Support from leadership, the role of the strategic partner, impact on organisational culture and ideas turned into value – are some of metrics of a successful ERM framework. But what do they mean? Carol Williams, enterprise risk management consultant and founder of ERM Insights by Carol, tells us more

In her opening remarks at the 2016 RIMS ERM conference, former RIMS president, Julie Pemberton, focused on signs that enterprise risk management professionals have succeeded in their organisation.

Those signs are:

  • Support from leadership
  • Role of strategic partner
  • Impact on organisational culture
  • Ideas turned into value

Here are my thoughts on why these are four good indicators of success.

Support from leadership: According to the NCSU and AICPA’s 2016 State of Risk Oversight Report, 70% of boards are “somewhat” or “extensively” asking for more senior executive involvement in risk management. That percentage increases for large companies and public companies. And over 80% of organisations experience “somewhat” to “extensive” pressure from outside parties to disclose more risk information.

With all of these influences, leadership has good reason to support ERM activities. After all, if leadership is going to be involved more and disclose more risk information, there should be consistent ways of gathering, analysing, and reporting that information. That consistency is provided by ERM.

Role of strategic partner: ERM has become a strategic partner when business units within the organisation are asking for assistance. When business units are no longer required to involve ERM in various activities but now voluntarily ask for assistance, the ERM program has succeeded in taking that next step. The ERM team now has influence.

Impact on organisational culture: An often nebulous but all-important term that has been defined in so many ways by various people. The easiest way to think about organisational culture is that is a “system of shared assumptions, values, and beliefs, which governs how people behave in organisations” ( The culture is typically exemplified by the organisation’s leadership, by both words and actions. Organisations often have a philosophy about how decisions should be made, so when ERM influences that process for the better, then more success has been realized. Sometimes it takes an incident at one organisation to be an example for other organisations; hopefully, your organisation becomes proactive to avoid a similar incident.

Ideas turned into value: ERM has taken that influence to the next level by helping make ideas a reality, with the reality showing a positive value for the organisation. That value doesn’t have to be financial, but who would turn down a positive financial result? The value could be increasing employee retention, reducing the amount of time spent on a process, or increasing customer service. By gathering and providing actionable risk information, ERM has proven its worth to the organization.

For more articles from Carol, visit her website: