Pandemic shows the clear business benefits of managing risk from an enterprise-wide perspective - Gartner

For many companies, ERM has become a check-the-box activity during the decade-long period of economic growth, but the coronavirus pandemic clearly shows the need for attention and rigour, according to Gartner.

”The biggest problems with a pared-down, formulaic approach to ERM often don’t emerge until it’s too late,” says Matt Shinkman, practice vice president, Gartner. “Complicated flowcharts and in-depth policy manuals intended to guide escalation decisions during a crisis are often difficult and time-consuming to follow; they aren’t a substitute for an effective ERM function.”

Coronavirus is exactly the type of fast-emerging risk with uncertain consequences that can be ignored until it’s too late for traditional escalation procedures to be effective. When reports of lockdown came from China, most organisations in the West had weeks to act on this information but chose to wait and see.

Better-prepared companies responded to news of minimal spread and rapidly drafted contingencies before the situation deteriorated much further.

Gartner research shows that an agile response occurred far more often when clear processes already existed to report and escalate absences or issues due to infectious diseases. In other words, a proactive ERM team had already set the threshold for escalation quite low to account for the potentially extensive consequences of the risk if no action occurred. Line management also felt empowered to raise the issue and this led to swift and effective mitigation.

The key to delivering effective ERM is to ensure that business executives contribute to evaluating and defining the enterprise risk appetite, says Gartner. This also ensures that ERM can assign risk ownership at the highest level of organisational decision making.

This view clarifies and formalizes the enterprise position that certain risks, such as a pandemic, are threats to strategic objectives like business growth. Leaders can then agree in advance that however remote a risk might seem, its emergence will trigger decisive and quick action to mitigate the effects — driven by a predetermined team of owners and actions.

Aligning ERM with strategy also positions an organization to take certain risks to seize opportunities that might otherwise be missed.

“Risk is like cholesterol, there are good and bad kinds,” says Shinkman. “The bad kind manifests in wrongdoing or poor decisions, but the good kind helps an organization to take bigger, riskier growth bets — which is the single biggest differentiator of profitable growth.”