Skip to main content

Three Emerging Trends in Risk Management

By Samantha Beavers

A massive cyberattack on the Red Cross. Wildfires sweeping across California. Supply chain issues that even the Girl Scouts can’t dodge. Every day, a quick scan of the news shows that organizational risks abound, threatening to blow organizations off course.

To that end, more and more organizations are embracing enterprise risk management (ERM) – a wider, more robust approach to risk that acknowledges that since risks don’t occur in vacuums, they can’t be managed in silos.

Across business and industry, a handful of emerging ERM trends are transforming the way entities approach risk.

Developing risk fluency

In order to drive performance and increase organizational resilience, organizations are increasingly ramping up their risk management capabilities. This involves creating organizational cultures fluent in risk and strengthening a risk mindset throughout the entire organization – rather than letting risk management sit on the shoulders of one. 

To enhance these capabilities, organizations can start by asking good questions. Who owns risk management within the organization? What is the risk management governance structure? When and how do risk management leaders communicate with executive leaders? 

Additionally, companies do well to integrate a risk mindset into their overall strategy, rather than merely conducting a risk assessment once a year.

One way organizations can do this is by embedding an ERM mindset into their strategy development itself. As they consider their menu of strategic choices, for example, they seek to understand the various risks linked to each one. In doing so, they are equipped to make stronger, more informed decisions as they steer the organization strategically.

And for companies that have already developed their strategy, incorporating a risk mindset allows them to understand the various risks associated with the execution of that strategy. This helps them know what to look out for and prepares them to potentially rethink or even change those strategies when the business landscape changes – as it inevitably will.

By maturing these risk management capabilities across the organization, companies prioritize their performance while also shedding additional light on what specific choices they’re making and why. 

Putting a positive spin on it

Rather than merely pinpointing risks, organizations are becoming more focused on owning them. So instead of simply identifying threats on the horizon that could derail them, companies are also seeking to spotlight new opportunities and the risks worth taking to get there.

In many ways, this diverges from common approaches to risk management.

“Risk management often has a negative connotation in the minds of executives within an organization – leaders hear the term ‘risk’ and they immediately think about legal departments enforcing rules,” explains Mark Beasley, Poole College KPMG Term Professor of Accounting and director of NC State’s Enterprise Risk Management Initiative. “But risk management is so much more than that, and companies are starting to pick up on this.”

With a more positive approach to risk management, organizations focus on what risks will help them succeed – not just what will make them fail. 

To create this type of organizational culture, organizations must ensure that risk leaders are well-versed in strategy so they know when risk ought to be embraced rather than mitigated. Additionally, leaders must view risk management through the lens of what they ultimate aim to achieve.

In the end, this allows risk leaders to communicate about ERM with the language of value, which drives more enriching conversations at the board level.

Maximizing data

Another factor shaping the landscape of risk management is data. Both internally and externally, organizations have increasing access to data and data analytics tools – which hold great promise for identifying emerging risks. 

In turn, many companies are working to develop and utilize key risk indicators (KRIs) – data points that serve as early warning indicators for adverse risk events. By tracking these relevant metrics, organizations can determine when a significant risk event is likely to occur and swing into action before it’s too late.

Using a bowtie analysis, for example, an organization can determine the consequences of a risk event, as well as the event’s potential causes. To help spot the risk as it’s developing – rather than after it occurs – the organization can track specific data points associated with the risk’s potential causes.

The benefit of KRIs, of course, is a more proactive approach to risk management based on real-time information. However, for many companies, developing these forward-looking metrics is easier said than done.

One potential solution, especially for companies with less sophisticated analytics, is to start with key performance indicators. Though key performance indicators look back on a company’s past performance, they can also offer predictive insights when examined closely. If a key performance indicator shows that a company isn’t growing at the expected rate, for example, a company can unearth some of the factors driving that performance – which, in turn, can indicate a developing risk. 

Bottom line

Together, these emerging ERM trends indicate a growing interest in actionable insights, data-driven decisions and proactive risk management. And in an era characterized by both rapid change and unlimited opportunity, that’s good news for business and industry.

Interested in a career in risk management? Click here to learn more about the Master of Management, Risk and Analytics (MRA) program at NC State’s Poole College of Management.