major strategic, operational, financial and compliance risks.

Influencing senior management

How risk managers can add more value to boardroom decision making


Critical to success, risk managers need to be able to demonstrate positive ROI for the enterprise risk-related efforts of business partner stakeholders, frequently under significant time and resource pressures.

This isn’t easy, but there are practices that ensure successful ERM including:

  • Embed risk management with strategic planning – focus risk assessment on risks that could prevent achievement of strategic objectives
  • Build ERM programmes incrementally – demonstrate stakeholder value in each step
  • Focus organisational and stakeholder time/ resources efficiently only on the critical risks that really matter
  • Keep it simple – enterprise risk management does not have to be complicated to be effective.

How critical is enterprise risk data to C-suite and board level decisions?

Very important, it would seem: the board of directors of 80% of public companies “reviews and discusses in a specific meeting the top risk exposures facing the organisations”, found the aforementioned study.

Ultimately, effective ERM improves a company’s understanding of how risks impact its strategic and operational objectives. A risk manager providing this essential decision making support will prove invaluable to the C-suite and board alike.

Find out more

Photo of Todd  Williams
Todd Williams


Todd is part of Willis Risk & Analytics, Strategic Risk Consulting, an international resource and consulting practice specialising in enterprise risk management, risk analytics, and alternative risk financing.

Tackling tax evasion: It’s not the “what” but the “who” that’s worrying directors
The Criminal Finances Act received Royal Assent on April 27 and is expected to come into force sometime in 2018. It’s already a crime to evade tax and assist taxpayer intent on evasion. So what’s the big deal and why …
A House of Commons Select Committee Spells Trouble for Company Directors, and Joy for the Plaintiffs’ Bar
A little while ago, I blogged about the Financial Reporting Council’s (“FRC”) proposal that it be given the power to impose sanctions on all listed company directors who preside over serious accounting irregularities. Now it seems these proposals not only …
What financial institutions need to know about the Financial CHOICE Act
Dodd-Frank is one step closer to getting repealed — but there’s still a ways to go. Financial regulatory reform is making its way through Washington. The House has passed the Financial CHOICE Act and the bill will now makes its …
DOL’s new rule is now in effect — wave of fiduciary litigation may follow
No more delays. The Department of Labor’s (DOL) new fiduciary rule goes into effect today. While the DOL is willing to provide temporary enforcement relief to fiduciaries diligently working on compliance, the door is now open for civil litigation. What …
Photo of Todd  Williams
Todd Williams


Todd is part of Willis Risk & Analytics, Strategic Risk Consulting, an international resource and consulting practice specialising in enterprise risk management, risk analytics, and alternative risk financing.

Sign up to our newsletter


Willis Group Holdings plc is a leading global risk advisor, insurance and reinsurance broker. With roots dating to 1828, Willis operates today on every continent with more than 18,000 employees in over 400 offices. Willis offers its clients superior expertise, teamwork, innovation and market-leading products and professional services in risk management and transfer. Our experts rank among the world’s leading authorities on analytics, modelling and mitigation strategies at the intersection of global commerce and extreme events.

Find more information at our website, www.willis.com

About Resilience

Resilience is the risk management magazine from Willis for business leaders around the world. Each issue explores the latest trends and issues facing multinational businesses as they compete in an increasingly dynamic and interconnected threat landscape.

Subscribe today.