The Future-Proof Company: Embedding ERM for Long-Term Success

Enterprise Risk Management (ERM) is no longer a nice-to-have tool; it’s a critical action plan to address today’s rapidly evolving risks for businesses that operate in complex and diverse environments. Unfortunately, many businesses address risk in siloed functional areas, which can leave them disconnected and unprepared to effectively manage their risk.

Providing a 360-degree view of a company’s risk landscape, ERM ensures the achievement of the organization’s objectives by addressing the full spectrum of its risks. It supports the management of combined risk impact as an interrelated risk portfolio. This ensures that functional areas, from the C-suite to the front line, are aligned on managing risk.

HUB International’s Ray Monteith, SVP of Organizational Resilience, and Chrystie Howard, VP and ERM Leader/Complex Risk, discuss how ERM can transform the way companies prepare for and respond to disruptions, particularly in the face of natural catastrophes and other crises.

Q: Why is embedding ERM into a company’s culture so critical?

Ray Monteith: Making ERM a part of the company culture starts at the top. If the C-suite isn’t involved, then risk management is often ignored or deprioritized. When leadership actively embraces ERM, it becomes part of the organization’s DNA. It signals to everyone that risk management isn’t just one department's job, it’s a core business function. Making risk management a company priority equips the entire organization to recognize and respond when risks arise.

Chrystie Howard: And, in addition to leadership setting the tone, it’s also essential to create a risk culture statement that resonates at every level of the company. When employees recognize that leadership is committed to ERM, it’s much easier to align teams on risk mitigation strategies, making the whole organization more resilient.

?

Q: What are the benefits to implementing ERM?

RM: ERM allows companies to understand the big picture. It provides a comprehensive view that connects all areas of the business — people, infrastructure, IT and supply chains. Instead of managing risk in isolated pockets, ERM integrates everything into one cohesive strategy. Every department knows not only their role, but the roles of everyone else and how they fit together.

?

Q: What does a response to a weather event or disaster using an ERM approach look like?

RM: The key with ERM is planning for the consequences of any disruptive event, not just the event itself. With ERM, companies can plan ahead for potential impacts to their supply chain or facilities. They have contingency plans for how to protect their people, facilities and operations.

One of the major benefits of working with a broker like HUB is having pre-established relationships. We’re able to leverage our relationships across carriers, recovery services and other partners to help expedite client requests — minimizing downtime and keeping your business operational, even during a disaster.

CH: It’s truly not just about reacting. ERM helps companies anticipate what’s on the horizon and put systems in place before disaster strikes. When you’ve already mapped out your vulnerabilities and developed a business continuity plan, you’re not panicking when something goes wrong —you’re executing a plan you’ve prepared for.

?

Q: What are common gaps companies face when it comes to risk management and business continuity planning?

CH: One of the biggest gaps I see is companies thinking they’re more prepared than they actually are. Our data shows that while 47% of companies transfer risk through insurance, only 12% have a solid business continuity plan in place. That’s a serious disconnect. If you don’t have a plan for how to maintain operations when something goes wrong, you’re going to face prolonged — and costly —downtime. The good news is that ERM assessments can reveal these gaps before they become a problem. By running tabletop exercises, companies can identify weaknesses in their response plans and make adjustments to ensure they’re prepared.

RM: One of the most powerful tools we use to help our clients achieve this unity is the risk register, which helps companies identify and prioritize their most significant exposures. This approach allows for proactive risk management and business continuity planning, so organizations are ready to act rather than react.

?

Q: How can companies make ERM less daunting and more actionable for their teams?

RM: ERM may feel overwhelming at first, but facing an emergency without a plan is even more overwhelming – and there are steps you can take to remove the stress of creating your plan. Start by creating a risk culture statement that translates the company’s risk appetite into simple, relatable language that employees can engage with. Tailor the message to different departments and make it actionable through activities or quick exercises that can be incorporated into regular team meetings. This keeps risk management top of mind, so it feels normal instead of overwhelming.

CH: It’s also important to remember that risk management is only as stiff and formal as your company culture makes it. I once worked with a company that did a fun ship simulation exercise to demonstrate the importance of collaboration in managing risks. Activities like that get people involved, make the process more engaging and help employees see how their role contributes to the overall risk strategy.

?

Q: How often should companies revisit their ERM strategies?

CH: Any time there’s a major change — new leadership, expansion or even a shift in market focus —you should revisit your ERM strategy. These changes often introduce new risks that should be addressed before they catch you off guard.

In the absence of major changes, make a point to do a thorough review of your risk profile annually.

And keep ERM part of your regular discussions. A quick check-in at monthly meetings can go a long way in keeping your risk management strategy agile and your strategies top of mind.

RM: The business environment is constantly changing, and your ERM framework needs to evolve with it. By keeping a constant pulse on your risk landscape, you can stay ahead of potential challenges and position your company for long-term success.

When embedded into a company’s culture, ERM ensures that risks are managed before they escalate, protecting businesses from disruptions and positioning them for future success.

?

Unsure where to start or curious about the viability of your risk strategies? HUB can help you integrate ERM into your organization and build a comprehensive strategy that makes risk management second nature. Leave us a comment to get started.

?

Ray & Chrystie will be speaking at the RIMS ERM Conference, November 18-19 in Boston on these topics. Don’t miss their speaking sessions if you’re attending:

Monday, November 18, 2:30-2:50 PM Train in Vain: Get Your ERM Program Back on Track by Connecting with Your Culture Chrystie Howard

Tuesday, November 19, 11:30-11:55 AM ERM’d and Dangerous: Leverage ERM Strategies to Weather Disruptive Events Chrystie Howard & Ray Monteith

?

?