According to the new RIMS report, Enterprise Risk Management’s Wakeup Call: 10 Years After, an increasing number of organizations are at least partially integrating ERM into their frameworks as they prepare for the possibility of another financial crisis or a new threat.
“The evidence shows that risk management has evolved from a promising but somewhat perfunctory exercise into a strategic management competency,” said RIMS Vice President of Strategic Initiatives Carol Fox, who authored the report. “Even so, given increasingly uncertain times, risk management professionals would be unwise to declare victory or become complacent.”
The 10 Years After report highlights a range of perspectives from executives, officers and risk professionals who represent banking, higher education, technology, health care, transportation, and a federal agency. These professionals offer their perspectives on where ERM stands today. In fact, one shared observation is that the factors which contributed to the crisis are resurfacing, but that ERM can help protect against them. As one technology officer noted: “…as soon as people are introduced into the equation, things change and risks are introduced into the process. While financial models and robot investing are agnostic, once you introduce people, their biases come back into play and disrupt the integrity of those models.”
The integration of ERM programs—even partially—has seen a slow-but-steady climb in the past decade. The report cites statistics from recent RIMS surveys, showing that 92% of financial institutions have fully or partially integrated ERM programs since the housing market crisis. Full integration, however, may be the key to protection and value—and this is accordingly the most daunting, long-term task. “At any point in time, changes in an organization itself, given myriad complexities and disruptions, may take focus away from full integration,” Fox said.
The report discusses what the experts and their industries learned from the financial crisis in the way of risk appetite and regulatory systems. By examining recent literature and studies to better understand the risks facing organizations, the report challenges risk professionals to deliver programs that generate value.
It also offers insight as to what organizations should consider as they further integrate programs. Changes in legislation, interest rates and the volatility of cryptocurrencies are on the collective radar as risk professionals look to the future.
“[bitcoin’s] future is unknown, especially given its recent run-up and sudden devaluation,” the technology officer said. “Cryptocurrency could become problematic because of scale—particularly if someone figures out a way to short-sell it much like what occurred with CDOs.”
Enterprise Risk Management’s Wakeup Call: 10 Years After is available to RIMS members only for the first 60 days. After the introductory period, it will become available to the broader risk management community. You can download the report via Risk Knowledge.
Complementary to the report, Risk Management Monitor recently published Compliance in 2018: Q&A with James Reese of the SEC, highlighting how the SEC views organizational risk management.