The new decade will bring massive change to the practice of Enterprise Risk Management (ERM), the field of identifying and preparing for risks and hazards that can interfere with an organization’s achieving its objectives.
In today’s post, I offer five predictions of developments that are likely to shape the world of ERM over the next 10 years.
It’s always risky to make predictions. However, there are a few observations that can be made with confidence about Enterprise Risk Management and the present-day business world:
- Many businesses drag their feet on implementing a good ERM program just like they do with Business Continuity Management.
- Most executives acknowledge ERM is important, but they are more interested in making a buck today than with protecting themselves against what might happen tomorrow.
- ERM is one of the best ways to protect the sanctity of an organization.
- The world is becoming increasingly unstable.
- At the end of the day, most executives are rational people.
With these observations as the starting point, I offer the five following predictions about what will happen in the practice of enterprise risk management over the next 10 years:
1. Ongoing Global Disruptions Will Drive Greater Interest and Investment in ERM
We are currently in a period of rising global disruption—environmentally, economically, technologically, and politically.
This will likely continue over the next decade. As a result, the news every day will continue to remind business executives that their businesses are vulnerable.
If these individuals are rational—and I believe they mostly are—they will begin to develop a greater interest in one of the few tools available to them to manage the increasing risks they face: Enterprise Risk Management. They will also begin investing more resources in ERM.
In a way, this trend is inevitable based on the current, unfortunate low level of commitment to ERM. Business leaders’ willingness to support ERM can only go up, and I believe it should and will. In an increasingly chaotic world, investing in ERM is the safest and most responsible course of action.
2. Fear of their Companies Being Harmed by Social Media Will Compel Many Reluctant Executives to Embrace ERM
One of the things business executives are most afraid of today is getting torched in social media.
In the old days, something questionable could happen at a company, and there was a good chance nobody on the outside would ever know about it. Nowadays, the news can and often does get out, leading to a strong reaction on social media. Brands get tarnished and a company’s reputation can change on a dime. You can be done in a day.
Executives’ fear of social media is legitimate and the basis for it is unlikely to go away soon. I think this will be a continuing and growing source of anxiety for business over the next ten years. This anxiety is likely to compel many executives to begin exploring how ERM can protect them.
3. Organizations Will Finally Begin Implementing ERM from Top to Bottom
I think over the next 10 years, we will increasingly see organizations implementing ERM from top to bottom at their organizations. In a way, this is like the first prediction: this type of integration is so low right now, it can only increase.
It definitely should increase, because it works. Embedding ERM at all levels means routinely evaluating risk at all levels, from the C-suite (e.g., an executive embroiled in a #MeToo scandal) down to the level of operations (e.g., people not wearing their safety glasses on the assembly line). This approach is effective and cost-effective. It’s the best way to protect the sanctity of the company.
It also reduces the disconnect we often see today between management’s view of what the risks are and the assessment of the people in the field.
4. Business Will Increasingly Turn to Specialized Software to Help with ERM
With accurate data about your organization and environment, you can navigate more safely, avoiding danger and finding opportunities. Over the next 10 years or so, this reality will lead business to turn increasingly to specialized ERM software—software that helps them see at a glance the risks present in their operations and environment.
Such software typically features dashboards providing instant insight into the company’s risk across multiple areas, including raw materials, supply chain, parts and equipment, operations, financial and liquidity, business continuity, and human resources.
These dashboards are similar to those in BCMMETRICS’ suite of tools for business continuity.
This is another area where I think the number of organizations going this route will increase partly because it makes sense and partly because the numbers can only go up given the current state of affairs.
Today even large companies I know of are managing enterprise risk using Excel spreadsheets—a method that provides highly limited visibility into enterprise risk.
As always with dashboards, the real challenge will be making sure the data is good and current.
5. Increasing Supply Chain Complexity and Disruptions Will Prompt Business to Begin Looking Not Just at 3rd Party Suppliers but Also at 4th Party Ones
One of our mantras at BCMMETRICS and MHA Consulting is that companies need to look not just at their own resiliency but at that of their third party suppliers. In the coming years, I think we’ll see an increasing concern with businesses looking a level beyond that, to their suppliers’ suppliers. If your critical suppliers are dependent on various vendors, those vendors’ vulnerabilities contribute to your enterprise risk profile—even if you don’t know their names or where they are based.
The current situation in China, with the country being virtually closed for business due to coronavirus, has shown more than ever businesses’ vulnerability to disruptions caused by suppliers at even the farthest ends of their supply chains.
THE FUTURE OF ENTERPRISE RISK MANAGEMENT
The coming decade should, and I think will, see more businesses implement an Enterprise Risk Management program, embedding risk assessment at all levels. In an increasingly unstable world, not doing so runs counter to the interests of everyone involved, from the senior executives to the most peripheral stakeholders.
For more information on enterprise risk management and other hot topics in BC and IT/disaster recovery, check out these recent posts from BCMMETRICS and MHA Consulting:
- Go Like a Rocket: 3 Tools to Help You Manage Enterprise Risk
- Rethinking Risk: A Better Way to Think About Risk in Business Continuity Management
- The 5 Most Important Risk Mitigation Controls
- Everything You Always Wanted to Know About Managing Risk but Were Afraid to Ask
- What to Look for in Business Continuity Compliance and Risk Software
- Solving the Puzzle of the Operational Risk Management Lifecycle