Only six in ten respondents said their risk management department is responsible for implementing ERM, according to US-based RIMS

Strategy at more than a third of businesses is not influenced by enterprise risk management (ERM), according to a study from the Risk and Insurance Management Society (RIMS).

Some 61% of respondents told US-based industry group RIMS that ERM is being used to inform and influence strategy, while 62% said their risk management department was responsible for ERM activities.

The study – RIMS’ 2017 Enterprise Risk Management Survey – polled respondents ranging from manufacturing to financial services, with 79% of replies coming from primarily US-based firms.

The benchmarking study reported 73% of respondents either having fully or partially integrated ERM programmes within their businesses; for financial institutions, the figure was 92%.

Only 24% of respondents could confirm their ERM programme was fully integrated.

Some 87% agreed that executive management expects the ERM programme to identify, prioritise, manage and monitor major risks.

Researchers asked respondents who did not have an ERM programme “why that is so”, and received the following among the replies.

“ERM is just a shell in our department. Hesitancy to use ERM is primarily due to NOT really wanting transparency. Silo mentality is still going strong,” said one respondent to the study.

“Really tough to get executive level buy-in to implement ERM. Currently no interest in our organization (mostly due to limited cost and staffing resources),” said another, quoted in the report.

“It’s a never-ending challenge,” wrote another.

“We are required to perform extensive risk management, but chronically lack funding, staff and CEO support to realize the potential of the function,” the source added.

Another respondent replied: “The challenge we are facing is ownership of the enterprise risk management assessment. For us to achieve the expected value of ERM, business units need to be more involved in the process.”

The study noted that “there is still work to do”, while also charting progress from previous years.

Carol Fox, RIMS’s vice president of strategic initiatives, commented: “We have seen great progress in the effectiveness of ERM but there is still a large percentage of organizations that have yet to take advantage of the potential value of a fully-integrated ERM approach.

“As more information becomes available, the onus is on the risk professional to communicate the benefits of ERM to gain critical buy-in and resources from leadership,” Fox added.