As 2013 begins, we find ourselves in a reflective state of mind. As I look back over 2012 at our accomplishments, I can’t help but feel that it was a defining year for Enterprise Risk Management, where we questioned what it means to actively manage risk and how risk management brings value to an organization.
The first World Risk Day took place in June 2012. As I wrote in a previous blog post, World Risk Day was the largest virtual risk summit ever staged and featured over 20 speakers from across the globe, all talking about the same thing: the need for organizations to take risks in order to stay ahead and succeed. One of the most important take-aways from the discussions was that the risk management industry is changing. Risk management is no longer just about compliance. Simply focusing on compliance and audit is not going to make you better at risk management. Effective risk management is about knowing how risk can improve your ability to meet your goals, drive efficiency and improve operations.
The entire risk industry is moving towards a more integrated, enterprise view of risk management. This approach is focused on managing risks across silos, managing risk at every level of the business and employing a management-supported approach. The old days of relying on your audit department, insurance providers and compliance policies to manage risk are dead.
You’ve seen me write about this topic many times before (here, here, and here). I am happy to say I’m not the only one talking. In April 2012, I wrote about how many of the largest consulting firms are also on board with the idea that ERM is more than GRC. We applaud Forrester for their recently released TechRadar™ For Risk Management Professionals: GRC, Q4 2012 report written by analysts Chris McClean and Nick Hayes. Their report acknowledges a broader definition of risk management that goes beyond GRC and we feel it represents the forward projection of the risk management industry.
In 2012, we were also able to see some amazing examples of what can happen when risk management is done well. The 2012 London Summer Olympics provide a fantastic example of how a very large, very expensive and very complex project can be completed on time and on budget, while in the public spotlight. If you haven’t seen it already, check out our own Chris Bell talking about the Olympics on CFO.com, and learn how our customers Crossrail, Network Rail and Skanska were also involved in London’s success.
At the other end of the spectrum, Hurricane Sandy gave us an unfortunate example of why risk management is so important. I hope that as the east coast of the United States works to recover from the storm, we can collect learnings that will help to improve our organizations moving forward.