APQC Releases New Research on the Expanding Role of Enterprise Risk Management in Best Practice Organizations

Managing Risk Across the Enterprise report features case studies with Caterpillar, Marathon Oil, Intuit, and the University of California

(Houston, Texas - September 19, 2011)  The results of a groundbreaking research report on enterprise risk management (ERM) were released today by APQC, the leading benchmarking and best practices research organization. This report documents the evolution of ERM into a critical, must-have discipline that companies should adopt to protect them from major negative events, whether strategy-related, operational, or financial in nature.

Managing Risk Across the Enterprise, a 97-page report available at www.apqc.org, presents analysis by leading experts in the field, including Paul Walker, associate professor of commerce at the University of Virginia. Along with survey results, the report features in-depth case studies from five pioneering organizations with sound ERM strategies and well-designed programs, including Caterpillar, Marathon Oil, Intuit, the University of California, and a European-based pharmaceutical company.

According to the research, these best practice organizations treat the management of major risks as a strategic responsibility—with visible CEO and CFO involvement—no matter what type of risk is being addressed. 

"The recent focus on ERM is not about possible business disruption, sexual harassment charges, pollution liability, or even accounting fraud," said Mary Driscoll, senior research director for APQC.  "Rather, more CEOs and CFOS see that a well-designed ERM program is a lever that allows them to compete with confidence. In these successful organizations, there is no such thing as 'that can't happen to us'. Given the complexity and unpredictability of global markets and geo-politics today, that’s a rational stance."

The research program that culminated in Managing Risk Across the Enterprise also involved a survey of APQC members. The goal of that broader enquiry was to put the best-practice programs into context. That broader survey confirmed that:

  • ERM is a nascent trend. More than 90 percent of survey responders said they either have or are building an ERM program to manage strategic risks. Two-thirds have been at this for less than 3 years—and many less than 1 year.
  • Only 17 percent reported that they have “greatly integrated” ERM with the strategic planning process.
  • The typical large company does not operate with a commonly understood framework for categorizing risks, nor does it take concerted steps to educate the workforce at large about risk identification and escalation steps.  The best practice leaders in this study have both a framework for categorizing risks and ensure that their employees understand risk identification and escalation processes.
  • The CFO was cited most frequently by survey responders as the senior executive with direct oversight of the core ERM team while also finding that CEOs held iron-clad accountability since they take the fall if there is a major negative risk event. This resonates with what APQC documented at the best-practice organizations.

"What this study underscores is that risk should not be viewed as just a potential cost or a negative event to be avoided pure and simple,” said Driscoll. “Rather, risk should be perceived as a set of potential outcomes that can be understood, measured, monitored, mitigated, and ultimately leveraged. The best-practice ERM program allows decision makers to make well-informed decisions about the inherent trade-offs between risks and rewards."

According to Driscoll, “The biggest risk in many organizations is simply not accepting the internal message that bad things might—and in fact will—occur.  Meanwhile, the true ERM leaders ensure that the conversation does take place, that the organization thinks the unthinkable. Indeed, the best practice partners in this study made a priority of opening up the debate and discussion, thus making all managers risk managers and ensuring that all plausible risks are considered."

As for the on-going evolution of ERM capabilities, APQC believes that organizations will be seeking to more tightly integrate the management of risk and enterprise performance. “We expect this will entail an even closer linkage between risk management and strategic planning, as well as the growing development of risk-adjusted performance metrics and compensation. In turn, this will help organizations seek greater risk identification horizons, and allow them to assess the longer term implications of current decisions,” said Driscoll.

About APQC

APQC is a member-based nonprofit and one of the world’s leading proponents of knowledge management, benchmarking, and best practices business research. Working with more than 750 organizations worldwide in all industries, APQC provides organizations with the information they need to work smarter, faster, and with confidence. Visit www.apqc.org or call +1 (713) 681 4020 and learn how to make best practices your practices.

# # #