If my conversations with property/casualty insurance executives are any indication, many leaders view enterprise risk management (ERM) as simply an exercise for complying with regulations, reassuring investors, or otherwise documenting and reporting the company’s risks.
Executive Summary
ERM should be an enabler of success that provides executives with confidence that they are making the right decisions, writes Carol Williams, a risk management and strategy consultant for P/C insurers.Here, she explains the basics of objective-centric ERM, which is not siloed as a separate function but instead embedded into a company's culture and day-to-day decision-making. Objective-centric ERM is grounded in asking tough questions and challenging assumptions that help to surface dependencies and identify assumptions being made as part of goal setting—not a naysayer that gets in the way in the way of progress, she writes.
Even though a lot of U.S. companies (across all industries) have an ERM “program” of some sorts, the vast majority—90 percent according to the 2024 NC State University State of Risk Oversight survey—do not find it to be a helpful tool for accomplishing its goals.
When you consider that one of the major risk management standards, COSO, strongly emphasized the audit perspective as the driving force behind ERM in its early years, this statistic becomes more understandable—discouraging but understandable.
As a P/C executive trying to navigate what is probably the most turbulent environment for the insurance industry, the performance of your company is your top concern. Lists and information generated through a separate process well after the fact basically tell you what you already know and are not helpful.
