As I have covered in past articles, proponents of ERM face one primary challenge when presenting their program (or potential program) to management – is ERM worth the investment?
“We are all facing the same challenge of not having a clear way to quantify [the benefits of ERM],” says Puneet Kapoor, Walgreen Co.’s Director of ERM. Recent research, however, now provides the hard data that many in Kapoor’s position are seeking – significant evidence that ERM carries financial benefits alongside strategic and operational advantages.
An independent study conducted by Queen’s University Management School and University of Edinburgh Business School concludes there is “a highly significant premium of 25% for firms that had been classified as having ‘mature ERM’ according to the RIMS Risk Maturity Model.”
Former RIMS President and current international director at Jones Lang LaSalle Inc. Janice Ochenkowski states “ERM shouldn't exist to be a profit center, a cost center or a group within an organization. Rather, it ought to serve as a catalyst for raising the awareness of risks, and reduction and mitigation of those risks. The success of a good enterprise risk management program is that operationally your managers are thinking about risk and reward as they go about their tasks on a daily basis.” Enterprise risk management is the most effective means to streamlining these processes, managing risks, and preventing the oversight around policies and procedures that lead to loss events.
When considering the effective management and prevention of future loss events, significant financial returns become evident. The challenge is communicating those benefits to their executive counterparts, who tend to view ERM as a long term, overhead cost rather than operational efficiency.
As loss events such as cyber hacks and data breaches increase – both in frequency and size – it is clear just how necessary a mature risk program is. A study from Ponemon Institute and IBM found that the average cost for corporate security breaches has jumped 23% in the past two years alone. This increase brings the average international breach up to $3.8 million. Even more noteworthy: the average U.S. corporate breach now tops $6.5 million.
With loss events now more likely and impactful, it is as critical as ever for organizations to adopt ERM software to assist in their risk management efforts.
To see how LogicManager works with companies to manage risk and mitigate loss events, request a demonstration of our software. Also, read our annotated guide on SEC Mandated Cybersecurity Best Practices to learn how best to manage cyber risk from all areas of the enterprise.