8028226683?profile=originalThere is always a lot of buzz about “risk appetite statements” and “risk tolerance.”  In theory, these sound like a natural launching point for ERM Programs – how can risk managers manage risks without a known goal of what they should be managing towards?

However, the problem with risk appetite is that it is not actionable, thus organizations see very little impact from having perfectly established risk appetite statements that far too many risk managers spend months developing..  As a result, senior management begins to question the value the ERM program is delivering in the early stages.

A recent study in The Journal of Risk and Insurance, using RIMS Risk Maturity Model (RMM) data suggests that organizations with mature and effective ERM Programs see up to 25% higher market value than firms with immature ERM programs. 

The RMM is an umbrella framework with a free assessment tool that enables organizations to evaluate the effectiveness and adequacy of an organization’s risk management program, determining where and how their program can improve.  The RMM is broken down into seven core attribute sections, each focusing on a different core element of ERM.

In addition to the 25% composite result, the authors were able to study the individual attribute maturity scores to provide a much clearer insight into which attributes in particular appear to be contributing most to ERM.

Here are the results:

  • Performance Management – 23% contribution
  • ERM Process Management – 20% contribution
  • Adoption of ERM Based Approach – 17% contribution
  • Root Cause Discipline – 16% contribution
  • Uncovering Risks – 15% contribution
  • Risk Appetite Management - insignificant
  • Business Resilience and Sustainability – insignificant

The challenge with risk appetite is how to implement and enforce it, making it relevant to business units on a day-to-day basis. In other words, linking risk appetite to business decisions and having appropriate business metrics to measure it.

These results show that in order to get the most value from ERM, the processes must be scalable, repeatable, and embedded throughout the organization with accountability.  The quality of the process must be monitored and improved by having a clear feedback mechanism throughout an organization, so that issues can effectively be escalated and prioritized.  A strong connection between strategic business goals and risk management, and a monitoring and reporting capability to ensure any deviation from stated goals are measured and communicated, is the key to ERM success.

Most organizations think they need to fully develop their ERM program before they are ready for software, but organizations should be approaching this the opposite way. An ERM Content Solution Software like LogicManager, has all the templates and best practices for building an organization’s ERM charter, risk appetite and tolerance, frameworks, roles and responsibilities, assessment criteria, and more, along with a dedicated business analyst to help you mold these to fit your organization and share other best practices. 

As a result, you can accomplish the baseline foundation of your program in a fraction of the time with expert guidance to mentor you, so that you can quickly begin working on the attributes of ERM that bring value – significant value – to your organization’s bottom line.  All of the aspects that the study showed are crucial for ERM success, such as scalability, repeatability, reporting, and feedback mechanisms, are what ERM Software was designed to do. 

Download our white paper on the ROI of ERM, or request a demo to see how LogicManager can quickly help you achieve measurable value from ERM.

Votes: 0
E-mail me when people leave their comments –

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community


  • Thanks Risk Culture, we agree that a risk appetite is a great tool for keeping an organization away from the extremes, but what we're specifically addressing here is the formalization of this appetite at the expense of managing risk. Every organization has policies, procedures, and activities designed precisely to manage its exposure to risk, and we recommend that a risk manager start by getting a handle on these activities and which risk they address before attempting to formalize their risk appetite.

  • If an organisation does not have a clearly defined risk appetite and risk acceptance process the result is one of the two extremes:

    • Concentration in high risk or
    • Concentration in low risk

    Both are signs of operational danger and possibly going out of business if not addressed

This reply was deleted.

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!