Skip To Content
Sponsored Content:Brought to you by Business Reporter

The Future of Enterprise Risk Management

Isaca is a Business Reporter client.

Future opportunities will enhance a more effective ERM program.

“The only thing that is consistent in life is change.” Today’s business climate continues to validate that statement as new threats and opportunities emerge and continue to challenge organizational operating models. Events past and present such as the financial crisis, technological advances, Covid and environmental, social and governance issues are critical steppingstones for the continuous development of enterprise risk management (ERM). These events will continue to usher in the future changes needed in ERM, helping to identify and prepare for risks that can stop an organization from achieving its objectives.

In this context, it can be risky to make predictions. However, here are some of the challenges currently affecting organizations:

  • Business stakeholder cooperation: Finance and risk leaders work closely, but don’t provide input jointly to inform corporate strategy.
  • Customer expectations: Organizations struggle to balance the responsibilities of control and compliance against the need for effective customer service in the ever-changing digital landscape.
  • Digital ecosystem: Business models are being disrupted by tech startups.
  • Regulatory and economic change: Increasing regulatory demands in multiple jurisdictions act as a barrier to growth.
  • Value of data: Organizations are actively exploring ways to integrate unstructured external data for better data-driven insights.
  • Cost-effective and resilient ERM: Lack of budget to make necessary investments impedes an organization’s effective risk management program.

With these observations as the starting point, we can make a few predictions about what will happen in the ERM practice over the next five to 10 years.

An increase in investment and involvement in ERM

The evolving risk landscape will continue to threaten robust financial budgets, which can cause major setbacks for today’s and tomorrow’s “winner takes all” organizational investment strategies. Similarly, CFOs, especially in publicly traded organizations, can find themselves under regulatory scrutiny if they are not actively aware of the risks within the organization and mistakenly misrepresent financial projections; named officers and CFOs must be informed. Collaboration between ERM and the finance function is necessary for strategic financial planning, to uncover or think through some of the risks the organization might face.

In addition, items such as idiosyncratic stress-testing can help “bake in” another level of analysis and assurance for financial projections before there is sign-off on financial reports to internal and external stakeholders or regulatory agencies. Bringing in processes that align finance and other departments will be critical in the future as sophisticated stakeholders, regulators and analysts aim to foster good stewardship in organizations.

ERM as a key input in strategic planning

Most companies provide an annual strategic plan. One unintended consequence is that sometimes it is like dropping a rock in still water; the ripple effects can introduce risk throughout the organization that sometimes can cause more harm than good if the risk is not well managed.

Strategic plans are sometimes vague and incongruent, which can lead organizations to speculate what needs to be done to carry out a plan, which can cause operational paralysis due to competing interests or lack of prioritization. Some questions that people have include: Which part of the strategic plan should we do first? Do we have the capacity to do every project without exceeding our budget? What are the most important strategic projects that we need to complete now? Which strategic projects can we hold off on?

Comprehensive methodologies and best practices exist that provide professionals with training on IT governance, resourcing, benefit realization and risk optimization. More and more CEOs are looking for better ways to help mitigate these organizational challenges and, in the future, will need to incorporate ERM services to help prioritize the strategic plan based on the associated risks. This can be an important part of the reconciliation process, providing assurance and identifying gaps in financial and non-financial strategic plans that could impact or improve an organization’s posture.

Evolve from ERM to a center of excellence (CoE)

Many business departments have evolved over time; for example, many business intelligence departments have evolved to include data analytics reporting. Some could make the argument that this is the result of industry marketing, and others could argue that new roles solve for new challenges. Whatever camp you are in, we can agree that recognizing the issues and complexities facing organizations and the pace at which they are debuting does not require an esoteric viewpoint.

To meet the demands and needs of the organization and provide value, the enterprise needs to create an interdisciplinary, agile unit to help address risks and provide process improvement services. Think of this as a mini triage unit in each area of the organization; the CoE could become the nervous system of the organization that augments lines of business, triages risks, gives governance, identifies synergies and provides reporting to senior leadership on risk appetite and KPIs through analytic reporting in nearly real time.

Transition from cost center to profit center

ERM has historically been viewed as a cost center and, as a result, organizations and ERM have suffered due to preventable issues and unrealized value. While this may take time to dial in for some organizations, it is apparent that ERM has saved and can save organizations money. Take into consideration the economic downturn of 2008; some failed banks said that they could not have foreseen the mortgage crisis. Yet some banks did well and managed to survive despite having a big market share of mortgages.

These failures often come down to well-intentioned organizations having a bottleneck at the top where information does not flow properly to leadership for decision-making. ERM teams that were able to funnel information to senior leadership experienced savings and/or limited material risk during the economic downturn. Risks like these that were abated ultimately affect the bottom line of the company to ensure its solvency.

While each industry will have to find the right sizing for their company, today’s complex business environment will continue to drive the future of ERM—and ERM’s future has a bright outlook. However, we shouldn’t only leave it to chance. Professionals should exercise their storytelling muscle, as it has never been more important to articulate a clear and compelling business case to internal stakeholders regarding how Covid, customer expectations, digital transformation, regulatory and economic changes, the value of data and increased resilience have all changed their organizations—and how ERM can help add to the bottom line.

Kerris Lee

Kerris Lee

Kerris Lee is Global Director of Enterprise Risk Management at ISACA. Kerris is an accomplished Enterprise Risk Officer & Technology Risk Management thought leader

This article originally appeared on Business Reporter.

Header image credit: iStock id1220321756 Author headshot image: Courtesy of Isaca


Business Reporter
LEARN MORE
Terms of ServiceTrademarksPrivacy Policy
CareersMade in NYCAdvertise
Ad Choices
Help©2026 Bloomberg L.P. All Rights Reserved.