As we begin 2024, it is useful to look back at the prior year, see where we have been, what we have accomplished, and most importantly, what we would like to achieve in the year ahead. Risk Managers, we fear, have an especially tough road ahead.
Research shows that an effective ERM program increases enterprise valuation substantially, perhaps by as much as 20%. 
Yet, ERM is not taken seriously or perceived as valuable in most organizations.
According to the 2023 AICPA/NC State Survey on Enterprise Risk Management Practice , only 11% of financial institutions surveyed indicated that ERM “Mostly” or “Extensively” provided competitive advantage to their organization. In contrast, 25% ranked it as only “Somewhat” valuable, and 64% felt the value was “Minimal” or “Not At All”!
Which leads to two simple questions... How do you capture the additional 20% enterprise value for your organization? And, how do you gain relevance and preserve your position when only 1 of 9 senior executives think your function provides them with any competitive advantage?
You do so by seizing the agenda and initiative, selling your organizations on the inherent value of ERM, and using better tools (including AI) to monitor risk and create new insights and value.
But first, you address your current gaps!
For nearly fifteen years, the AICPA and North Carolina State University have sponsored a survey on ERM practices and perceptions. The survey is detailed and of a high quality. For those interested in learning more, we encourage you to view the full report at https://erm.ncsu.edu/library/article/2023-risk-oversight-report-erm-ncstate-lp.
The survey reveals major gaps in current ERM processes and management in the following areas:
a) Overall State of Risk Management Maturity: End-to-End Risk Management Remains Elusive
b) Strategic Value of Risk Management: Few Emerging Insights and Low Impact on Decisions
c) Impact of Culture on Risk Management: Existing Organizational Beliefs Limit ERM Effectiveness
d) Risk Identification and Assessment Processes: Uneven, Siloed and Not Holistic
e) Risk Monitoring Processes: More Explanatory and Robust KRIs Needed
Ironically, survey participants largely agreed that the volume and complexity of enterprise risks have continued to increase over the last several years, but more than half felt that the current ERM process was not the most effective way to handle those risks.
This may be a communication or a perception problem, but it’s what people think. You are not a strategic priority, and your current value is low. Competing priorities frequently take precedence and your function is not perceived as a useful or strategic decision-making tool for the organization.
AI, Machine Learning, and big data sets all have the potential to change the perception of ERM - for the better or the worse. How you respond will make all the difference. You need to be prepared to seize new opportunities, or you will be left behind.
To begin, you need to lay the groundwork now by tackling the basics!
Drawing on these survey findings and our personal experience in creating effective ERM functions both as employees and consultants, we would like to share a 7-step action plan we have used successfully to assist you in the year ahead:
1. Clearly define—and communicate—the vision for ERM and sell it to the Senior Management, the C-Suite, and the Board.
2. Select a Risk Taxonomy and Refine / Update your Risk Appetite Statements
3. Scale Your KPIs and KRIs Properly with Better Frequency and Severity Rankings
4. Develop Appropriate ERM Systems that Emphasize LOB Accountability and Reporting
5. Prioritize and Triage Risks for Intervention Vs. Review
6. Develop Educational Programs Around Risk Frameworks
7. Monitor risk across the enterprise holistically by identifying correlations and potential cascades
Stay tuned as we share future articles that will expand on each of these seven topics to share our experiences and insights, drawing on what worked—and didn’t work—for us as we struggled with similar issues.
2024 represents a unique opportunity to seize the agenda and improve the current internal ERM perceptions. Let’s not waste it.
Welcome to 2024!
 The Value of Enterprise Risk Management, Robert E. Hoyt, and Andre P. Liebenberg, 2011.
 2023 The State of Risk Oversight An Overview of Enterprise Risk Management Practices, 14th Edition