Close this search box.
Close this search box.

The Power Of A Business-Integrated Risk Management Approach 

While ERM has come a long way in its roughly 20 years of existence, several challenges still lead to blind spots that can become issues—or catastrophic challenges.

In the dynamic landscape of today’s digital age, organizations confront a myriad of challenges. From interconnected supply chains, to globalization, technological advancements, and the emergence of risks such as cyber threats, ESG mandates, geopolitical instability, and global pandemics, the landscape is evolving at an unprecedented pace.

Further, regulatory requirements have experienced an exponential surge; over the last 60 years, the U.S. population increased by 98 percent, while the federal regulatory code witnessed a staggering 850 percent growth.

Organizations must navigate these challenges while also managing their own internal complexities with diverse business lines, large administrative bureaucracies, complex and fragile IT infrastructure, massive data environments, extensive vendor relationship, and evolving customer needs.

To thrive in this environment, organizations require a formalized approach to risk management so that they can proactively identify, assess, and mitigate potential risks. Their risk management approach must ensure resilience, regulatory compliance, and strategic decision-making in an increasingly complex and interconnected landscape. Several regulatory bodies have shaped corporate governance, such as the U.S. Securities and Exchange Commission (SEC) that mandates boards of publicly traded companies provide effective risk oversight. These external entities’ mandates emphasize the critical need for a holistic view of risk to enable informed strategic and tactical decisions and have prompted many organizations to develop a formal Enterprise Risk Management (ERM) program.

Unfortunately, even with these programs there have been some high-profile failures — such as the 2008 financial crisis, Boeing 737 crashes, Fukushima nuclear disaster, Enron accounting scandal, and the BP Deepwater Horizon Oil Spill.

In August 2020, Citibank intended to make an interest payment to lenders on behalf of Revlon, a company for which Citibank served as the loan agent. However, due to a combination of human error and a lack of adequate safeguards in the payment system, it transferred the full principal amount of the loans, totaling $900 million, to the lenders. A legal dispute arose as Citibank requested lenders return the money, but several refused. Adding to the ordeal, the error resulted a $400 million fine and a Consent Order from the Office of the Comptroller of the Currency (OCC) to address deficiencies in Citibank’s risk management practices.

While ERM has come a long way in its roughly 20 years of existence, several challenges still lead to blind spots that can become issues or catastrophic challenges such as those cited above.

Quality of data is among the pressing challenges. Some 84 percent of CEOs expressed concern over the quality of the data they’re basing their decisions on. Given the multitude of risks and stakeholders, organizations must maintain a repository for accurate risk management and reporting.

Many organizations manage this information in a GRC (governance, risk, and compliance) platform. GRC platforms encompass the systems, processes, and practices that enable an organization to achieve its business objectives while effectively managing risks and complying with applicable laws, regulations, and internal policies. These platforms handle diverse risks, including financial, operational, compliance, and operational resiliency, along with their corresponding controls. Due to the array of risk stakeholders, it’s essential to provide multiple views of data that connect to resources like people, technology, data, and third-party vendors. The platform needs to offer comprehensive views that accommodate both detailed insights for functional teams and broader perspectives for senior-level stakeholders — ranging from the entire forest down to individual leaves.

To ensure effective deployment, it’s crucial to place risk and control data within a consistent business context. While many platforms anchor data to “core processes” or standard reference models to achieve this goal, it often leads to data quality issues. In a survey, 74 percent of respondents found maintaining reliable data for nonfinancial risk challenging. The complexity of organizations, beyond what core processes or models can represent, is a considerable factor, as any process an organization performs can pose an unacceptable risk. Misalignment may result in inconsistent or inaccurate risk data due to misinterpretations across different stakeholder perspectives.

Another challenge lies in the operating model, which requires coordination across diverse stakeholder sets. Many organizations have embraced the Three Lines of Defense model, where the first line represents business units, the second line oversees the process from an aggregate perspective, and the third line is the independent internal audit function. However, this model presents challenges. A survey reported concerning statistics, with 50 percent facing difficulties in defining roles and responsibilities between the first line and the second line. The root cause of this issue is the lack of precision in defining business context, ownership, and accountability.

To tackle these challenges, there needs to be a stronger integration of the “what” the business does into the ERM program. This involves creating and maintaining a comprehensive inventory of processes within a Process Inventory taxonomy, outlining ownership at each point in the chain. Integrating this taxonomy into the GRC data model is crucial for providing more precise business context. This integrated approach addresses many challenges in risk data and the risk operating model, leading to more comprehensive risk assessments. This, in turn, is critical for delivering an accurate view of the risk landscape to executive decision-makers.

This means that an effective ERM program must be paired with a strong process capability through a Process Center of Excellence (COE) that’s accountable for creating and maintaining this comprehensive information repository.

Such a process requires an organizational investment and commitment. Yet, as we navigate the digital age, organizations embracing this business integrated approach can stride confidently, safeguarding themselves, their customers, and the markets they serve.


  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events


    Strategic Planning Workshop

    1:00 - 5:00 pm

    Over 70% of Executives Surveyed Agree: Many Strategic Planning Efforts Lack Systematic Approach Tips for Enhancing Your Strategic Planning Process

    Executives expressed frustration with their current strategic planning process. Issues include:

    1. Lack of systematic approach (70%)
    2. Laundry lists without prioritization (68%)
    3. Decisions based on personalities rather than facts and information (65%)


    Steve Rutan and Denise Harrison have put together an afternoon workshop that will provide the tools you need to address these concerns.  They have worked with hundreds of executives to develop a systematic approach that will enable your team to make better decisions during strategic planning.  Steve and Denise will walk you through exercises for prioritizing your lists and steps that will reset and reinvigorate your process.  This will be a hands-on workshop that will enable you to think about your business as you use the tools that are being presented.  If you are ready for a Strategic Planning tune-up, select this workshop in your registration form.  The additional fee of $695 will be added to your total.

    To sign up, select this option in your registration form. Additional fee of $695 will be added to your total.

    New York, NY: ​​​Chief Executive's Corporate Citizenship Awards 2017

    Women in Leadership Seminar and Peer Discussion

    2:00 - 5:00 pm

    Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations. 

    Limited space available.

    To sign up, select this option in your registration form. Additional fee of $495 will be added to your total.

    Golf Outing

    10:30 - 5:00 pm
    General’s Retreat at Hermitage Golf Course
    Sponsored by UBS

    General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.

    The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.

    To sign up, select this option in your registration form. Additional fee of $295 will be added to your total.