The risk landscape is changing. Organisations today are faced with increasing and evolving risks from various sources. In addition, demands for greater governance and transparency are growing, both from regulators and the public-at-large.
The concept of Enterprise Risk Management (ERM) is not new however, it has become increasingly crucial as we navigate the ever-evolving business and global environment. The significance of ERM lies in its comprehensive approach to identifying, analysing, monitoring, and managing all types of risks that an organisation faces.
Therefore, ERM is essential in helping organisations better understand and proactively integrate risk and opportunity considerations into everything they do. But to do this successfully, organisations need to rethink the mandate and attributes of the ERM function— and this is where KPMG have a critical role to play. Shane Garahy and Rosalind Norton of our Risk Consulting team explain below.
The drive for change
As the world forms new norms, traditional risk assessments are not enough. Organisations need to be agile in their response to detect and predict risks as they emerge and not when they materialise.
Risk and uncertainty are simply a part of doing business. Organisations are not necessarily facing new risks: rather, multiple risks are operating in tandem, and many organisations are inadequately prepared or don’t know where to start.
For organisations, some of the common systemic risks that should be on the 2024 agenda include:
- Modernisation: Traditional Governance, Risk, and Compliance (GRC) frameworks are giving way to Integrated Risk Management (IRM) approaches, designed for agility and comprehensive risk oversight. This shift is about redefining ERM as an integrated, strategic process, enabling businesses to turn potential risks into opportunities for growth and competitive advantage.
- Inclusion, diversity and equity (IDE): IDE is fundamental to an organisation’s success and therefore, it is an integral part of ERM. For example, a more inclusive ERM strategy raises awareness and drives collaboration and therefore, mitigates the realisation of risks. It also provides opportunities to accelerate innovation and digitisation by embracing creative and diverse thinking. Failure to integrate IDE into your ERM strategy could increase reputational risk at a time when organisations are increasingly under regulatory and public scrutiny in respect of culture and accountability.
- Environmental, Social and Governance (ESG): Sustainability is rapidly becoming more than just a reporting requirement. Understanding and integrating ESG into an organisation’s internal processes, protocols and governance is key to mitigating reputational and operational risks. ESG must be embedded in the organisation’s DNA.
- Supply chain resilience: Supply chain resilience has become a pivotal aspect of ERM. The proactive approach within ERM frameworks helps organisations maintain operational continuity, safeguard against disruptions, and uphold customer trust.
- Disruption: Disruptive technologies—such as artificial intelligence, cryptocurrency, metaverse and other digital innovations—are the new norm and organisations that don’t adapt or evolve could fail.
- Cyber and Data Privacy: Data privacy and cybersecurity concerns are at an all-time high. Although some employees are gradually returning to the office, many will likely continue to work from home or in a hybrid work arrangement. Audit committees should ensure that management has plugged any gaps in data security, especially for hybrid/ remote work procedures.
The future of ERM
By linking ERM or risk-related activities to performance management, organisations can reap the benefits of a strong risk culture and moreover, clear accountability in supporting a sustainable and resilient ERM programme.
The shift from reactive to predictive risk management represents a change in thinking in how organisations approach ERM. By leveraging big data, artificial intelligence (AI), and machine learning (ML), businesses can transform their risk management strategies to be more anticipatory, enabling proactive mitigation, strategic decision-making and anticipate future challenges and opportunities.
In redefining ERM as a strategic function integral to value creation, organisations can unlock its full potential. Risk Management should be seen as a critical component of strategic planning, capable of driving efficiency, innovation, and competitive advantage.
As regulatory requirements evolve, organisations will need to enhance their ERM frameworks to ensure compliance with industry standards and regulations. This includes addressing emerging regulatory risks related to areas such as data privacy, environmental sustainability, and financial reporting.
By embedding sustainability principles into ERM, organisations position themselves as leaders in the transition towards a more sustainable, equitable, and resilient global economy. This approach not only ensures compliance with an evolving regulatory landscape but also opens new opportunities for innovation and sustainable growth.
The development of integrated resilience frameworks represents a holistic approach to organisational preparedness, combining ERM with business continuity, crisis management, and disaster recovery. By ensuring preparedness across all dimensions of risk management, organisations can not only mitigate the impacts of adverse events but also emerge stronger and more resilient.
The future of ERM is at an exciting intersection of human expertise and artificial intelligence (AI). As organisations navigate an increasingly complex risk landscape, the collaboration between AI’s computational skills and human insight presents a shift in how risks are managed. This relationship enhances both the accuracy and efficiency of ERM processes, enabling organisations to respond to emerging risks with speed and precision.
In an era where data privacy concerns are escalating, privacy-enhancing computation (PEC) techniques emerge as innovative solutions enabling the analysis of sensitive data without compromising individual privacy. These techniques offer a promising pathway for organisations to harness the power of data analytics within their ERM frameworks, particularly in addressing cyber and privacy risks.
The concept of ERM ecosystem platforms represents a transformative approach to how organisations identify, assess, and respond to risks. By integrating data, tools, and services from a wide range of sources, these platforms offer a comprehensive, unified view of risk. This holistic approach facilitates real-time risk monitoring, collaborative risk management across various stakeholders.
ERM plays a pivotal role in enhancing cost efficiencies within organisations by providing a structured approach to identifying, assessing, and mitigating risks.
ERM enables organisations to avoid the financial repercussions of risks such as data breaches and operational inefficiencies, while also identifying and eliminating inefficiencies in processes, leading to significant cost savings and smarter, more aligned investment decisions that safeguard the company’s financial future.
The foundation for ERM excellence
Risks don’t operate in isolation. Rather, they are part of a highly interconnected network.
That means they should be managed collectively with greater convergence between various risk-related programs such as ERM, ESG or vendor risk management. Integration and convergence help to reduce silos and potential misalignments between existing programs.
This can be done by regrouping some of these functions—such as ERM and ESG under a Chief Risk Officer—or better bridging these separate functions.
Risk connectivity highlights the interdependencies among various risks that organisations face, highlighting how a change in one area can ripple through and impact others.
This concept is pivotal in understanding and managing the complex, interconnected risk landscape of today’s business environment, ensuring an integrated approach to risk assessment and mitigation.
Our solution for sustainable change
Technology can transform the way business is done today, from strategy to delivery. By using new and emerging technologies, you can maintain the competitive edge and succeed in your digital transformation journey.
Powered Risk is KPMG's flagship offering for risk transformation, integrating our forward-looking point of view on risk management and deep industry knowledge with leading cloud technology and global delivery capabilities. It is designed to help your organisation identify, assess, mitigate, monitor, and report on risk and compliance exposure to enhance stakeholder trust.
In the form of Powered Risk, KPMG has brought together global expertise and methodologies to help clients design and implement a holistic risk ecosystem. Aided by preconfigured tools and templates, our risk transformation program will enable real-time risk insights, automated processes and an aligned governance model across the enterprise, from internal controls and compliance to cyber security and third party risk.
Get in touch
Prepare for unavoidable business risk by speaking to KPMG today.
If you have any questions on embedding ERM in your business, please contact our Risk Consulting team below. We'd be delighted to hear from you.
Shane Garahy
Partner
KPMG in Ireland
Rosalind Norton
Director
KPMG in Ireland
Becky Sutherland
Associate
KPMG in Ireland
