The goal of enterprise risk management (ERM) is to help companies better understand the risks they face so that they can reduce exposure and loss, improve overall corporate stewardship and reputation, and maximize stakeholder value. For an unprepared company, the emergence of a global pandemic or the temporary disruption of a supply chain could be devastating. ERM helps organizations anticipate the effects of internal and external events so that the impact on their ability to achieve corporate objectives is managed effectively and the day-to-day flow of operations is resumed as soon as possible.

Our research found that familiarity with and acceptance of ERM is now widespread: 83 percent of those surveyed say they are familiar with the purpose and implementation of ERM, with more than half (53 percent) stating that they are very familiar with it. By contrast, only 3 percent say they have optimized ERM, and a further 10 percent have embedded it in their organization. The rest have not successfully integrated ERM into their corporate culture or business strategies and are therefore unlikely to be using ERM to its full extent.

How AON modeled its ENTERPRISE RISK MANAGEMENT RESEARCH

To help global enterprises understand how they compare with peers in regard to ERM maturity and evolution, Aon surveyed risk managers, chief risk officers and other senior executives in the Americas, Europe, the Middle East and Africa. The key findings of the survey illustrate how some companies have overcome the challenges in embedding ERM in corporate culture and how they have deployed the appropriate resources to support such an initiative.

Recognizing the importance of culture in implementing ERM, Aon's global risk consulting practice used an organizational culture model to help research participants identify their organization's predominant business strategy and culture type. Four prevalent styles were defined: Performance driven, Administrative driven, Development driven and Intimacy driven.

The research showed that Performance-driven organizations were more likely to claim a high level of understanding and support for ERM objectives at board and senior-management levels. As a result, Performance-driven cultures were most effective in implementing ERM.

In looking at the maturity of ERM implementation, we identified five phases of development: Undeveloped, Formalized, Established, Embedded and Optimized. As might be expected, there is a strong correlation between the maturity of ERM implementation and the effect it has on the organization. For companies at the top of the maturity curve, ERM has made a significant impact; however, ERM falls short of delivering its goals where implementation is less mature. Overall, only one in 10 organizations described the maturity of their ERM program as embedded and integrated into the business process.

3 KEYS TO successfully implementing ERM: Culture, resources and Strategy

The research identifies three key elements in a successful ERM implementation—culture, resources and strategy—each of which presents significant challenges in trying to achieve a "full picture," enterprise-wide view of risks in a global organization.

Culture: There is a very strong correlation between taking culture into account and successful ERM implementation. Eighty-five percent of firms that have successfully optimized or embedded ERM took culture entirely or significantly into account; that drops to 69 percent where ERM is only established and 39 percent where it is just at the formalized stage. Clearly, for ERM to make a significant difference in an organization, it is critical to consider culture from the outset. Failing to do so means the implementation will take much longer, and ultimately will require much more effort.