Enterprise Risk Management Ownership: Perception and Impact
Sample a group of corporate middle managers and ask them who owns risk in their organization, then ask them to rank corporate objectives in order of priority and see where enterprise risk management (ERM) falls on that list. You’ll find a direct correlation between the level of the perceived owner of risk (Executive, Senior Management, etc.) and the priority assigned to risk management. As with any significant initiative, when the ERM message comes from the C-Suite, specifically the CEO's office, that initiative is perceived to be of paramount priority.
To take a practical look at this concept, consider two real life projects. Company A has a very involved CEO who charged his senior management team with full commitment to the ERM process and linked this to compensation. He managed his team’s schedules to dedicate significant time to the process. It should not be surprising to know that this phase in the ERM process went extraordinarily well. Not only was the work product excellent, the culture of the company made a profound positive shift.
Company B funneled ERM through non-senior leadership. ERM was treated as a one-time project, not an ongoing process and was piloted in non-strategic functional area. Some good information came out of the exercise, but the end of the exercise was also the end of the project.
Having intimate knowledge of both companies, I can assure you that the swing in results has nothing to do with talent, intelligence or business acumen. The significant difference can be attributed to the presence of executive sponsorship, or lack thereof. Company A made a commitment as an organization to risk management as a process. This company is still reaping the benefits, while the other organization still has ERM on its to-do list.