Enterprise Risk Management: Are Companies Doing Enough?

Enterprise Risk Management: Are Companies Doing Enough?

Enterprise Risk Management (ERM) refers to the systematic and comprehensive process of identifying, assessing, and mitigating potential risks that may impact an organisation’s operational efficiency and achievement of strategic objectives. In a global environment defined by volatility, digital disruption, and heightened stakeholder expectations, ERM has become more than just a safeguard—it is a strategic imperative.

The Evolving Importance of ERM

While the concept of ERM first gained traction in the early 1990s, its adoption has remained inconsistent. Often perceived as a regulatory checkbox or a “cost centre,” many companies continue to approach risk management reactively. This short-term mindset overlooks a fundamental reality: risk is not just a liability—it’s also a lever for growth.

In today’s Information Age, where business cycles are accelerating and threats—from cyberattacks to supply chain disruptions—can emerge overnight, ERM enables agility and informed decision-making. A well-integrated ERM program not only protects the bottom line but also enhances competitiveness.

Why ERM Still Struggles for Priority

Despite its benefits, ERM is often seen as a drag on enterprise momentum—something that consumes resources without driving revenue. However, this is a flawed perspective. Leading organisations view risk management not as a bureaucratic hurdle but as a value enabler. In fact, companies with mature ERM frameworks often outperform their peers during periods of economic uncertainty because they are prepared to pivot with clarity and confidence.

Risk: A Double-Edged Sword

The term “risk” typically conjures images of failure, crisis, and disruption. However, in business, risk is fundamentally tied to reward. It represents the spectrum of uncertainty—from worst-case scenarios to breakthrough opportunities. ERM allows businesses to approach risk with balance, treating it not merely as something to be avoided, but something to be intelligently navigated.

For instance, ERM can help businesses identify opportunities in emerging markets, spot shifts in consumer behaviour ahead of competitors, or even guide bold product innovations. When companies align ERM with strategic objectives, they unlock the true potential of enterprise resilience.

Lessons from the Past: Nokia and Kodak

History is littered with examples of companies that either capitalized on ERM principles or faltered by ignoring them. Nokia’s ability to diversify and reinvent itself across centuries is a testament to adaptive risk management. Conversely, Kodak’s failure to embrace digital disruption—despite inventing the first digital camera—highlights the danger of clinging to legacy models in a rapidly changing environment.

These cases underscore the value of proactive risk management. It's not just about defending against threats but also about staying relevant, innovative, and forward-looking.

ERM in the Modern Landscape

Today’s risk landscape includes cybersecurity breaches, ESG concerns, geopolitical instability, pandemics, and technological obsolescence. Companies face pressure not just from shareholders but also regulators, customers, and society at large. An effective ERM framework provides a cohesive approach to navigating these intersecting pressures.

More than ever, boards and executive teams are expected to demonstrate risk-aware thinking. This involves understanding their organisation’s risk appetite and aligning it with growth strategies, investments, and operations.

When ERM Goes Too Far

While ERM is essential, it must be implemented with balance. Excessive risk aversion can stall innovation, overburden operations, and lead to a culture of fear rather than initiative. Similarly, over-engineering risk frameworks may create complexity without clarity.

The key is intentionality—designing ERM systems that are fit-for-purpose, adaptable, and aligned with the company’s DNA. Smart ERM doesn't constrain creativity; it channels it through informed foresight.

The Shard’s Role in Empowering ERM

At The Shard, we understand that every organisation is unique. A one-size-fits-all approach to ERM simply doesn’t work. We offer tailored, client-specific risk management frameworks that reflect your operational realities, industry challenges, and strategic goals. Our team of specialists partners with clients to create agile, actionable ERM programs that enable smarter decisions, protect value, and unlock new possibilities.