{"id":17605,"date":"2022-03-21T04:47:00","date_gmt":"2022-03-21T08:47:00","guid":{"rendered":"https:\/\/poole.ncsu.edu\/thought-leadership\/article\/busting-three-myths-about-enterprise-risk-management\/"},"modified":"2026-02-19T17:53:36","modified_gmt":"2026-02-19T22:53:36","slug":"busting-three-myths-about-enterprise-risk-management","status":"publish","type":"post","link":"https:\/\/poole.ncsu.edu\/thought-leadership\/article\/busting-three-myths-about-enterprise-risk-management\/","title":{"rendered":"Busting Three Myths About Enterprise Risk Management"},"content":{"rendered":"\n

By Samantha Beavers<\/em><\/p>\n\n\n\n

In view of escalating geopolitical tensions, rapidly changing ecosystems and increasing ransomware attacks, organizations of every kind are dashing to build resilience and minimize potential losses. In response, many have turned to the enterprise risk management (ERM) paradigm to chart a course forward.<\/p>\n\n\n\n

Putting an organization\u2019s strategic priorities at the helm, ERM introduces a robust, proactive and holistic approach to risk management. By developing a top-down, enterprise-wide view of significant risks impacting organizational strategy, the paradigm allows entities to strengthen their risk oversight amidst rapid change.\u00a0<\/p>\n\n\n\n

Accordingly, ERM has gained significant momentum in recent years, with the demand for ERM professionals growing steadily. Still, there are a handful of myths and misconceptions surrounding the framework and causing hesitation amongst various entities.\u00a0<\/p>\n\n\n\n

Myth #1: ERM Proponents Assume Organizations Aren\u2019t Managing Risks<\/h3>\n\n\n\n

One common misconception about ERM is that its proponents believe that any entity not <\/em>utilizing the paradigm isn\u2019t managing their risk \u2013\u00a0or not well, at least.<\/p>\n\n\n\n

However, this is misleading. After all, ERM proponents recognize that managing risk is an unavoidable part of running a business. The urge to embrace ERM, then, doesn\u2019t assume that organizations aren\u2019t doing this \u2013\u00a0or even that traditional risk models offer no benefits. Rather, ERM proponents suggest that compared to traditional models, ERM has fewer limitations.<\/p>\n\n\n\n

Specifically, more traditional risk management models tend to take a \u201csiloed\u201d approach.\u00a0Here, organizations assign various business unit leaders with the task of managing risks related to their particular areas of responsibility. The Chief Operating Officer (COO), for example, is charged with managing risks associated with a company\u2019s production and distribution, whereas a Chief People Officer (CPO) manages risks associated with talent acquisition and retention.<\/p>\n\n\n\n

The goal of this model, of course, is for organizations to have all their bases covered \u2013\u00a0and to give those with the greatest expertise responsibility for risks in their domain.<\/p>\n\n\n\n

Unfortunately, risk management is never this simple. Sometimes, risks on the horizon don\u2019t fit neatly into one particular silo\u00a0and go undetected by leaders until it\u2019s too late. Other times, a risk event emerges that impacts multiple silos at once. This can cause significant problems, especially if only one silo leader \u2013\u00a0who is focused only on the risk\u2019s impact to their particular business unit \u2013\u00a0has it on their radar. Moreover, one silo\u2019s particular risk response may have unintended consequences for other parts of the organization.<\/p>\n\n\n\n

Additionally, organizations using this approach may overlook risks originating outside the organization \u2013 or be unaware of risks related to their strategic goals.<\/p>\n\n\n\n

By contrast, ERM\u2019s enterprise-wide approach leads organizations to strengthen their overall risk oversight and leverage risk insights to add strategic value.<\/p>\n\n\n\n

Myth #2: ERM Only Takes Some Risks into Consideration<\/h3>\n\n\n\n

In the ERM process, organizations begin by outlining their strategic initiatives and core business drivers. Using the entity\u2019s strategic plan as a starting point, ERM seeks to identify, monitor and manage emerging risks that may impact the entity\u2019s future success \u2013 whether positively or negatively. <\/p>\n\n\n\n

According to some, this must mean that ERM strictly emphasizes strategic risks,\u00a0with no concern for other types of risks \u2013 like operational, compliance and reporting risks.<\/p>\n\n\n\n

In reality, however, ERM considers risks of every kind. The difference between traditional risk management models and the ERM paradigm, then, is not which kinds of risks<\/em> are managed, but which lens <\/em>is used to manage them.<\/p>\n\n\n\n

Applying a distinctly strategic lens to the risk management process, ERM takes into consideration all types of risks that may derail or further an enterprise\u2019s strategic success. After taking these various risks into consideration, management then determines which are most important at the current time. For many organizations, this means generating a list of its top 10 risks.\u00a0
With ERM\u2019s enterprise-wide mindset, then, organizations are more likely \u2013\u00a0not less \u2013 to consider a wide variety of potential risks.<\/p>\n\n\n\n

Once it understands its top risks, the entity then evaluates how to manage them with the strategic objectives still in view. This includes considering how to reduce risk exposure and how to minimize the impact, should a particular risk event occur. And to further its strategic initiatives, an organization may even be willing to embrace a certain degree of risk.<\/p>\n\n\n\n

Myth #3: ERM Is a Cure-All for Every Risk Event<\/h3>\n\n\n\n

Another misconception is that because ERM aims to identify all types of risks, it shields organizations against every negative risk event. In the real world, however, no risk management paradigm can offer this \u2013 no matter how robust, proactive or comprehensive it is.<\/p>\n\n\n\n

For this reason, ERM proponents do not claim that the framework can predict every threat or prevent every unfavorable outcome. Rather, they suggest that given the many shortcomings of traditional risk management, ERM puts organizations in a better position to respond and pursue long-term resilience.<\/p>\n\n\n\n

The coronavirus pandemic is perhaps the best evidence for this. Even organizations embracing ERM were vulnerable to the pandemic\u2019s social and economic fallout. Using ERM, however, these same organizations were able to rebound quickly, manage the pandemic\u2019s impact to the business and think proactively about the future.<\/p>\n\n\n\n

And with its emphasis on strategy, ERM not only allows organizations to do damage control once risks have come to fruition \u2013\u00a0it also equips them to identify new opportunities and risks worth taking to gain a strategic advantage.<\/p>\n\n\n\n

What this means is that ERM is not a silver bullet,\u00a0cutting through the chaos and complexity of today\u2019s business environment with a simple, foolproof solution. Instead, it\u2019s like a secret sauce driving the company\u2019s overall, long-term success.\u00a0<\/p>\n\n\n\n

Reality Check<\/h3>\n\n\n\n

By understanding what ERM is \u2013 and isn\u2019t \u2013 organizations are better prepared to mature their risk management capabilities and strengthen core operations in an ever-changing world.<\/p>\n\n\n\n

To learn more about how NC State\u2019s Master of Management, Risk and Analytics concentration equips graduates in risk management and data analytics practices, click here<\/a>.<\/p>\n

This post was originally published<\/a> in Master of Management Risk & Analytics.<\/em><\/p>","protected":false,"raw":"\n

By Samantha Beavers<\/em><\/p>\n\n\n\n

In view of escalating geopolitical tensions, rapidly changing ecosystems and increasing ransomware attacks, organizations of every kind are dashing to build resilience and minimize potential losses. In response, many have turned to the enterprise risk management (ERM) paradigm to chart a course forward.<\/p>\n\n\n\n

Putting an organization\u2019s strategic priorities at the helm, ERM introduces a robust, proactive and holistic approach to risk management. By developing a top-down, enterprise-wide view of significant risks impacting organizational strategy, the paradigm allows entities to strengthen their risk oversight amidst rapid change.\u00a0<\/p>\n\n\n\n

Accordingly, ERM has gained significant momentum in recent years, with the demand for ERM professionals growing steadily. Still, there are a handful of myths and misconceptions surrounding the framework and causing hesitation amongst various entities.\u00a0<\/p>\n\n\n\n

Myth #1: ERM Proponents Assume Organizations Aren\u2019t Managing Risks<\/h3>\n\n\n\n

One common misconception about ERM is that its proponents believe that any entity not <\/em>utilizing the paradigm isn\u2019t managing their risk \u2013\u00a0or not well, at least.<\/p>\n\n\n\n

However, this is misleading. After all, ERM proponents recognize that managing risk is an unavoidable part of running a business. The urge to embrace ERM, then, doesn\u2019t assume that organizations aren\u2019t doing this \u2013\u00a0or even that traditional risk models offer no benefits. Rather, ERM proponents suggest that compared to traditional models, ERM has fewer limitations.<\/p>\n\n\n\n

Specifically, more traditional risk management models tend to take a \u201csiloed\u201d approach.\u00a0Here, organizations assign various business unit leaders with the task of managing risks related to their particular areas of responsibility. The Chief Operating Officer (COO), for example, is charged with managing risks associated with a company\u2019s production and distribution, whereas a Chief People Officer (CPO) manages risks associated with talent acquisition and retention.<\/p>\n\n\n\n

The goal of this model, of course, is for organizations to have all their bases covered \u2013\u00a0and to give those with the greatest expertise responsibility for risks in their domain.<\/p>\n\n\n\n

Unfortunately, risk management is never this simple. Sometimes, risks on the horizon don\u2019t fit neatly into one particular silo\u00a0and go undetected by leaders until it\u2019s too late. Other times, a risk event emerges that impacts multiple silos at once. This can cause significant problems, especially if only one silo leader \u2013\u00a0who is focused only on the risk\u2019s impact to their particular business unit \u2013\u00a0has it on their radar. Moreover, one silo\u2019s particular risk response may have unintended consequences for other parts of the organization.<\/p>\n\n\n\n

Additionally, organizations using this approach may overlook risks originating outside the organization \u2013 or be unaware of risks related to their strategic goals.<\/p>\n\n\n\n

By contrast, ERM\u2019s enterprise-wide approach leads organizations to strengthen their overall risk oversight and leverage risk insights to add strategic value.<\/p>\n\n\n\n

Myth #2: ERM Only Takes Some Risks into Consideration<\/h3>\n\n\n\n

In the ERM process, organizations begin by outlining their strategic initiatives and core business drivers. Using the entity\u2019s strategic plan as a starting point, ERM seeks to identify, monitor and manage emerging risks that may impact the entity\u2019s future success \u2013 whether positively or negatively. <\/p>\n\n\n\n

According to some, this must mean that ERM strictly emphasizes strategic risks,\u00a0with no concern for other types of risks \u2013 like operational, compliance and reporting risks.<\/p>\n\n\n\n

In reality, however, ERM considers risks of every kind. The difference between traditional risk management models and the ERM paradigm, then, is not which kinds of risks<\/em> are managed, but which lens <\/em>is used to manage them.<\/p>\n\n\n\n

Applying a distinctly strategic lens to the risk management process, ERM takes into consideration all types of risks that may derail or further an enterprise\u2019s strategic success. After taking these various risks into consideration, management then determines which are most important at the current time. For many organizations, this means generating a list of its top 10 risks.\u00a0
With ERM\u2019s enterprise-wide mindset, then, organizations are more likely \u2013\u00a0not less \u2013 to consider a wide variety of potential risks.<\/p>\n\n\n\n

Once it understands its top risks, the entity then evaluates how to manage them with the strategic objectives still in view. This includes considering how to reduce risk exposure and how to minimize the impact, should a particular risk event occur. And to further its strategic initiatives, an organization may even be willing to embrace a certain degree of risk.<\/p>\n\n\n\n

Myth #3: ERM Is a Cure-All for Every Risk Event<\/h3>\n\n\n\n

Another misconception is that because ERM aims to identify all types of risks, it shields organizations against every negative risk event. In the real world, however, no risk management paradigm can offer this \u2013 no matter how robust, proactive or comprehensive it is.<\/p>\n\n\n\n

For this reason, ERM proponents do not claim that the framework can predict every threat or prevent every unfavorable outcome. Rather, they suggest that given the many shortcomings of traditional risk management, ERM puts organizations in a better position to respond and pursue long-term resilience.<\/p>\n\n\n\n

The coronavirus pandemic is perhaps the best evidence for this. Even organizations embracing ERM were vulnerable to the pandemic\u2019s social and economic fallout. Using ERM, however, these same organizations were able to rebound quickly, manage the pandemic\u2019s impact to the business and think proactively about the future.<\/p>\n\n\n\n

And with its emphasis on strategy, ERM not only allows organizations to do damage control once risks have come to fruition \u2013\u00a0it also equips them to identify new opportunities and risks worth taking to gain a strategic advantage.<\/p>\n\n\n\n

What this means is that ERM is not a silver bullet,\u00a0cutting through the chaos and complexity of today\u2019s business environment with a simple, foolproof solution. Instead, it\u2019s like a secret sauce driving the company\u2019s overall, long-term success.\u00a0<\/p>\n\n\n\n

Reality Check<\/h3>\n\n\n\n

By understanding what ERM is \u2013 and isn\u2019t \u2013 organizations are better prepared to mature their risk management capabilities and strengthen core operations in an ever-changing world.<\/p>\n\n\n\n

To learn more about how NC State\u2019s Master of Management, Risk and Analytics concentration equips graduates in risk management and data analytics practices, click here<\/a>.<\/p>\n"},"excerpt":{"rendered":"

Enterprise Risk Management (ERM) has gained significant momentum in recent years, and demand for ERM professionals is on the rise. Still, there are a handful of myths and misconceptions causing hesitation.\u00a0<\/p>\n","protected":false},"author":732,"featured_media":17606,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"source":"ncstate_wire","ncst_custom_author":"","ncst_show_custom_author":false,"ncst_dynamicHeaderBlockName":"","ncst_dynamicHeaderData":"","ncst_content_audit_freq":"","ncst_content_audit_date":"","ncst_content_audit_display":false,"ncst_backToTopFlag":"","footnotes":""},"categories":[1],"tags":[166],"_ncst_magazine_issue":[],"series":[],"class_list":["post-17605","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-_from-newswire-collection-259"],"displayCategory":null,"acf":{"ncst_posts_meta_modified_date":null},"_links":{"self":[{"href":"https:\/\/poole.ncsu.edu\/thought-leadership\/wp-json\/wp\/v2\/posts\/17605","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/poole.ncsu.edu\/thought-leadership\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/poole.ncsu.edu\/thought-leadership\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/poole.ncsu.edu\/thought-leadership\/wp-json\/wp\/v2\/users\/732"}],"replies":[{"embeddable":true,"href":"https:\/\/poole.ncsu.edu\/thought-leadership\/wp-json\/wp\/v2\/comments?post=17605"}],"version-history":[{"count":5,"href":"https:\/\/poole.ncsu.edu\/thought-leadership\/wp-json\/wp\/v2\/posts\/17605\/revisions"}],"predecessor-version":[{"id":33491,"href":"https:\/\/poole.ncsu.edu\/thought-leadership\/wp-json\/wp\/v2\/posts\/17605\/revisions\/33491"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/poole.ncsu.edu\/thought-leadership\/wp-json\/wp\/v2\/media\/17606"}],"wp:attachment":[{"href":"https:\/\/poole.ncsu.edu\/thought-leadership\/wp-json\/wp\/v2\/media?parent=17605"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/poole.ncsu.edu\/thought-leadership\/wp-json\/wp\/v2\/categories?post=17605"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/poole.ncsu.edu\/thought-leadership\/wp-json\/wp\/v2\/tags?post=17605"},{"taxonomy":"_ncst_magazine_issue","embeddable":true,"href":"https:\/\/poole.ncsu.edu\/thought-leadership\/wp-json\/wp\/v2\/_ncst_magazine_issue?post=17605"},{"taxonomy":"series","embeddable":true,"href":"https:\/\/poole.ncsu.edu\/thought-leadership\/wp-json\/wp\/v2\/series?post=17605"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}