This week I enjoyed a delicious dinner at the home of the CEO of the Dutch branch of one of the biggest global insurance brokers and risk advisors. We caught up on many aspects of life and latest development. During dinner conversation we reflected on the tsunami of news items from all over the Globe about catastrophic weather events; real, tangible forces with the potential to upend strategies, shake up markets, and redefine entire industries.
Climate change is reshaping industries, technology is advancing at a pace faster than many businesses can keep up with, and global events continue to surprise even the best-prepared organizations. The risk of pandemics was only on the risk register of a minority of companies. Risk identification, risk management and mitigation being his daily ‘bread and butter’ we of course entertained the question whether today’s enterprise risk management practices are equipped to handle this level of unpredictability well enough to survive. Or weather it is time to rethink our approach to managing risk in a world where the only constant is change?
Are we equipped to handle today’s risks?
In a world where unpredictability is the new normal, enterprise risk management (ERM) has become both more challenging and more essential than ever. Climate change, rapid technology shifts, and the fallout from unpredictable global events—these aren’t just risks we anticipate once a year at a board meeting. They’re here, and they’re evolving faster than most of us can adjust. The question we have to ask is: Has ERM best practice evolved to handle this level of unpredictability, or are we falling behind?
What traditional ERM gets right—and where it misses the mark
I guess, by asking that question, we are in fact already answering it; the answer is no!
ERM frameworks were initially designed to be comprehensive and structured, helping organizations manage everything from operational to financial to reputational risks. They’ve served us well for a long time, but they were developed in a more predictable time, with relatively siloed approaches to risk. Typically, the updated risk register and mitigation plans were reviewed annually. Fast-forward to today, and the landscape has changed rather dramatically.
Forementioned changes and shifts don’t just affect our operations or insurance premiums; they impact everything from supply chains to regulations to reputational risk. The reality is that traditional ERM, while structured and methodical, can sometimes be too rigid and too focused on ticking compliance boxes. In this environment, what is needed is a more forward-thinking strategy for resilience and adaptability, enabling companies to be more proactive and nimble to stay ahead.
What’s holding ERM back?
Four key drivers are at play that are an impetus to evolve the appraoch ERM:
- Interconnected risks: Risks today are tangled together, and the old “one-risk-at-a-time” approach doesn’t work anymore. Some examples of these interconnected risks include;
- Climate change and supply chain vulnerability,
- Technological advancement and cybersecurity threats,
- Geopolitical instability and commodity prices,
- Environmental regulations and financial risks,
- Social movements (like XR) and brand reputation,
- Energy transition and resource scarcity,
- Natural disasters and insurance costs,
Enterprise risk management practices need to identify the increasing number of interconnections.
2. Speed of change: Technology, especially, isn’t waiting around for ERM to catch up. New risks emerge almost overnight.
Traditional ERM processes are often too slow to keep up, which means organizations are reacting instead of anticipating.
3. Short-term focus: Most organizations are good at managing immediate, operational risks. But long-term threats—like those tied
to climate change or societal shifts—often get less attention. Professional ERM practices should be rebalanced to integrate these
long-term concerns.
4. Lack of ESG integration: Environmental, Social, and Governance (ESG) factors aren’t just trendy; they’re central to understanding
risk in today’s world. Companies that don’t factor in ESG are setting themselves up for potential damage to their reputation, finances,
and stakeholder trust.
Future-proofing ERM: a strategic shift for resilience and long term relevance
So, what needs to change? To genuinely manage today’s risks, ERM must take a more holistic appraoch, get smarter, faster, and more flexible. Here’s how we can professionalize ERM practices to meet today’s demands:
- Scenario planning and foresight: ERM needs to look ahead with a broader lens. Scenario planning can help us envision various outcomes—good and bad—and be ready for a multitude of possible outcomes rather than scrambling after a crisis.
- Building a risk-conscious culture: when we speak with companies about the support needs for culture change, they are working on this to enhance attraction and retention of talent, to increase employee engagement, to drive performance and innovation, to improve ethical and sustainable business practices. But I have yet to meet a company that considers risk as a part of it. For ERM to work well, everyone in the organization—from the boardroom to the frontlines—needs to understand its importance. This doesn’t mean making everyone a risk expert, but it does mean embedding a proactive risk mindset at every level.
- Using data analytics and AI: Technology has given us incredible tools for spotting emerging risks and understanding complex interdependencies. Incorporating advanced analytics and AI into ERM can be a great help to catch potential issues faster and more accurately and help identify the interconnection between risks more holistically.
- Prioritizing ESG: Ignoring ESG risks today is like ignoring cybersecurity a decade ago. ESG factors are essential to a resilient ERM framework, and integrating them means looking at risk in a holistic way that reflects our values and long-term goals.
- Regularly refreshing the approach: ERM frameworks can’t be static. They need to evolve with the business and the world. An increased frequency of the updates from only annually helkps us better to prepare for today’s risks and for tomorrow’s too.
- Educating and empowering teams: Building a strong ERM practice means equipping people across the organization with the tools and knowledge they need to make risk-aware decisions in real time.
So, can ERM keep up?
The truth is, the answer is a bit nuanced. ERM today is far more professionalized and integral to business than it’s ever been. But the current frameworks still have limitations. If ERM remains a compliance-focused exercise, it will continue to fall short in this fast-paced, high-stakes environment. By adopting a more holistic, proactive, flexible, and forward-looking approach, we can transform ERM from a reactive tool into a strategic asset that not only mitigates risk but helps us seize opportunities in times of change. In a world where the only certainty is unpredictability, an adaptive ERM approach isn’t just a necessity—it’s a smart move for anyone serious about building resilience and staying relevant.
In fact, in my view it goes further. Just like renaming Audit Committees in the organisations I’m involved in to Audit & Risk committees to inform behaviour – a fit-for-purpose company controls framework takes the risks as its departure point – I wonder whether we would benefit from ERM also being rebranded to ER&OM – enterprise risk & opportunity management. When we have done the inner work to align our personal values with our professional responsibilities, we can act as an anchor in turbulent times and are uniquely positioned to lead our organizations through times of accelerating change and complexity. We can provide the steady leadership needed to guide our organizations toward not only financial success but also societal impact.
Beyond risk: using ER&OM to capture opportunities
While enterprise risk management traditionally focuses on identifying and mitigating risks, a forward-thinking ER&OM approach also opens doors to new opportunities. When done well, ER&OM doesn’t just protect a company from potential pitfalls—it enables leaders to spot trends, anticipate shifts, and leverage these insights for strategic advantage. A future-proof ER&OM framework is not only to weather uncertainties but to seize emerging opportunities relevant to their mission and market.
Opportunities often lie within the same forces that drive risks. Climate change, for example, presents challenges to traditional industries but also brings a surge in demand for sustainable technologies and eco-friendly products. Companies that integrate climate risk assessment into their ER&OM practices gain a clearer view of where they can innovate or expand to meet shifting consumer preferences. Similarly, technological disruption may threaten existing business models, but it also offers opportunities for efficiency gains, new product lines, or even fresh markets if companies stay agile and responsive.
Strategic agility through enhanced ERM
A future-focused ERM framework provides leaders with the insights they need to make quick, informed decisions that turn potential threats into competitive advantages. By regularly analyzing scenarios, keeping an eye on ESG factors, and adapting to shifts in consumer expectations, ER&OM can act as a “radar” that identifies not only the potential for downside but the pathways for growth. For instance, a proactive ER&OM approach could help a company recognize early signals of regulatory changes in their industry, allowing them to not only avoid penalties but to become an industry leader in compliance and sustainability.
In this way, ER&OM evolves into a forward-looking, strategic asset. Truly smart companies approach risk with a growth mindset. Embracing ER&OM as a driver of opportunity means aligning it closely with organizational strategy, using it as a lens through which the business continuously scans for new ways to grow, innovate, and lead.
Let’s keep the conversation going. Share your stories and ideas with us, and let’s inspire each other to make a difference!
We can offer you support with both the inner and the outer work through the HeartWork Inner Knowing Journey, the Purpose Driven Impact Journey and deep experience with complex business transformations.
Please let us know what you think, we would love to hear from you via sendlove at heartwork dot earth.